Affirm recognizes that security is essential to the company’s ongoing success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The Security Operations (Sec Ops) program is the foundation of both preventive and responsive security practices to protect Affirm’s assets from an adverse security event. 

As a member of the Security Team at Affirm, you will be joining a team of fun, passionate and highly skilled individuals who like solving security challenges and enjoy learning new skills. We partner together with a team first mindset and are keen on redefining security in the fintech space. 

We're seeking a Staff Sec Ops Engineer to lead the Incident Response pillar, driving remediation and response efforts company-wide. In this role, you will act as incident Commander during security incidents, leading the team to resolution in high-pressure situations including making decisions in ambiguous situations. You'll also contribute to maturing other programs within the Sec Ops team, such as logging & detection, in our engineering-driven cloud infrastructure environment.

This is an extremely cross-functional and collaborative role that will span multiple functions across the company. You will get to partner with internal Security teams (such as Platform Security, Corporate Security) as well as other external teams (such as Infrastructure, Observability, Privacy/Compliance) to create and improve security operations capabilities. You'll work with these teams to tackle complex security problems and design solutions that align with our broader organizational goals. Your impact will not only be within the company but also in improving the trust and security of millions of customers. 

What You'll Do

• Lead security incident response efforts driving detection & response across the organization through all phases of an incident from identification to post-incident retrospective. 
• Serve as incident commander in large scale security incidents driving action oriented containment & remediation results. 
• Be the senior escalation point for the team when needed assisting with investigations and incidents (this is a very hands on role). 
• Balance both tactical & strategic thinking in high pressure situations using facts & clear communications to lead the response team to next steps. 
• Provide briefings, status updates, and advice to a variety of audiences, including technical and executive leadership teams during incidents. 
• Lead developing and maturing security incident response playbooks and processes.
• Contribute to engineering projects which build, maintain and improve our current monitoring, detection & response programs.
• Contribute to our detection program by creating advanced detections based on frameworks such as MITRE ATT&CK.
• Collaborate with cross functional teams across Affirm and lead key security projects.
• Lead incident response training, road shows, and learning sessions across both engineering and non-engineering teams.
• We highly encourage and support external engagement, publications, presentations with the security community as well. 

What We Look For

• A seasoned Detection and Response Engineer with experience leading investigations and incidents including containment actions and forensics when needed in an engineering focused cloud heavy environment (AWS, EKS experience strongly preferred). 
• 7+ years of experience with Detection and Response engineering with a significant focus on leading incidents and crises. 
• Ability to handle high pressure, complex situations in a calm and thoughtful manner, and when needed be the voice of reason and calm across the incident group. 
• Strong ability to analyze, parse and correlate information against data from multiple sources and when needed engineer solutions to do the same. 
• Strong communication skills with the ability to switch communication styles when needed between technical and non-technical audiences.  
• Demonstrated experience in common Sec Ops tooling including but not limited to: Elastic, Splunk, Hive, Crowdstrike Falcon or similar. 
• Experience in creating automations to improve IR program workflows and capabilities (Python preferred)
• Experience with developing & supporting native data ingestion and data normalization integrations. 
• Ability to lead large projects and work with cross functional stakeholders throughout the organization. 
• Ability to partner with Legal & Compliance teams for relevant incident reporting requirements across regulatory bodies. 
• Experience in building actionable threat intelligence & hunting programs is always a bonus!
• This position requires either equivalent practical experience or a Bachelor’s degree in a related field

Pay Grade - P
Equity Grade - 13

Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills.

Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)

USA base pay range (CA, WA, NY, NJ, CT) per year: $225,000 - $275,000
USA base pay range (all other U.S. states) per year: $200,000 - $250,000

#LI-Remote