Humbly Confident Security Engineer

YNAB

Job details

  • Location: Anywhere in the World
  • Posted: 18h ago

Job Description

Headquarters: Worldwide! We're fully remote.
URL: https://www.ynab.com/

About Us and Why We’re Hiring

We’re YNAB (“why-nab”), a financial education company with a mission: to help people get good with money so they never have to worry about money again. For over 20 years, YNAB’s proven method has been changing lives—and people can’t stop telling their friends about the difference it’s made. Think: debt paid off, marriages strengthened, goals achieved, stress erased, and sleep finally restored. But don’t just take our word for it—dive into our vibrant communities on Facebook, TikTok, and Reddit (really!) or skim through our glowing app reviews. You’ll quickly see why people rave about YNAB and why we’re so passionate about creating something that truly changes lives for the better.

Before we can help people get good with money, they need to trust YNAB with private details of their lives. And to those who work here, YNAB embodies years of relentless effort to craft something uniquely wonderful. Honoring that trust and protecting the company we’re proud of is why this position exists. Our security team is dedicated full-time to safeguarding YNAB, and they have a single primary outcome to achieve: 

Keep YNAB Secure.

If the thought of anchoring our commitment to protecting YNAB and its customers resonates deeply, you’re our target audience—please read on.

What We’re Looking For:

Hard Requirements

To be considered for this role, you must:

  • Have at least two years of hands-on experience in security engineering, software engineering, DevOps, IT security, or a closely related technical field.

  • Have practical experience with application security (for example: performing code reviews, threat modeling, working with developers on secure design, or using SAST/DAST tools).

  • Have experience building, maintaining, or monitoring security logs—preferably with DataDog, but similar systems (Splunk, ELK, CloudWatch, etc.) are fine.

  • Live in the United States, in either the Central (UTC-6) or Eastern (UTC-5) timezone, and be authorized to work here without sponsorship.

Preferred Qualifications

These aren’t required, but are likely to set you up for success:

  • Some level of formal technical education and/or a security-related certification (such as CISSP, CEH, Security+, CC, CCSP, Pentest+, or similar). 

  • Proficiency in at least one modern programming or scripting language (e.g., Python, Go, Java, JavaScript).

  • Familiarity with security frameworks such as SOC 2, ISO 27001, NIST, or CIS Controls.

  • Experience working at a technology and/or SaaS company.

  • Exposure to regulated industries (e.g., finance, healthcare).

  • Comfort working cross-functionally with engineering, support, or compliance teams.

Note: If you believe you’re a fit for this role, but don’t meet our preferred qualifications, we still encourage you to apply. While our hard requirements are non-negotiable, we’re otherwise open-minded, and don’t need you to be the perfect candidate on paper. 

Life at YNAB

That’s a quick snapshot of what we’re looking for. Before we go further, let’s make sure you’re excited about working with us. We’ll share more about YNAB, then dive into the role details and application process (be sure to read all the way to the end!).

YNAB started in 2004 and we haven’t taken any outside funding—we’re established, profitable, and in this for the long haul. We have one overarching requirement when it comes to joining our team: our original Core Value Manifesto has to really click with you. If you’re nodding emphatically while reading it, you’ll probably like it here!

We live our Core Values every day at YNAB, and we mean it when we say we are an equal opportunity employer. We believe a diversity of backgrounds, abilities, and experiences is critical to our success, and we are passionate about creating a welcoming and supportive environment for every employee. All are encouraged to apply as we continue growing a smart, hard-working, and diverse team that loves building something that matters.

We also work really hard, together, to make working at YNAB an amazing experience. We’re (humbly) proud to have received many of Fortune’s “Great Place to Work” awards over the years, including #1 two years in a row! We have a team of truly exceptional people—the kind you’ll be delighted to work with. Let’s introduce you to a few of them!

Who You’ll Work With

You'll work most closely with Kendal (our Security Lead), and Chris (our Systems Administrator), while collaborating with the wider Engineering department (which includes teams of QA analysts, full stack, iOS, and Android engineers). 

Kendal develops and implements our security roadmap, from technical security to governance, risk and compliance. She lived in London for six years before moving back home to South Africa in 2024. When she isn’t securing stuff, she’s spending time in Cape Town’s mountains and oceans. 

Chris is our systems administrator, which is a fancy title for a technology generalist. Day in and day out, Chris is helping to make sure everyone at YNAB has the tools to do their job, access to the systems needed to do their job, and a little bit of “we’re not sure who should be doing this”. Outside of YNAB, Chris is a middle grade author writing books for kids who’d rather not be reading.

Regardless of their varied jobs, everyone in Engineering has one thing in common: They are a joy to work with. You won’t find heated arguments and raised voices here. We save our competitive spirit for YNAB’s external competitors (or the occasional online game session), but internally we build up our teammates and celebrate their successes. We all love to solve problems in creative ways, and we regularly take time to geek out and show each other something cool we built or found to make our lives easier.

Though you’ll be embedded in Engineering, you’ll probably cross paths with many people at YNAB at some point. We can’t list them all, but we can say that we are all excited to get to know you!

How You’ll Work at YNAB

Now that you’ve learned about some of your future teammates, let’s talk more about YNAB and what it’s like to work here.

Building a Good Company

At YNAB, we think one of the best things we can offer is the chance to do meaningful work alongside people you respect, admire, and genuinely enjoy. And we mean that—from the beginning, we’ve been intentional about creating the company we want to work for. 

Along the way, we’ve learned that great teams aren’t built on perks or fancy titles—they’re built by bringing together high performers who thrive on tough challenges and share a commitment to doing exceptional work. We value discipline and ownership over unnecessary layers of process, and look for people who wake up excited to get important things done. 

That’s the team we’re building at YNAB: one that cares deeply, works pragmatically, and always finds time to laugh (mostly at ourselves).

Live (Almost) Anywhere You Want

We’ve always been a fully remote team, and have people all over the world. For this particular position, however, we're looking for someone based in the United States, in either the Central (UTC-6) or Eastern (UTC-5) timezone. Anywhere within those time zones is okay, though. Just make sure you have a reliable internet connection. (Like, a really good one. Please.)

Work Four Days a Week

We’ve adopted a four-day work week and rarely work more than that. There are occasions and seasons where things get busy and people put some extra time in—but then we encourage them to take some extra time off, too. We’re a product-led organization that takes our work-life balance seriously, so we all prioritize working hard and smart, but at a measured pace. We care deeply about what we do, but we also love our families and about 2,000 other things. We have perspective and, ultimately, we think it makes us—and our work—even better.

Flex Your Work Schedule

As a remote team, a lot of our work is done asynchronously. Outside of your meetings and on-call times, we trust you to set your schedule by balancing your team’s needs with your own needs. You don’t need to ask for permission to take off early for an afternoon appointment, or be “active” on Slack if you’re working deeply on a project. We look at what you accomplish, not how long you're in front of a computer.

Take Vacation (Seriously)

We want you to take vacation. In fact, we have a minimum vacation policy of three weeks per year. Five weeks feels about right (plus two extra weeks for our company-wide December Break). It’s important to get plenty of downtime and to get out and do something. We’ll look forward to seeing pictures of your adventures in our #office-wall Slack channel!

Meet the Team IRL

We love remote work around here, but we also love getting together in person. You’ll generally have the opportunity to meet with your YNAB teammates at least once a year, at a small-team work-focused meetup or at our biennial company retreat. At the YNAB retreat, we love to catch up on spreadsheets and powerpoints in a Best Western conference room. Just kidding. To give you an idea, we’ve been to Costa Rica, a gigantic cabin in the mountains, a ranch in Montana, Palm Springs, and most recently, Cape Cod. We work together, play together, and strengthen the bonds we’ve made as a team and company. At the end of each retreat, we feel energized, inspired, and excited to tackle the work ahead.

Up Your Game

We’re serious about helping you improve your craft, and will provide you with a professional development stipend each year. Think conferences, online courses, coaching, and dedicated time away from work to learn something new. We love to see our people grow!

Other Benefits

Our team is spread all over the world—mostly in the United States, but also in the UK, Canada, Germany, Brazil, Mexico, and several other countries. Everyone is eligible for our generous paid family leave, vacation, holidays, and sick time. 

Since you’re based in the United States, you’ll also be eligible for our health, dental, and vision insurance, where we cover 100% of the premium for you and your family. No need to check your vision, you read that right—100%. (Although if you did need to check your vision, NBD, we’ve got you covered!) 

We also have a Traditional and Roth 401(k) option, where YNAB matches your contributions up to six percent with immediate vesting. (Are you a personal finance junkie like our founder Jesse? He set up YNAB’s 401k to have the lowest fee structure possible, where all plan costs are paid by YNAB, not your retirement nest egg. The investment funds available are fantastic, passively-managed, ultra low-cost index funds. Not a PF junkie? Trust us, it’s awesome.) 

Competitive Compensation

At YNAB, we are dedicated to providing equitable, market-driven, and data-informed compensation, along with a competitive benefits package. The starting salary for this role will range from $120,000 - $140,000 USD annually. (This covers a wide range of possible experience; think of it like a bell curve. Most candidates fall somewhere around the midpoint.) You'll also be eligible for an annual raise and profit-sharing twice a year. When YNAB succeeds, so do you—that’s the idea.

A Few Final Tidbits

  • Once you start, we DEMAND (in a friendly, ALL CAPS IS YELLING way) that you fill out your “Bucket List” spreadsheet with 50 items. (That’s harder than it sounds!) 

  • We love to celebrate with you when you complete something on your bucket list—AND, we love using your bucket list as inspiration for your birthday present!

  • We want you firing on all cylinders, so we’ll set you up with a shiny new computer and replace it every three years.  

  • Did we mention that YNAB makes a huge, positive difference in people’s lives? You may not think that matters much, but then a few months down the road, you’ll realize it’s made your job really, really enjoyable. Don’t underestimate this!

If this sounds like your ideal environment, read on because now we want to talk about you, and how you’ll play a big part in changing people’s lives.

Now back to you, our new Security Engineer…

In this hands-on, highly technical role, you’ll join forces with Kendal to make YNAB Even More Secure™. (Okay, it’s not a trademark, but we felt like it deserved capitalization because we are just that grateful for you two.)

While Kendal is focused on higher-level compliance and risk management, you’ll be focused on technical security implementation and security architecture support. In true team fashion, you’ll both share responsibility for incident response and monitoring (this is where your timezone comes in handy; you’ll be available when Kendal is not, and vice versa).

To say a bit more about each of those:

Technical Security Implementation

You’ll be hands-on with implementing security controls and processes. On a day-to-day basis, you’ll:

  • Configure and maintain security tooling across the organization, including monitoring systems, vulnerability management platforms, and automated security processes.

  • Implement and optimize access controls, authentication systems, and data protection measures.

  • Write automation scripts, analyze security logs, and help maintain our security infrastructure.

  • Help maintain security standards, guidelines, and best practices.

Security Architecture Support

You’ll work with our Engineering team to design and implement secure systems and help ensure security is built into our products from the ground up. To do so, you’ll:

  • Collaborate with engineers to integrate security into the development lifecycle through activities like secure code reviews, threat modeling, and design consultations.

  • Conduct security testing of new features and systems, including vulnerability assessments and security reviews.

  • Perform security assessments to proactively identify potential issues, in line with security by design principles.

Incident Response and Monitoring

You’ll help monitor our security landscape, investigate potential threats, assist with incident response, and contribute to our continuous improvement of security practices. Alongside Kendal, you’ll:

  • Monitor security events, analyze threats, and respond to security incidents with appropriate containment and remediation actions.

  • Support bug bounty program activities and coordinate responses to external security reports.

  • Research emerging threats and maintain awareness of security trends relevant to our technology stack.

You’re the person we’re looking for if:

  • You’re passionate about building secure systems and protecting our users.

  • You’re excited to dig into the technical details. You thrive on solving complex technical problems and aren’t afraid to learn new technologies.

  • You balance thoroughness with pragmatism—you know when to dig deeper and when to move forward with the information you have. 

  • You communicate well with both technical and non-technical teammates, and enjoy collaborating across different teams. You pride yourself on being approachable and easy to work with.

  • You enjoy thinking outside of the box when it comes to security and compliance. Rather than blocking progress, you consider all choices before making a decision, adapt when you receive new information, and know the right solution is the one that works best for YNAB.

  • You’re eager to dive deep into meaningful security challenges, while growing your expertise.

In summary: If you’re technically skilled, security-focused, and excited to help keep YNAB safe… we hope you’ll apply!

How to Apply

Submit your application here (including what’s listed below) by Sunday, January 25th at 11:59pm PT. Firm. It’s a real deadline.

What to include in your application:

  • A resume. If you don’t have an updated formal resume, that’s fine! An informal overview of your work history and education is all we’re looking for.

  • A cover letter and answers to a few specific questions. This isn’t your typical cover letter—skip the fluff and formalities, and just help us get to know you. 

    • On page 1: We’d love for you to tell us a bit about yourself, what drew you to work in security, why you’re interested in this role at YNAB, and why you think you’d be a great fit. 

    • On page 2 onward: Please answer these questions three:

      • 1. Tell us about a time when you were convinced you were right about something at work, but later changed your mind. What swayed you? Please answer in 1-2 paragraphs.

      • 2. How have you honed your craft in security engineering, and how do you see yourself continuing to develop your skills in the future? Feel free to share specific strategies, sources of information or inspiration, and/or your general approach. Please answer in 1-2 paragraphs.

      • 3. Imagine you’re our Security Engineer. You’ve just discovered a potentially critical vulnerability in a third-party dependency used in our codebase. Now it’s your job to validate the vulnerability and raise it to the engineering team responsible for remediation. Please craft a 1-2 paragraph vulnerability report as though you’re writing directly to them. (Feel free to make assumptions about this scenario to guide your response.)

Tips:

  • Please be yourself! ChatGPT can sit this one out.   

  • If you meet our hard requirements and follow the application instructions, we promise a real human will review your materials. 

  • Though we know it’s customary in some areas, please do not share a headshot anywhere in your application materials.

  • You’ll only be able to apply once, so make sure your answers are final before you click submit. (You can start your application and come back to it later.) 

  • Keep an eye out for an email from @pinpoint.email titled Thank you for applying to YNAB! This confirms your application has been received. If you don’t receive it, please apply again. 

  • If we can help with an accessibility need, email us at accommodations@ynab.com and indicate in the subject line that you’re applying for the Security Engineer role. (Please note that we can only respond to messages related to accommodations at this email.)

  • Finally, please click here for an outline of what this hiring process will look like. It’s rigorous, but truthfully, people say it’s fun!

We look forward to hearing from you! 

P.S. If you’re not interested in this position right now, but know someone who might be, we’d appreciate you passing this along!

To apply: https://weworkremotely.com/remote-jobs/ynab-humbly-confident-security-engineer

Skills & Technologies

Security Android Architecture Design DevOps Finance Full stack German Java JavaScript Python Quality assurance SaaS iOS
Apply now
This job listing was sourced from We Work Remotely.

Related jobs

Senior DevOps Engineer for Open Sovereign Cloud

Deutsche Telekom IT Solutions Slovakia

CI AWS Azure

Java / Web Developer with German

EUROPEAN DYNAMICS

Angular Documentation German

UX/UI Designer

Obrio

Design Android Data analysis