Listing Description

Mercury is building the banking stack for startups*. We’ve had significant growth since our launch about two years ago, and we now deal with more frequent attacks on our customers. Our engineering team is security-minded, but we'd like to start bringing on specialists to dedicate themselves full-time to security.

*Mercury is a financial technology company, not a bank. Banking services provided by Choice Financial Group and Evolve Bank & Trust®; Members FDIC.

At Mercury, you’ll work on projects like these:

• Implement countermeasures against account takeovers


• Setup a bug bounty program


• Work with pentesters


• Investigate attacks on us, and talk to affected customers


• Add WebAuthn to our supported MFA options


• Help with security compliance efforts, like PCI compliance

The engineer we’re looking for has these characteristics:

• Has excellent empathy for customers


• Carefully considers tradeoffs between security and user experience


• Is excellent at standard software engineering. Expect to talk about schema and app design, not just security


• Detests security theater. You recoil at policies like forced password rotation

Requirements:

• Three or more years of experience in software security roles, or something you feel is equivalent


• The ideal candidate has done full-stack development before, and is excited to learn and work with Haskell, React, and TypeScript

Nice to haves:

• Experience in our tech stack


• Experience dealing with fraud