Senior Security Engineer at Tally Technologies
Vancouver City, British Columbia, CA

Tally makes people less stressed and better off financially.  Currently at Series C with $92MM in funding, we are a team that is democratizing financial services to put billions of dollars back in people’s pockets. Tally built the first fully automated debt manager to help people overcome credit card debt and provide a completely free automated savings service, Tally Save. Tally’s vision is to automate people’s entire financial lives so they can worry about money less and do what they love more.

Are you driven to make a real-world impact while leveraging public cloud infrastructure, Kubernetes, and microservices? Are you excited to champion the importance of core infrastructure security, availability, and reliability to achieve operational excellence? If you answered yes to these questions, we would love to talk to you. We are looking for a Senior Application Security Engineer to join our Engineering Operations team to help us accelerate our Tally engineers’ ability to automate people’s entire financial lives.

At Tally, the Engineering Operations team oversees the core cloud and corporate infrastructure; building developer productivity tools to ship products faster, securely, at the quality. Our team empowers Tally engineers to become more effective and productive through automation, tooling, and IT systems. Come collaborate with us to make our teams even more effective at helping people achieve their financial goals. 

Core Technologies: Kubernetes, ELK, Prometheus, Datadog, Postgres RDS, Redis, Puppet, Terraform, Scala, SBT, CI/CD (Jenkins, Bamboo, Gitlab) and various AWS services such as EC2, RDS, EMR, ECS, Redshift, etc.

What you'll do:

  • Design and implement software security toolchain to secure our applications in AWS and Corporate IT environments
  • Conduct in-depth security reviews of applications, back-end services, and business integrations
  • Automate security controls to reduce Tally’s attack surface, proactively seek out vulnerabilities and reduce response and recovery times 
  • Develop comprehensive logging, asset inventory, and data classification procedures. 
  • Collaborate with product, design, data, and engineering teams to define needs that leverage the next generation of industry-leading technologies
  • Collaborate with internal and external stakeholders to drive central security incident response management processes for Tally’s incidents
  • Be a champion for security and user privacy

What you'll bring:

  • Experience in securing infrastructure and applications in any public cloud-based providers such as Amazon Web Services, Microsoft Azure, or Google Cloud Platform
  • Working knowledge of network-based and system-level attacks and mitigation methods
  • Experience with enterprise/open-source monitoring and logging systems (Prometheus, NewRelic/Datadog, Grafana, Splunk, Pagerduty, ELK, etc) to diagnose and remediate applications and infrastructure vulnerabilities
  • Experience implementing security controls for information security compliance programs including SOC-II, CCPA, and PCI
  • Experience with Service Oriented Architectures (SOA), Docker Containers and scheduling frameworks (e.g Kubernetes, Amazon ECS)
  • Experience with implementing vulnerability scans for CI/CD pipelines built using tools suite (Jenkins, Bamboo, Gitlab, Spinnaker, Harness, CircleCI,..)
  • Experience with securing distributed streaming, messages systems and datastores (Kafka, EMR, Postgres, DynamoDB) 

A message from our leadership:  

"One of our core values at Tally is 'Change shoes often.' We do this with our peers and our customers every day, and we want candidates to share in our commitment to empathy.  Empathy really is the foundation of inclusion, and Tally prides itself in being a company that prioritizes inclusion and diversity. We’re dedicated to creating a workplace culture where people are included and treated equitably."
Jason Brown, Co-founder and CEO