Lead Security Engineer (DFIR Focus) at Dave
At Dave, we're on a mission to level the financial playing field. We're building a banking system that works for everyday Americans, not against them. Security is paramount to maintaining our members' trust, and that's where you come in.
We're seeking a talented and passionate Lead Security Engineer to spearhead our Digital Forensics and Incident Response (DFIR) efforts. You'll be the technical leader, owning and evolving our detection and response program as we scale to protect millions of members.
Ready to build a world-class DFIR program? This is your chance to make a significant impact.
Why This Role is Critical
You'll be the driving force behind transforming our DFIR capabilities from a vendor-reliant model to a mature, in-house operation. We already have a solid foundation with tools like CrowdStrike, Upwinds, and Chronicle, along with established logging pipelines. Now, we need your expertise to take it to the next level.
What You'll Do
Lead DFIR Strategy: Define and execute the vision for digital forensics and incident response across our cloud, endpoint, and SaaS environments.
Build Core Workflows: Establish robust forensics workflows, enhance our SIEM, and improve our overall incident response capabilities.
Enhance Detection: Refine detection rules based on CrowdStrike data, optimize Chronicle outputs, and build effective alert handling mechanisms.
Expand Coverage: Collaborate on Upwinds CDR deployments to increase security coverage across our infrastructure and SaaS applications.
Automate and Empower: Develop tools (Python, Terraform) that streamline incident response and empower others to participate, regardless of their DFIR expertise.
Clarify Triage: Define clear triage processes to ensure calm, fast, and confident responses to security incidents.
Your First Year Milestones
Establish a reliable in-house digital forensics capability.
Formalize alert pipelines and triage processes across core tools (CrowdStrike, Chronicle, Upwinds, etc.).
Achieve measurable reductions in MTTD (Mean Time To Detect) and MTTR (Mean Time To Respond), while boosting team confidence in our alerts.
Proactively enhance detection through vulnerability triage, threat modeling, and purple teaming exercises.
Become the go-to expert for DFIR strategy and execution.
What's in it for You
This is an opportunity to lead high-impact security initiatives, including:
Implementing new detection and response tools.
Replacing vendor-driven forensics with robust in-house pipelines.
Defining clear triage procedures for a rapidly growing organization.
Building security systems that protect our members and empower our engineers, without slowing them down.
The Ideal Candidate
We're looking for someone who:
Owns problems and drives them to resolution.
Prioritizes automation to eliminate manual toil.
Leads by teaching and empowering others.
Anticipates challenges and proactively proposes solutions.
Thinks in terms of systems, not just individual scripts.
Required Experience
6+ years of experience in DFIR, detection engineering, or incident response roles.
Strong hands-on experience with cloud-first environments (GCP preferred).
Proficiency with EDR (e.g., CrowdStrike), SIEM (e.g., Chronicle), and CDR tooling (e.g., Upwinds).
Fluency in Python and Terraform for automation and deployment.
Excellent communication skills, especially under pressure, with the ability to facilitate cross-functional collaboration.
A belief that security should be an enabler, not an obstacle.
Bonus Points
Experience building DFIR programs from the ground up.
Relevant certifications like GCIH or GCFA.
Familiarity with SaaS and endpoint hardening techniques.
Experience working in remote-first security teams.
Don't have every single qualification listed? We still encourage you to apply! We're looking for passionate and talented individuals who can help us achieve our mission.
Why You'll Love Working at Dave
We value our people as much as our product. Our culture is built on the principles of being member-centric, helpful, transparent, persistent, and collaborative. We're a virtual-first company, offering flexible hours and a home office stipend. You'll also enjoy premium medical, dental, and vision insurance, generous paid parental leave, a 401(k) with matching contributions, flexible PTO, and regular company events.
Dave Operating LLC is an Equal Employment Opportunity employer committed to diversity and inclusion. We encourage all qualified applicants to apply. #LI-REMOTE