Lead Security Engineer at Dave

Job Description

Who we are

Dave is on a mission to build products that level the financial playing field™. We believe in financial opportunity for everyday Americans—because we all deserve a banking system that works for us, not against us. Our members hustle to make money work for them. They don’t need a hero. They need a system that isn’t designed to hold them down. That’s where we come in.

Why this role matters

Security at Dave protects more than infrastructure—it protects trust. As Lead Security Engineer, you’ll be the technical lead for DFIR (Digital Forensics and Incident Response). You’ll own and evolve our detection and response program as we grow—and work on systems that protect millions of members.

Over the years, we’ve made incremental DFIR improvements. But with our scale and user base today, we need a programmatic approach—grounded in clear triage, smart automation, and tooling that scales. You’ll drive that transformation.

You won’t be starting from zero—we have qualified tools (e.g., CrowdStrike, Upwinds, Chronicle) and logging pipelines in place. But digital forensics is early-stage and currently vendor-reliant. You’ll lead the shift toward in-house capability, maturity, and clarity across the stack.

What you’ll tackle

Lead DFIR at Dave. Own the vision and execution for digital forensics and incident response across cloud, endpoint, and SaaS.
Build what matters. Establish core forensics workflows, evolve our SIEM, and mature our ability to respond—not just react.
Scale detection. Own detection off of CrowdStrike, tune Chronicle outputs, and build noise-resistant alert handling.
Drive coverage. Partner on Upwinds CDR deployments, increasing breadth and depth of coverage across infra and SaaS.
Automate and teach. Write tooling (Python, Terraform) that outlasts incidents—and empower others to respond, even without deep DFIR background.
Triage, clarified. Lead efforts to define what clarity looks like when incidents hit—so response is calm, fast, and confident.

What success looks like

In your first year, you’ll:

Stand up a reliable in-house digital forensics capability
Formalize alert pipelines and triage processes across core tools (CrowdStrike, Chronicle, Upwinds, etc.)
Deliver real reductions in MTTD and MTTR—while increasing team trust in our alerts
Proactively strengthen detection through vulnerability triage, threat modeling, and purple teaming
Be seen as the driver of DFIR strategy and execution—not just the responder

What’s ahead

You’ll lead some of the most critical security projects we’ve ever taken on:

Standing up new detection and response tooling
Replacing vendor forensics with in-house pipelines
Defining what “clarity of triage” means in a high-growth org
Building systems that protect members and enable engineers—not slow them down

What makes a high performer in this role

You own problems, not just tasks—and bring them to resolution
You prioritize automation over manual toil and iterate with purpose
You lead by teaching and enabling, not gatekeeping
You see around corners, proposing improvements before others feel the pain
You think in systems, not just scripts

You’ll thrive here if you have

6+ years in DFIR, detection engineering, or incident response roles
Strong hands-on experience with cloud-first environments (GCP preferred)
Proficiency with EDR (e.g., CrowdStrike), SIEM (e.g., Chronicle), and CDR tooling (e.g., Upwinds)
Python and Terraform fluency for automation and deployment
A clear communicator under pressure—able to drive calm, cross-functional collaboration
A mindset that security should accelerate, not hinder, the business

Bonus points for

Experience building DFIR programs in-house
Certifications like GCIH, GCFA
Familiarity with SaaS and endpoint hardening
Prior work in remote-first security teams

Don’t let imposter syndrome get in your way of an incredible opportunity. We’re looking for people who can help us achieve our mission and vision, not just check off the boxes. If you’re excited about this role, we encourage you to apply. You may just be the right candidate for this or other roles.

Why you’ll love working here:

At Dave, our people are just as important as our product. Our culture is a reflection of our values that guide who we are, how we work, and what we aspire to be. Daves are member centric, helpful, transparent, persistent, and better together. We strive to create an environment where all Daves feel valued, heard, and empowered to do their best work. As a virtual first company, team members can live and work anywhere in the United States, with the exception of Hawaii.

A few of our benefits & perks:

💚 Opportunity to tackle tough challenges, learn and grow from fellow top talent, and help millions of people reach their personal financial goals

💻 Flexible hours and virtual first work culture with a home office stipend

🏥 Premium Medical, Dental, and Vision Insurance plans

👶 Generous paid parental and caregiver leave

💰 401(k) savings plan with matching contributions

📈 Financial advisor and financial wellness support

🏖️ Flexible PTO and generous company holidays, including Juneteenth and Winter Break

🎉 All-company in-person events once or twice a year and virtual events throughout to connect with your team members and leadership team

Dave Operating LLC is proud to be an Equal Employment Opportunity employer and is dedicated to cultivating a diverse and inclusive workplace. We will consider for employment all qualified applicants and do not discriminate on any basis protected by federal, state, or local law, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance relating to an applicant's criminal history.

#LI-REMOTE

Apply