Job Specifications
About The Role
We are looking for a Sr. Full Stack Application Security Engineer with deep expertise in mobile application security to join our Product Security team. This role is hands-on and impact driven. You will work directly with mobile, backend, and platform engineering teams to identify, prevent, and remediate security issues across our iOS, Android, API, and backend systems.
You will operate close to the code and close to the product. That means reviewing architectures across the stack, influencing secure design decisions early, and helping teams ship features safely without slowing delivery. This role is for someone who understands how modern distributed systems and mobile apps are built, deployed, and attacked in real-world environments.
While mobile application security is a core focus, you will be part of a team that owns security posture across the full application stack including APIs, backend services, identity and authentication flows, and CI/CD pipelines.
The base salary offered for this role and level of experience will begin at $213,000 and up to $295,000. Full-time employees are also eligible for a bonus, competitive equity package, and benefits. The actual base salary offered may be higher, depending on your location, skills, qualifications, and experience.
In this role, you can expect to
Build and improve security capabilities, automation, and guardrails for mobile applications and backend/API services
Perform application or API/backend penetration testing
Identify, triage, and help remediate vulnerabilities across Chime products
Partner closely with engineering and product teams to embed security into the development lifecycle across mobile apps, APIs, and backend services
Perform architecture and code reviews across the stack (iOS/Android, APIs, backend) with a focus on secure data storage, authentication, authorization, secure communication, and session/token handling
Leverage AI to accelerate security workflows (e.g., code review support, triage, threat modeling), and partner with teams building AI-enabled features to define and implement production-grade AI security controls
To thrive in this role, you have
5+ years of experience in application security, with strong hands-on experience across both mobile and backend systems
Hands on experience securing iOS and Android applications in production environments
Strong understanding of mobile threat models and common attack techniques
Experience with mobile security testing techniques, including static and dynamic analysis
Familiarity with iOS and Android platform security features and limitations
Practical coding experience, preferably in Ruby, Go, Python languages
Ability to clearly communicate security risks, tradeoffs, and remediation guidance to engineering partners
A Little About Us
At Chime, we believe that everyone can achieve financial progress. We created Chime—a financial technology company, not a bank*—on the premise that core banking services should be helpful, easy, and free. Through our user-friendly tools and intuitive platforms, we empower our members to take control of their finances and work towards their goals. Whether it's starting a savings account, purchasing a first car or home, launching a business, or pursuing higher education, we're proud to have helped millions unlock their financial potential.
We're a team of problem solvers, dreamers, and builders with one shared obsession: our members. From day one, Chimers have worked tirelessly to out-hustle and out-execute competitors to bring our mission to life. Their grit and determination inspire us to work harder every day to deliver the very best experience possible. We each bring an owner's mindset to our work, refusing to be outdone and holding ourselves accountable to meet and exceed the highest bars for our teams, our company, and our members.
We believe in being bold, dreaming big, and taking risks, while also working together, embracing our diverse perspectives, and giving each other honest feedback. Our culture remains deeply entrepreneurial, encouraging every Chimer to see themselves as stewards of our mission to help everyday Americans unlock their financial progress.
We know that to achieve our mission, we must earn and keep people's trust—so we hold ourselves to the highest standards of integrity in everything we do. These aren't just words on a wall—our values are embedded in every aspect of our business, serving as a north star that guides us as we work to help millions achieve their financial potential.
Because if we don't—who will?
Chime is a financial technology company, not a bank. Banking services provided by The Bancorp Bank, N.A. or Stride Bank, N.A., Members FDIC.
What We Offer For Our Full-time, Regular Employees
Our in-office work policy is designed to keep you connected - with four days a week in the office and Fridays from home for those near one of our offices, plus team and company-wide events depending on location. W