Lead Security Engineer

Who We Are

Dave is on a mission to build products that level the financial playing field™. We believe in financial opportunity for everyday Americans—because we all deserve a banking system that works for us, not against us. Our members hustle to make money work for them. They don’t need a hero. They need a system that isn’t designed to hold them down. That’s where we come in.

Why this role matters

Security at Dave protects more than infrastructure—it protects trust. As Lead Security Engineer, you’ll be the technical lead for DFIR (Digital Forensics and Incident Response). You’ll own and evolve our detection and response program as we grow—and work on systems that protect millions of members.

Over the years, we’ve made incremental DFIR improvements. But with our scale and user base today, we need a programmatic approach—grounded in clear triage, smart automation, and tooling that scales. You’ll drive that transformation.

You won’t be starting from zero—we have qualified tools (e.g., CrowdStrike, Upwinds, Chronicle) and logging pipelines in place. But digital forensics is early-stage and currently vendor-reliant. You’ll lead the shift toward in-house capability, maturity, and clarity across the stack.

What You’ll Tackle

• Lead DFIR at Dave. Own the vision and execution for digital forensics and incident response across cloud, endpoint, and SaaS.
• Build what matters. Establish core forensics workflows, evolve our SIEM, and mature our ability to respond—not just react.
• Scale detection. Own detection off of CrowdStrike, tune Chronicle outputs, and build noise-resistant alert handling.
• Drive coverage. Partner on Upwinds CDR deployments, increasing breadth and depth of coverage across infra and SaaS.
• Automate and teach. Write tooling (Python, Terraform) that outlasts incidents—and empower others to respond, even without deep DFIR background.
• Triage, clarified. Lead efforts to define what clarity looks like when incidents hit—so response is calm, fast, and confident.

What Success Looks Like

In your first year, you’ll:

• Stand up a reliable in-house digital forensics capability
• Formalize alert pipelines and triage processes across core tools (CrowdStrike, Chronicle, Upwinds, etc.)
• Deliver real reductions in MTTD and MTTR—while increasing team trust in our alerts
• Proactively strengthen detection through vulnerability triage, threat modeling, and purple teaming
• Be seen as the driver of DFIR strategy and execution—not just the responder

What’s Ahead

You’ll lead some of the most critical security projects we’ve ever taken on:

• Standing up new detection and response tooling
• Replacing vendor forensics with in-house pipelines
• Defining what “clarity of triage” means in a high-growth org
• Building systems that protect members and enable engineers—not slow them down

What Makes a High Performer In This Role

• You own problems, not just tasks—and bring them to resolution
• You prioritize automation over manual toil and iterate with purpose
• You lead by teaching and enabling, not gatekeeping
• You see around corners, proposing improvements before others feel the pain
• You think in systems, not just scripts

You’ll thrive here if you have

• 6+ years in DFIR, detection engineering, or incident response roles
• Strong hands-on experience with cloud-first environments (GCP preferred)
• Proficiency with EDR (e.g., CrowdStrike), SIEM (e.g., Chronicle), and CDR tooling (e.g., Upwinds)
• Python and Terraform fluency for automation and deployment
• A clear communicator under pressure—able to drive calm, cross-functional collaboration
• A mindset that security should accelerate, not hinder, the business

Bonus points for

• Experience building DFIR programs in-house
• Certifications like GCIH, GCFA
• Familiarity with SaaS and endpoint hardening
• Prior work in remote-first security teams

Why You’ll Love Working Here

At Dave, our people are just as important as our product. Our culture is a reflection of our values that guide who we are, how we work, and what we aspire to be. Daves are member centric, helpful, transparent, persistent, and better together. We strive to create an environment where all Daves feel valued, heard, and empowered to do their best work. As a virtual first company, team members can live and work anywhere in the United States, with the exception of Hawaii.

A Few Of Our Benefits & Perks

• Opportunity to tackle tough challenges, learn and grow from fellow top talent, and help millions of people reach their personal financial goals
• Flexible hours and virtual first work culture with a home office stipend
• Premium Medical, Dental, and Vision Insurance plans
• Generous paid parental and caregiver leave
• 401(k) savings plan with matching contributions
• Financial advisor and financial wellness support
• Flexible PTO and generous company holidays, including Juneteenth and Winter Break
• All-company in-person events once or twice a year and virtual events throughout to connect with your team members and leadership team

Key skills/competency

• DFIR
• Detection Engineering
• Incident Response
• Cloud Security (GCP)
• EDR (CrowdStrike)
• SIEM (Chronicle)
• CDR (Upwinds)
• Python Automation
• Terraform
• Threat Modeling