×
Register Here to Apply for Jobs or Post Jobs. X

Fraud Strategist - Login and Auth

Job in San Francisco, San Francisco County, California, 94118, USA
Listing for: Sofi
Full Time position
Listed on 2026-07-03
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security
Job Description & How to Apply Below
Employee Applicant Privacy Notice

Who we are:

Shape a brighter financial future with us.

Together with our members, we're changing the way people think about and interact with personal finance.

We're a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we're at the forefront. We're proud to come to work every day knowing that what we do has a direct impact on people's lives, with our core values guiding us every step of the way.

Join us to invest in yourself, your career, and the financial world.

The Role:

We are searching for a Fraud Strategist, Login and Auth to own the perimeter of the SoFi platform. This is a sophisticated role at the intersection of adversarial threat intelligence, device forensics, and real-time decisioning. You will design fraud strategy across login, password reset, MFA, step-up, and high-risk session events, calibrated against the full spectrum of perimeter threats: account takeover (ATO), authorized scams, credential stuffing, MFA bombing, OTP interception, SIM swap, adversary-in-the-middle phishing, and emulator-driven bot traffic.

The work requires fluency in device intelligence,, behavioral biometrics, network reputation, and the device-graph forensics needed to attribute risk to entities, not just sessions. You will work cross-functionally with EPD, IAM, Fraud Ops, Info Sec, and partner risk teams to translate signals into production policy that scales across Money, Invest, Crypto, Card, and Lending.

By joining SoFi, you'll become part of a forward-thinking company that is transforming financial services for the better. We offer the excitement of a rapidly growing startup with the stability of an industry leading leadership team.

What You'll Do:

The Fraud Strategist, Login and Auth will help SoFi build a defensible authentication perimeter by:

* Owning the end-to-end login risk strategy across web and mobile authentication surfaces: signal selection, rule construction, threshold tuning, champion/challenger lifecycle, and rule-level loss attribution.

* Architecting perimeter-threat defense covering ATO, scam interception (authorized push payment, remote access, impostor, investment), MFA bombing, OTP interception, SIM swap, and adversary-in-the-middle phishing. Translate live campaign telemetry into production rule changes within hours

* Driving device forensics at depth: device fingerprinting, emulator and VM detection, jailbreak and root signals, residential-proxy detection, and entity-level device-graph analysis to surface coordinated abuse hidden under individually clean sessions.

* Designing step-up authentication, account recovery, and high-risk transaction decisioning that synthesizes device, behavioral, network, and credential-risk signals into a single decision, with explicit FPR budgets per surface.

* Leading 3DS, CNP, and tokenization risk decisioning for card-not-present transactions, coordinating with issuer processing and network rules to optimize approval rate without ceding losses.

* Partnering with Info Sec threat intel on credential-capture campaigns (phishing kits, SEO poisoning, ATO-as-a-service marketplaces) and translating intelligence into rule changes inside the live policy stack.

What You'll Need:

* BA/BS in Statistics, Information Systems, Mathematics, Data Science, or related fields, or equivalent work experience, and 5-8 years of work experience in Fraud Analytics, Authentication Risk, or Adversarial Security Engineering.

* ATO and Scam Defense:
Demonstrated track record reducing account takeover and scam losses across banking, card, and crypto surfaces. Comfort across the full kill chain: credential exposure, login compromise, in-session manipulation (remote access, screen share, social engineering), and money movement out.

* Perimeter Threat Fluency:
Operational understanding of credential stuffing, MFA bombing, OTP interception, SIM swap, adversary-in-the-middle phishing, residential-proxy abuse, and emulator-driven automation. You can recognize a campaign in flight from telemetry and respond at the policy layer.

* Device Forensics:
Hands-on experience with device fingerprinting, emulator and VM detection, jailbreak and root signals, behavioral biometrics, and entity-level device-graph analysis.

* Authentication Stack Depth:
Working knowledge of FIDO2/passkeys, OAuth/OIDC, 3DS protocol mechanics, tokenization, and the trade-offs between approval rate and chargeback exposure on CNP flows.

* Balance Friction and Growth:
Deep mastery of evaluating trade-offs between fraud mitigation and UX. You can articulate why a 50 bps lift in challenge rate is or is not worth the loss avoidance, with the data to back it.

* Architect Scalable Data Systems:
Expert-level SQL/Python skills used to build automated, high-volume data architectures and statistical models that serve as the foundation for global risk…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary