Lead Application Security Engineer (Remote)
Chicago, IL
Enova is currently accepting candidates for remote positions in the following eligible states: AL, AK, AR, AZ, CT, GA, IA, ID, IL, IN, KY, LA, MA, ME, MD, MI, MN, MO, MS, NC, ND, NE, NH, NV, NJ, NM, OH, OK, OR, PA, RI, SC, SD, TN, UT, VT, WI, WV, WY.
About the role:
In this role, you will be responsible for building, developing and designing strategies of embedding security testing and enforcement within the SDLC across Enova Products. This is a hands-on role requiring in-depth knowledge of software security principles. You will be responsible for prioritization and implementation of various DevSecOps projects and Tech initiatives across all of Enova’s Digital Products. In addition, you will be responsible for conducting application static code reviews, dynamic security assessments, build Container security standards, AWS security posture assessments. You will be expected to have a “can-do” attitude and work independently to drive solutions. Enova’s Security Engineering team designs, implements, and administers the tools and mechanisms involved with providing end to end IT security for Enova.
What you’ll be doing:
- Serving as a security subject matter expert in a consultative capacity with the development teams through the software engineering process – including security reviews/remediation at various stages of the SDLC.
- Building partnerships with other engineering teams, be a source of expertise in security best practices.
- Performing threat modeling, architecture reviews, and application testing ensuring critical vulnerabilities are identified, communicated to team members, and driving delivery of mitigations.
- Developing and delivering security training to software engineers.
- Researching emerging technologies and maintaining awareness of current security risks in support of security enhancement and development efforts.
- Coordinating around, participating in and managing information security projects.
- Implementing tools to test and enforce application security policy as part of DevSecOps pipeline
- Using appropriate interpersonal styles and subject matter knowledge to partner, gain trust and influence across the organization.
- Delivering best in class customer service to internal customers
- Playing a senior role in design, development, quality and operations of services owned by the team partnering across product management, architects and operations.
- Mentor software engineers, security engineers and evangelize security initiatives.
We’re excited about you if you have:
- Experience in AWS(Amazon Web Services), Containers(Dockers/Kubernetes), Microservice architectures, past DevOps/Software engineering experience.
- Experience with security testing tools such as Kali, Snyk, Checkmarx, GoSec, Burp Suite, OWASP ZAP, etc.
- Proficiency with application pen testing and vulnerability assessments
An ideal candidate may also have:
- Programming experience in Go, Python, Java, JavaScript, Ruby etc.
- Familiarity on Frameworks such as Ruby on Rails, Java Spring Boot etc..
- Strong communication skills and desire to collaborate across teams
- Demonstrated ability to ship production-quality software in a dynamic environment
- Experience working with firmware and hardware security
- Familiarity with data privacy regulations and compliance
- OSCP, OSWE, SANs, AWS Security Speciality Certification, Certified Kubernetes Security Specialist (CKS).
- Experience with threat modeling and attack surface design
About our team:
Our IT Security Engineering Team works alongside our teams in Systems, Monitoring, Application Engineering, and Network Engineering to deliver top notch and secure infrastructure and automation solutions. We are experts in the IT security field, but are also well-versed in applications, development life cycles, and automation techniques. We have passionate debates about technology with consensus in solutions, flexible team structures, an irrelevance of title in problem solving, and a desire to Do The Right Thing.
Enova currently uses a multitude of Application Security tools such as Checkmarx, Snyk, Burp Suite Pro, Anchore Container Security, AWS (GuardDuty, SecurityHub), GoSec. Our server and application platform primarily runs on Vmware and several workloads exist in Amazon, with plans to expand services into the cloud.
#LI-RC1
About Enova:
Enova is a leading financial technology company providing online financial services through its AI and machine learning powered lending platform. Enova serves the needs of non-prime consumers and small businesses, who are frequently underserved by traditional banks. Enova has provided more than 7 million customers with over $40 billion in loans and financing with market leading products that provide a path for them to improve their financial health. Want to learn more? Just ask any of our almost 1,500 employees.
Our goal at Enova, we believe that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. It is our policy to provide equal employment opportunity for all persons and not discriminate in employment decisions by placing the most qualified person in each job, without regard to any other classification protected by federal, state, or local law. California Applicants: Click here to review our California Privacy Policy for Job Applicants.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation AWS Burp Suite Checkmarx Cloud Compliance DevOps DevSecOps Java JavaScript Kali Kubernetes Machine Learning Monitoring OSCP OSWE OWASP Pentesting Privacy Python Ruby SANS SDLC Security assessment VMware Vulnerabilities
Perks/benefits: Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs