Senior Product Security Engineer (Remote)
Company: Enova International
Location: Seattle
Posted on: June 25, 2022
Job Description:
The health and safety of Enova's employees is our number one
priority. Proof of vaccination will be required regardless of work
location, unless prohibited by applicable state law. Employees may
request an exemption to the vaccination policy due to medical
reasons, sincerely-held religious beliefs, or as otherwise
permitted by applicable state law.Enova is currently accepting
candidates for remote positions in the following eligible states:
AZ, CT, ID, IL, IN, ME, MI, MN, NE, NV, NJ, NM, NY, UT, WI.About
the role: In this role, you will be responsible for building,
developing and designing strategies of embedding security testing
and enforcement within the SDLC across Enova Products. This is a
hands-on role requiring in-depth knowledge of software security
principles. You will be responsible for prioritization and
implementation of various DevSecOps projects and Tech initiatives
across all of Enova's Digital Products. In addition, you will be
responsible for conducting application static code reviews, dynamic
security assessments, build Container security standards, AWS
security posture assessments. You will be expected to have a
"can-do" attitude and work independently to drive solutions.
Enova's Security Engineering team designs, implements, and
administers the tools and mechanisms involved with providing end to
end IT security for Enova.What you'll be doing:
- Serving as a security subject matter expert in a consultative
capacity with the development teams through the software
engineering process - including security reviews/remediation at
various stages of the SDLC.
- Building partnerships with other engineering teams, be a source
of expertise in security best practices.
- Performing threat modeling, architecture reviews, and
application testing ensuring critical vulnerabilities are
identified, communicated to team members, and driving delivery of
mitigations.
- Developing and delivering security training to software
engineers.
- Researching emerging technologies and maintaining awareness of
current security risks in support of security enhancement and
development efforts.
- Coordinating around, participating in and managing information
security projects.
- Implementing tools to test and enforce application security
policy as part of DevSecOps pipeline
- Using appropriate interpersonal styles and subject matter
knowledge to partner, gain trust and influence across the
organization.
- Delivering best in class customer service to internal
customers
- Playing a senior role in design, development, quality and
operations of services owned by the team partnering across product
management, architects and operations.
- Mentor software engineers, security engineers and evangelize
security initiatives.We're excited about you if you have:
- Experience in AWS(Amazon Web Services),
Containers(Dockers/Kubernetes), Microservice architectures, past
DevOps/Software engineering experience.
- Experience with security testing tools such as Kali, Snyk,
Checkmarx, GoSec, Burp Suite, OWASP ZAP, etc.
- Proficiency with application pen testing and vulnerability
assessmentsAn ideal candidate may also have:
- Programming experience in Go, Python, Java, JavaScript, Ruby
etc.
- Familiarity on Frameworks such as Ruby on Rails, Java Spring
Boot etc..
- Strong communication skills and desire to collaborate across
teams
- Demonstrated ability to ship production-quality software in a
dynamic environment
- Experience working with firmware and hardware security
- Familiarity with data privacy regulations and compliance
- OSCP, OSWE, SANs, AWS Security Speciality Certification,
Certified Kubernetes Security Specialist (CKS).
- Experience with threat modeling and attack surface design About
our team:Our IT Security Engineering Team works alongside our teams
in Systems, Monitoring, Application Engineering, and Network
Engineering to deliver top notch and secure infrastructure and
automation solutions. We are experts in the IT security field, but
are also well-versed in applications, development life cycles, and
automation techniques. We have passionate debates about technology
with consensus in solutions, flexible team structures, an
irrelevance of title in problem solving, and a desire to Do The
Right Thing.Enova currently uses a multitude of Application
Security tools such as Checkmarx, Snyk, Burp Suite Pro, Anchore
Container Security, AWS (GuardDuty, SecurityHub), GoSec. Our server
and application platform primarily runs on Vmware and several
workloads exist in Amazon, with plans to expand services into the
cloud.About Enova:Enova is a leading financial technology company
providing online financial services through its AI and machine
learning powered lending platform. Enova serves the needs of
non-prime consumers and small businesses, who are frequently
underserved by traditional banks. Enova has provided more than 7
million customers with over $40 billion in loans and financing with
market leading products that provide a path for them to improve
their financial health. Want to learn more? Just ask any of our
almost 1,500 employees.Our goal at Enova, we believe that diversity
and inclusion among our teammates is critical to our success as a
global company, and we seek to recruit, develop and retain the most
talented people from a diverse candidate pool. It is our policy to
provide equal employment opportunity for all persons and not
discriminate in employment decisions by placing the most qualified
person in each job, without regard to any other classification
protected by federal, state, or local law. California Applicants:
Click here to review our California Privacy Policy for Job
Applicants.
Keywords: Enova International, Seattle , Senior Product Security Engineer (Remote), Engineering , Seattle, Washington
Didn't find what you're looking for? Search again!
Loading more jobs...