Required Application Security Engineer
We believe financial opportunity should be more personalized and fair. We develop innovative technologies that provide underserved and overlooked borrowers with better access to credit. From our employees to our dealers, partners, and borrowers, weve built a company and a culture around a resolute belief in the promise and power of diversity. We value independent and critical thinking.
As an Application Security Engineer, you will play a pivotal role in safeguarding our products against security threats and vulnerabilities. You will work closely with our development teams to integrate security best practices into the software development lifecycle, conduct thorough security assessments, and implement robust security measures to protect our applications and data.
Key Responsibilities:
Collaborate with development teams to integrate security controls into the software development lifecycle (SDLC)
Conduct regular security assessments, including code reviews, vulnerability scans, and penetration testing, to identify and remediate security vulnerabilities in applications
Design and implement security solutions to protect against common security threats, such as SQL injection, cross-site scripting (XSS), and authentication bypass
Conduct threat modeling and architecture security review
Develop and maintain secure coding standards and guidelines for application developers
Monitor and analyze security incidents and provide timely response and resolution
Stay current with emerging threats, vulnerabilities, and industry best practices in application security
Participate in security incident response activities and contribute to post-incident reviews and remediation efforts
Collaborate with cross-functional teams to ensure security requirements are effectively integrated into product development processes
Deliver secured development training to developers.
Requirements: Bachelor's degree in Computer Science, Information Security, or a related field
5 years of experience in application security, with a focus on secure software development practices
Previous experience in a product company
Strong understanding of web application security concepts and protocols (e.g., OWASP Top 10, SSL/TLS, OAuth)
Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, or Nessus
Proficiency in programming languages such as Ruby, Python, or JavaScript
Experience with cloud security principles and best practices (e.g., AWS, Azure, GCP)
Excellent communication skills and ability to effectively communicate security risks and recommendations to technical and non-technical stakeholders.
This position is open to all candidates.