Software Development Engineering - Advisor

About The Position

Requirements

• Bachelor's degree in Computer Science, Computer Engineering or a related field and 4 years in any job title involving application security experience.
• 4 years working with SAST, IAST, DAST, and SCA tooling in support of DevSecOps
• 4 years implementing a vulnerability management program
• 4 years working with coding and scripting
• 3 years performing security architecture and design reviews
• 3 years working with threat modeling
• 3 years running or participating in bug bounty programs
• 2 years working with securing cloud architectures.

Responsibilities

• Develop, configure, and maintain automated applications and infrastructure security scanning programs including SAST, DAST, and SCA.
• Design and maintain automation test frameworks and integrate automated tests into CI/CD pipelines.
• Lead and administer the HackerOne bug bounty and vulnerability disclosure program and collaborate with engineering team to remediate critical vulnerabilities, preventing security breaches.
• Work with engineering team to build applications inventory for vulnerability management teams to prioritize vulnerabilities and remediation, Security Governance team for risk assessment, and Data security team for PII scanning.
• Plan, coordinate, and oversee penetration testing for internal products and applications.
• Lead fraud detection, remediation, and SDLC metrics projects across all Oportun applications to identify non-compliance, assess risk, and strengthen application security.