Software Security Engineers

Sr. Software/Apps Security Engineer Sr. Software/Apps Security Engineer Req No. 2015-2989 Department Engineering Type Regular Full-Time Location US-CA-Redwood City More information about this job: Overview: ABOUT engineering @ Oportun The Engineering team @ Oportun (formerly Progreso Financiero) is dedicated to shipping performant, elegant, and intuitive software to our retail agents and directly to our customers. We provide the platform, software services, and interfaces that have enabled Oportun to serve over 500,000 customers with over $1.5 billion in life-changing, responsible loans disbursed. We work on a very unique platform, combining service-oriented platform services with sophisticated user experiences, all enabled through a best-in-class (and fun to use!) automated development infrastructure. We prove that FinTech is more fun, more challenging, and in our case, more rewarding as we build technology that changes our customers lives Responsibilities: As a Lead Application Security Engineer you will work with an agile and collaborative team of developers, QA engineers, designers and business owners to evolve the Oportun platform and delivery. This role will be responsible for performing web application vulnerability assessments and application threat modeling. The role will also be routinely involved in discussions around standards and best practices. If you are passionate about building secure and highly distributed software and processes, enjoy working with a small dedicated team, and relish making a huge impact on a successful enterprise platform, this may be an ideal opportunity for you. We have a fun, supportive culture, and firmly believe in what were doing. Some examples * Work across functions to ensure the security of the entire production ecosystem. * Design and implement application changes to meet security compliance requirements * Dynamic assessment of web application, web services, mobile applications for security vulnerability. * Ability to scale security within the SDLC by automation using tools sets such as source code analyzers (Java, Groovy, JavaScript, Html/css, etc), vulnerability scanners, configuration validation, and similar techniques. * Developing the secure SDLC program through a very close collaboration with all development teams. * Author & maintain core security libraries for deploying and maintaining cloud based services. Qualifications: * At least 6+ years of application security experience * Solid development background * Experience with secure coding guidelines, static and dynamic analysis * Experience in remediating complex enterprise level security issues * Experience with usage and customization of commercial static and dynamic analysis tools, such as Fortify, Coverity, Checkmarx, WebInspect, Accunetix, Burp, Kali and Veracode. * Member and active participation in security organizations such as OWASP, ISSA and SANS. * Working knowledge of programming languages such as Java, JavaScript and web based technologies. * Knowledge of regulations and security compliance such as PCI, COPA, Safe Harbor * Good communication in English with both oral and written experience with presentations and reports. Apply Refer Email Share on your newsfeed Socialize this job opportunity to a friend, colleague, or family member: