• Sr. Application Security Engineer

    Req No.
    2019-7358
    Department
    Security
    Type
    Regular Full-Time
    Location
    US-CA-San Carlos
  • Overview

    Oportun is a financial technology company founded in 2005. Our mission is to provide affordable loans to US Latinos and others with limited credit history so they can establish credit and build a better future. Oportun uses advanced data analytics and technology to “score” and lend money to individuals with limited credit history – people other lenders consider “unscorable.”  

      

    In recognition of Oportun’s goals of increasing economic opportunity for our clients, promoting community development, and serving low-income or underserved communities, Oportun was certified by the United States Department of Treasury as a Community Development Financial Institution or CDFI. 

     

    At Oportun, everything we do reflects our corporate values of Service, Care, Innovation, Courage, Excellence, and Empowerment.

     

    Oportun is a great place to work if you are as enthusiastic about helping others as you are about your own professional development and career. As our CEO Raul Vazquez says, “Earning a paycheck to support yourself and your family is critical. Satisfying career ambitions is rewarding. But there is no greater privilege than having a challenging job where you are growing and learning professionally, while having a strong positive impact on the lives of others… And that is what we do here every day.”

    Responsibilities

    Oportun is looking for a Sr Application Security Engineer to join our Product & Application Security Team. This experienced engineer will help to maintain and to improve our cutting-edge security program. The right candidate will be a balance between a technical expert and a person who can understand and support Oportun’s business priorities and risk appetite. This individual must operate with a high degree of autonomy, accountability and maturity.

    As a Sr. Application Security Engineer, you will

    • Improve secure coding practices, application security requirements, automation, training, and metrics
    • Integrate threat modeling practices into the Software Development Lifecycle
    • Attend engineering design and application architectural reviews and actively lead discussions from a security standpoint.
    • Help build secure products and standards around emerging technologies and using existing standards and security practices
    • Perform Security Architecture and Low-Level Application Security Design review involving: Data Protection, Authentication and Authorizations, Web Application Security, Mobile Security and Network Security
    • Collaborate with product development and product management teams proactively to manage software security risk aligned with business goals
    • Collaborate with product and solution teams to achieve Cybersecurity software security program objectives
    • Manage cross-functional internal and external team collaboration, evangelization, and communications
    • Develop and optimize processes to improve software development efficiency in the consumption of security development practices
    • Maintain active understanding of industry practices for secure software development and incident response
    • Help manage vulnerability management program
    • Work with Security and Engineering teams on:
      • Evaluation of new security trends and technologies
      • Assessment and acquisition of application security tools and technologies
      • Vulnerability/pen testing assessment and remediation workflows
      • Audit compliance reporting
      • Incident response workflows
      • Participate as a subject matter expert in the incident response process

    Qualifications

    • 6+ years of Experience in Web & Mobile Application Security, SSDLC and Threat Modelling (web and mobile applications)
    • Hands on experience with Java, C#, JavaScript and HTML, Experience in building enterprise web applications is required
    • Python and/or PowerShell scripting knowledge required. API integration experience is a significant bonus.
    • Extensive private and public cloud experience (AWS preferred, but Azure or Google Cloud, etc., acceptable).
    • A strong understanding of security design and architecture
    • MUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
    • Excellent understanding of web applications, mobile applications, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
    • Well versed in web & mobile application security design, penetration testing, application risk assessment and risk categorization
    • Experience with usage and customization of commercial static and dynamic analysis tools, such as Fortify, Coverity, Checkmarx, WebInspect, Accunetix, Burp, Kali and Veracode.
    • Ability to develop solutions for moderately-complex to highly-complex problems.
    • Success in implementing effective Secure SDLC frameworks across a large corporation.
    • Proficient at problem identification, research and resolution
    • Ability to effectively manage time between projects and daily operational tasks.
    • Excellent written and oral communication skills; highly motivated and willing to do what it takes to get the job done.
    • Strong communication skills, both written and verbal.  Good presentation skills and the ability to work well under pressure.

     

    Preferred Skills/Experience:

    • Applicable certifications strongly preferred
    • Bachelor’s degree in Computer Science, Information Technology or similar field, or equivalent experience.

     

    Benefits:

    We offer competitive salaries, bonuses, stock options, great benefits and a fully- loaded laptop of your choosing.  We have strong opinions about work/life balance, and seek to create a comfortable and productive environment where we can ship apps that we’re proud of and that best serve our customers.

    #LI-SI1

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed