IT Application Security Engineer
Reports to: Security Engineering Team Lead
Our IT Security Engineering Team
Our IT Security Engineering Team works alongside our teams in systems,
monitoring, application engineering, and network engineering to deliver top
notch and secure infrastructure and automation solutions. We are experts in
the IT security field, but are also expected to be well versed in applications,
development life cycles, and automation techniques.
We are a hard working team comprised of individuals spanning many disciplines
of the Security realm. We have passionate debates about technology with
consensus in solutions, flexible team structures, an irrelevance of title in
problem solving, and a desire to Do The Right Thing.
Our culture defines who we are, and who we aspire to be. We want you to be a
part of this culture at Enova.
We speak this language:
Enova currently uses a multitude of application security tools such as Kali Linux,
Metasploit, Burp Suite, Brakeman and F5 ASM web application firewalls to
provide security controls throughout the environment. We also are consistently
looking to improve or pivot where necessary in our IT Security solutions.
This is where YOU come in:
As an IT Application Security Engineer, you’ll be an advocate and a thought
leader for Enova’s future in IT Security and Software Engineering. You will have
the opportunity to conduct code reviews and security testing for new projects
and initiatives, acting as the application security SME with Enova’s Software
Engineering team. You will also research and recommend emerging security
technologies/tools to address current and future threats within the application
landscape. Engagement in security incident response and performing
internal/external application penetration tests is also a responsibility of this
role.
You’re right for this job if you:
- Have a Bachelor’s degree in IT security, engineering, or computer science, or related study.
- Have experience with security testing tools such as Kali Linux, Metasploit, Burp Suite, OWASP ZAP, etc.
- Proven experience with application penetration testing and vulnerability assessments
- Have experience with threat modeling and attack surface analysis
- Proven experience with OWASP security concepts and discovering application vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
- Experience with static code analysis products
- Have experience with evaluating new technologies and trends, while making recommendations to improve the security of our environment
- Can work closely with the Software Engineering team for various related activities
- Can provide on-call support as needed for security events
Kudos to you if you:
- Have CISSP, OSCP, CEH or other related certifications
- Have experience with Ruby, Rails, PostgreSQL
- Have experience with PCI-DSS and/or financial technology
- Have experience with large Linux environments
- Have experience mentoring and educating team members on various
- Information Security related topics