Application Security Engineer
Avant is revolutionizing the world of lending by lowering the costs and barriers of borrowing for everyday people. At our core, we are a technology company that builds advanced platforms and uses custom analytics. Today, we help underserved consumers, the majority of whom get fast funding on our online platform without having to talk to anyone. Tomorrow we plan to use our world class technology and underwriting capabilities to launch new products and bank partnerships that improve people’s financial lives.
JOB DESCRIPTION
The Application Security Engineer will be responsible for integrating security into the development of Avant’s applications. The Application Security Engineer will work closely with the product and software development team to threat model, vulnerability scan, and pen test the early software, system, and network architecture and identify required control points in the application stack. The Application Security Engineer will also work closely with developers to diagnose, document, and remediate application security vulnerabilities. The Application Security Engineer will also be responsible for evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment.
Work closely with application development and QA teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing Avant, including threat modeling and applications security advisement services.
What you do at Avant
- Develop and maintain a balanced application security program based on a well-defined application security framework
- Conduct application security assessments / penetration tests and implement tools for dynamic/automated code reviews
- Ensure application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments.
- Ensure compliance with society, regulatory, and industry standards for application security.
- Continuously evaluate the organization’s existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.
- Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
- Conduct code reviews and penetration testing
- Develop and maintain unit and integration tests designed to ensure security controls are tested on every build
Why you are a fit for Avant
- College Degree or equivalent work experience
- 5 or more years’ experience working in a senior level security support role
- Excellent presentation, verbal and written communication skills
- Exceptional task management skills with attention to detail
- Familiarity with application security frameworks, standards and risk assessment methodologies
- Working knowledge of key security standards and regulations (ISO, FFIEC, SOC I/II, GLBA, PCI, SDLC etc.)
- Knowledge and understanding of key technology stacks such as Amazon AWS, Ruby on Rails, etc.
- Experience with Governance, Risk and Compliance (GRC) or risk assessment tools desirable
Why Avant is a fit for you: At Avant, we believe our values make a difference:We value, support, and help each other growWe are committed to active inclusion and diversityWe are transparent and believe the best idea winsWe succeed when our customers succeedWe get sh!t done… responsiblyAnd we keep it fun! We believe that ideas are more important than titles, everything is more fun together, everyone drives change, and everyone is an owner. While we believe the perks and benefits that we offer are terrific, nothing excites us more than having the ability to collaborate with intelligent, highly-motivated and talented people on challenging problems as we work to change the face of online lending.