Senior Application Security Engineer
What you’ll be doing:
In this role, you will develop, implement and maintain security solutions and mechanisms throughout Enova's corporate and production environments. This is a hands-on role requiring in-depth knowledge of IT security principles along with heavy security operations experience. You will be expected to have a “can-do” attitude and work independently to drive solutions.
Your core priorities will be to:
- Conduct code reviews and security testing for new projects and initiatives
- Research and recommend emerging security technologies/tools to address current and future threats
- Participate in security incident response when necessary
- Perform internal/external application pen tests
- Lead projects independently while working collaboratively with the team to ensure its success
- Run annual application security training for software developers
What you should have:
- Experience with security testing tools such as Kali, Metasploit, Burp Suite, OWASP ZAP, etc.
- Proficiency with application pen testing and vulnerability assessments
- Experience with OWASP security concepts and discovering vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
- Understanding of static code analysis products
Nice to have:
- Experience with Ruby, Rails, or PostgreSQL
- Understanding of git and version control
- OWASP certs, SANs, and pen testing
- Experience with threat modeling and attack surface design
About our team:
Our IT Security Engineering Team works alongside our teams in Systems, Monitoring, Application Engineering, and Network Engineering to deliver top notch and secure infrastructure and automation solutions. We are experts in the IT security field, but are also well-versed in applications, development life cycles, and automation techniques. We have passionate debates about technology with consensus in solutions, flexible team structures, an irrelevance of title in problem solving, and a desire to Do The Right Thing.
Enova currently uses a multitude of Security tools such as Palo Altos, Cisco ASAs, F5 technologies, ForeScout, Proofpoint, CyberArk, Nessus and Splunk SIEM to provide security controls throughout the environment. Our server and application platform primarily runs on Vmware and several workloads exist in Amazon, with plans to expand services into the cloud.
About Enova:
Enova is a leading provider of online financial services that leverages its advanced technology and analytics to provide access to credit for non-prime consumers and small businesses. Our roots are in Chicago, but we have served nearly 5 million customers through our six businesses in the U.S. and abroad. We pride ourselves on hiring smart and driven people who bring new and innovative ideas to the table. Our philosophy is, "Life’s short. Work some place awesome."
Many of us consider our people to be Enova’s best perk. But to sweeten the deal, we also have a pretty awesome list of conventional (and less conventional) perks and benefits including competitive salaries, health care benefits, a 401K matching plan, a revamped parental leave program (and brand new nursing rooms for our returning mothers!) summer hours, tuition reimbursement and a sabbatical program. And of course we also have the things you’d expect at a leading tech company in Chicago, such as the snacks, game room, onsite massages/barbers/nail technicians, monthly social events, and sporting sponsorships.
Our goal at Enova is to recruit, hire, develop and maintain a diverse workforce. It is our policy to provide equal employment opportunity for all persons and not discriminate in employment decisions by placing the most qualified person in each job, without regard to any other classification protected by federal, state, or local law.