Senior Product Security Engineer (Remote)
The health and safety of Enova’s employees is our number one priority. Enova has not yet determined a return to office date, but will require all employees to be fully vaccinated for COVID-19 before such date. Proof of vaccination will be required. Enova will consider exceptions to this policy on a case-by-case basis for those who need accommodation due to medical reasons or sincerely-held religious beliefs or practices.
About the role:
In this role, you will develop, implement and maintain security solutions and mechanisms throughout the corporate and production environments within Enova. This is a hands-on role requiring in-depth knowledge of software security principles.You will be performing threat modeling and security architecture reviews, and guide product and technology teams to integrate security into their software development lifecycle. In addition, you will conduct static code reviews and dynamic security assessments. You will be expected to have a “can-do” attitude and work independently to drive solutions. Enova’s Security Engineering team designs, implements, and administers the tools and mechanisms involved with providing end to end IT security for Enova.
What you’ll be doing:
- Conduct code reviews and security testing for new projects and initiatives
- Research and recommend emerging security technologies/tools to address current and future threats
- Knowledge of Integrating Security Testing into the CI/CD Pipeline.
- Expertise in API Security testing.
- Collaborate with architects, product managers, and other teams to deliver high quality secure product
- Provide and Guide Secure Architecture Reviews.
- Perform internal/external application penetration tests
- Lead projects independently while working collaboratively with the team to ensure its success
- Run annual application security training for software developers.
We’re excited about you if you have:
- Experience with security testing tools such as Kali, Metasploit, Burp Suite, OWASP ZAP, etc.
- Proficiency with application pen testing and vulnerability assessments
- Experience with OWASP security concepts and discovering vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
- Understanding of static code analysis products
Things we like, but don’t require:
- Experience with Ruby, Rails, or PostgreSQL
- Understanding of git and version control
- OSCP, OSWE, SANs, and pen testing
- Experience with threat modeling and attack surface design
About our team:
Our IT Security Engineering Team works alongside our teams in Systems, Monitoring, Application Engineering, and Network Engineering to deliver top notch and secure infrastructure and automation solutions. We are experts in the IT security field, but are also well-versed in applications, development life cycles, and automation techniques. We have passionate debates about technology with consensus in solutions, flexible team structures, an irrelevance of title in problem solving, and a desire to Do The Right Thing.
Enova currently uses a multitude of Security tools such as Palo Altos, Cisco ASAs, F5 technologies, ForeScout, Proofpoint, CyberArk, Nessus and Splunk SIEM to provide security controls throughout the environment. Our server and application platform primarily runs on Vmware and several workloads exist in Amazon, with plans to expand services into the cloud.
About Enova:
Enova is a leading financial technology company providing online financial services through its AI and machine learning powered lending platform. Enova serves the needs of non-prime consumers and small businesses, who are frequently underserved by traditional banks. Enova has provided more than 7 million customers with over $40 billion in loans and financing with market leading products that provide a path for them to improve their financial health. Want to learn more? Just ask any of our almost 1,500 employees.
Our goal at Enova, we believe that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. It is our policy to provide equal employment opportunity for all persons and not discriminate in employment decisions by placing the most qualified person in each job, without regard to any other classification protected by federal, state, or local law. California Applicants: Click here to review our California Privacy Policy for Job Applicants.