Product Security Engineer

Remote

Posted on 5/23/2023

Locations

Chicago, IL, USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

AWS

JavaScript

Java

Postgres

React.js

Ruby

SQL

Kubernetes

Python

Requirements

Experience with security testing tools such as Kali, Metasploit, Burp Suite, OWASP ZAP, etc
Proficiency with application pen testing and vulnerability assessments
Experience with OWASP security concepts and discovering vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc
Understanding of static code analysis products
Experience with Python, Go, Java, Ruby, JavaScript, PostgreSQL, React etc
Experience in Container security and cloud security/architecture patterns
OSCP, OSWE, SANs, AWS Security Speciality Certification, Certified Kubernetes Security Specialist (CKS)
Experience with threat modeling and attack surface design

Responsibilities

Be a DevSecOps Evangelist
Conduct code reviews and security testing for new projects and initiatives
Knowledge of Integrating Security Testing into the CI/CD Pipeline
Expertise in API Security testing
Automate security testing and embed security testing into the SDLC
Collaborate with architects, product managers, and other teams to deliver high quality secure product
Provide and Guide Secure Architecture Reviews
Perform internal/external application penetration tests
Lead projects independently while working collaboratively with the team to ensure its success
Run annual application security training for software developers

We are interested in every qualified candidate who is eligible to work in the United States. However, we are not able to sponsor visas or take over sponsorship at this time.

Enova is currently accepting candidates for remote positions in the following eligible states: AL, AK, AR, AZ, CT, GA, IA, ID, IL, IN, KY, LA, MA, ME, MD, MN, MO, MS, NC, ND, NE, NH, NV, NJ, NM, OH, OK, OR, PA, RI, SC, SD, TN, UT, VT, WI, WV, WY.

About the role:

This is a hands-on role requiring in-depth knowledge of software security principles. You will be responsible for enabling security testing and enforcement across Enova Products. You will be responsible for prioritization and implementation of various DevSecOps projects and Tech initiatives which spans across all of Enova Products. In addition, you will be responsible for conducting application static code reviews, dynamic security assessments, secure architecture reviews. You will be expected to have a “can-do” attitude and work independently to drive solutions. Enova’s Security Engineering team designs, implements, and administers the tools and mechanisms involved with providing end to end IT security for Enova.

Responsibilities:

Be a DevSecOps Evangelist.
Conduct code reviews and security testing for new projects and initiatives
Knowledge of Integrating Security Testing into the CI/CD Pipeline.
Expertise in API Security testing.
Automate security testing and embed security testing into the SDLC.
Collaborate with architects, product managers, and other teams to deliver high quality secure product
Provide and Guide Secure Architecture Reviews.
Perform internal/external application penetration tests.
Lead projects independently while working collaboratively with the team to ensure its success.
Run annual application security training for software developers.

Requirements:

Experience with security testing tools such as Kali, Metasploit, Burp Suite, OWASP ZAP, etc.
Proficiency with application pen testing and vulnerability assessments
Experience with OWASP security concepts and discovering vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
Understanding of static code analysis products

An ideal candidate may also have:

Experience with Python, Go, Java, Ruby, JavaScript, PostgreSQL, React etc.

Experience in Container security and cloud security/architecture patterns.

OSCP, OSWE, SANs, AWS Security Speciality Certification, Certified Kubernetes Security Specialist (CKS).
Experience with threat modeling and attack surface design

About our team:

Our IT Security Engineering Team works alongside our teams in Systems, Monitoring, Application Engineering, and Network Engineering to deliver top notch and secure infrastructure and automation solutions. We are experts in the IT security field, but are also well-versed in applications, development life cycles, and automation techniques. We have passionate debates about technology with consensus in solutions, flexible team structures, an irrelevance of title in problem solving, and a desire to Do The Right Thing.

Enova currently uses a multitude of Security tools such as Palo Altos, Cisco ASAs, F5 technologies, ForeScout, Proofpoint, CyberArk, Nessus and Splunk SIEM to provide security controls throughout the environment. Our server and application platform primarily runs on Vmware and several workloads exist in Amazon, with plans to expand services into the cloud.

#LI-RC1

#BI-Remote

Benefits & Perks:

Flexible work schedule (In-office T/W/Th and remote M/F for hybrid-eligible roles)
Health, dental, and vision insurance including mental health benefits
401(k) matching plus a ROTH option (U.S. Based employees only)
PTO & paid holidays off
Sabbatical program (for eligible roles)
Summer hours (for eligible roles)
Paid parental leave
DEI groups (B.L.A.C.K. @ Enova, HOLA @ Enova, Women @ Enova, Pride @ Enova, South Asians @ Enova, APEX @ Enova, and Parents @ Enova)
Employee recognition and rewards program
Charitable matching and a paid volunteer day…Plus so much more!

About Enova

Enova International is a leading financial technology company that provides online financial services through our AI and machine learning-powered Colossus™platform. We serve non-prime consumers and businesses alike, while offering world-class technology and services to traditional banks—in order to create accessible credit for millions.

Being a values-driven organization is at the core of Enova’s success. We live our values by listening to our customers, challenging assumptions, thinking big, setting high expectations, and hiring and developing the best. Through our values and our commitment to making Enova an awesome place to work, we maintain an environment of inclusion and culture where our employees can thrive. You can learn more about Enova’s values and culture here.

It is our policy to provide equal employment opportunity for all persons and not discriminate in employment decisions by placing the most qualified person in each job, without regard to any other classification protected by federal, state, or local law. California Applicants: Clickhere to review our California Privacy Policy for Job Applicants.

1,001-5,000 employees

Website

Joint venture

Company Overview

Enova is a mission-driven organization helping hardworking people get access to fast, trustworthy credit.

Benefits

Advance your career - We have a dedicated training team focused on giving you the tools you need to succeed within your department, within the company and in your career. The focus starts day one with a robust onboarding program and continues throughout your career at Enova.
See the benefits - Full-time employees receive medical, dental and vision benefits; matching 401(k); PTO; commuter benefits; flexible spending accounts for health care and dependent daycare; and more!
Be recognized - There’s plenty of room for both lateral and upward movement here at Enova. We’re always interested in promoting from within, and we keep a lookout for top talent who are ready to advance.
Get your perks - Full-time employees can receive tuition reimbursement, one-month paid sabbatical after four years, discounted massages, manicures and other perks.
Give back - We work throughout the year to partner with local charities and assist our neighbors in need. We also offer a charitable match program — allowing team members to double their impact when they donate money to charity.
Have fun - We like challenges here; maybe that’s why we have so many games, competitions and outings. There are a number of ways you can scratch your competitive itch and have fun!

Company Core Values

Customer first - We listen to our customers’ needs and create products that solve real problems. We deliver beyond expectations, treating our customers the way we want to be treated.
Best answer wins - We believe innovative ideas and solutions can come from anywhere. That’s why we make sure the best answer wins — no matter who it’s coming from.
Operate as an owner - The entrepreneurial spirit runs strong at Enova. We encourage team members to think big and move fast and use resources like they’re their own.
Accountable for results - We’re a data-driven company, and we use that data to add value and create results. We set our expectations high and do what we say we are going to do.
Top talent and teamwork - Enova is a place for the best and brightest, from all walks of life and parts of the world. We work in small, focused teams that encourage diversity of thought.