POSITION OVERVIEW
We are seeking an Associate Security Engineer with a focus on cloud computing to join Security Engineering & Architecture team in Opotun’s internal cyber organization,. The Associate Security Engineer will design, engineer, deploy, and maintain custom automation products while also ensuring production systems in use by the Security Teams are operating smoothly, within uptime objectives, and updated with the latest content and functionality. This position within Oportun's Shift-Left Cyber Org will involve active participation in all aspects of the Engineering Ecosystem. The Associate Security Engineer will play a crucial role in defining and implementing security controls for both Oportun's infrastructure and applications. The Associate Security Engineer will coordinate with DevOps engineers and developers to monitor the pulse of system performance and capacity, proactively recommending and implementing changes while automating ‘toil’ and repetitive tasks.
By joining Oportun, the firm will invest in your personal growth in the areas of technical aptitude, leadership skills, and business acumen. Engineers will work cross-functionally with business partners and key stakeholders to deliver clear recommendations and solutions that drive results.
This is an exciting opportunity in an innovative organization where your contributions will have a meaningful impact on broadening access to financial products for consumers with little or no credit history.
RESPONSIBILITIES
- Develop security controls to ensure cloud applications and infrastructure adhere to compliance / benchmarks.
- Create intelligent automations to negate repetitive tasks within day-to-day operations of Security Teams.
- Lead the initiatives around Outbound Email Security.
- Configure and maintain Web Application Firewall.
- Provide engineering insights and system integration efforts during Security Tools PoC activities.
- Support Vulnerability management team with focus on Application Security Configurations and Coverage.
- Build automation tools to support and maintain the inventory of application and associated cloud resources.
- Comprehend deficiencies in security solutions and understand how to fine-tune and operate them.
- Install, configure, integrate and implement technologies for enhanced auditing, prevention, detection, and response capabilities.
- Conduct technical research or root cause analysis when necessary and implement resulting action items that contribute to our enterprise security strategy.
- Maximize existing investment in security architecture and tools by comprehending deficiencies in current setup and understand how to fine-tune and operationalize them.
- Design and implement standards, policies, and procedures for automations, integrations and other SecOps Activities.
REQUIREMENTS
- Bachelor’s degree in computer science, information systems or related field from an accredited institution OR 1+ years of hands on experience in the fields of Engineering and Cyber Security.
- Experience with scripting, programming and automation is a mandatory qualification for this role.
- Experience with implementing solutions by way of consuming 3rd party SDKs. Awareness of API Security is a bonus.
- Experience with delivering solutions at scale while leveraging DevSecOps processes.
- Experience with application architecture and/or SDLC best practices.
- Experience working in or with application development teams and understanding of engineering language/culture.
- Comprehensive knowledge and hands-on programming practice with Python or Go.
- Practical knowledge of Cloud Platform administration (AWS, Azure and Kubernetes).
- Basic understanding of CI/CD pipelines and related tools (Github Actions, Bamboo, Jenkins, Azure DevOps).
- Basic understanding of Internet security issues, OWASP Top 10, Security Protocols, OSI Security Architecture and Security Compliance and Controls.
- General grasp of Operational processes, Endpoint Security and Vulnerability management principles.
- Ability to build a strong, positive relationship with partnering engineering and security teams to develop effective solutions.
- Ability to sufficiently document engineering efforts and results.
- Passion for Security, Technology and Automation.
- Preferred Certifications (Security+, etc.).