About the job:
As a Application Security Engineer II, you will play a pivotal role in safeguarding the company's systems, applications, and data by implementing robust security solutions and practices. Collaborating with cross-functional teams, you will ensure that our technology ecosystem adheres to industry security standards and aligns with company policies. Reporting to the Director of Security, you will contribute to securing the development lifecycle, enhancing the security posture of our applications, and providing guidance to development teams.
This role is ideal for a proactive professional who excels at analyzing applications, identifying vulnerabilities, and mitigating risks in the ever-evolving landscape of cybersecurity threats.
What you get to do:
- Secure Development Practices: Collaborate with developers to promote secure coding practices, conduct code reviews, and ensure alignment with organizational security standards.
- Penetration Testing and Vulnerability Management: Support penetration testing efforts, perform security assessments during project reviews, and manage application scanning throughout the software development lifecycle (SDLC).
- Threat modeling: identifying and mitigating potential security risks in applications and services. This would involve collaborating with development teams analyzing system architectures, designing secure solutions, and adherence to security best practices.
- Third-Party Risk Management: Monitor security vulnerabilities in third-party libraries, prioritize risks, and implement effective mitigations.
- Application Security Enhancements: Enhance internal libraries, build systematic protections for classes of vulnerabilities, and implement secure defaults to protect against unsafe third-party code.
- Static Application Security Testing (SAST): Integrate static analysis tools into continuous integration (CI) workflows, empowering developers to manage and mitigate code risks effectively.
- Security Advocacy: Advocate for application security across the organization by mentoring engineers, conducting training sessions, and fostering a culture of security awareness.
- Code Reviews: Conduct independent and paired code reviews, focusing on identifying vulnerabilities and educating developers on best practices.
- Supply Chain Security: Manage and secure software supply chains using tools such as Artifactory or similar platforms.
What you will bring to the team:
- Experience: 5+ years of experience in application development or application security.
- Technical Expertise:
- Proficiency in at least two programming languages (e.g., Ruby, Python, Clojure, or Apex).
- Hands-on experience with web application penetration testing and deploying SAST tools in developer workflows.
- Comprehensive knowledge of web vulnerabilities and deploying best-practice fixes in legacy and modern codebases.
- Supply Chain Security: Strong understanding of supply chain security principles and experience managing risks associated with third-party libraries and dependencies.
- Collaboration: Proven ability to work closely with development teams, fostering security awareness and improving secure coding practices.
- Mentorship: Demonstrated experience mentoring engineers in security concepts, helping them identify and remediate vulnerabilities.
- Tooling and Processes: Familiarity with integrating security tools into CI/CD pipelines and managing security risks across the development lifecycle.
Why Join Us?
- Impactful Work: Be at the forefront of securing critical systems and applications, directly contributing to the organization's resilience against emerging threats.
- Collaboration: Work alongside passionate security and development professionals who value innovation and teamwork.
- Growth Opportunities: Expand your expertise in application security, participate in cutting-edge security projects, and mentor the next generation of security professionals.
- Security Advocacy: Play a key role in fostering a security-first culture across the company
Reports to: Director of Security Engineering
Total Rewards and Benefits:
The starting base salary for this position is $123,200 per year. The actual offer, reflecting the total compensation package and benefits, will be at the company’s sole discretion and determined by a myriad of factors including, but not limited to, years of experience, depth of experience, and other relevant business considerations. The total compensation package includes eligibility and potential for performance-based bonuses as well as equity grants dependent upon the role and job level.
OppFi offers a flexible, remote environment, 401(k) matching program, and generous paid time off. Other benefits include medical, dental, and vision coverage, and tuition reimbursement. There are also additional benefits, including DoorDash DashPass, Figo pet insurance, Rocket Lawyer, and access to LinkedIn Learning. OppFi also offers Fringe, which is a lifestyle benefits platform that allows employees decide how to spend rewards from dozens of vendors like Uber, DoorDash, and UrbanSitter. #LI-Remote
