Senior Product Security Engineer (Remote)
Company: Enova International
Posted on: June 24, 2022
The health and safety of Enova's employees is our number one
priority. Proof of vaccination will be required regardless of work
location, unless prohibited by applicable state law. Employees may
request an exemption to the vaccination policy due to medical
reasons, sincerely-held religious beliefs, or as otherwise
permitted by applicable state law.
Enova is currently accepting candidates for remote positions in the
following eligible states: AZ, CT, ID, IL, IN, ME, MI, MN, NE, NV,
NJ, NM, NY, UT, WI.
About the role:
In this role, you will be responsible for building, developing and
designing strategies of embedding security testing and enforcement
within the SDLC across Enova Products. This is a hands-on role
requiring in-depth knowledge of software security principles. You
will be responsible for prioritization and implementation of
various DevSecOps projects and Tech initiatives across all of
Enova's Digital Products. In addition, you will be responsible for
conducting application static code reviews, dynamic security
assessments, build Container security standards, AWS security
posture assessments. You will be expected to have a "can-do"
attitude and work independently to drive solutions. Enova's
Security Engineering team designs, implements, and administers the
tools and mechanisms involved with providing end to end IT security
What you'll be doing:
- Serving as a security subject matter expert in a consultative
capacity with the development teams through the software
engineering process - including security reviews/remediation at
various stages of the SDLC.
- Building partnerships with other engineering teams, be a source
of expertise in security best practices.
- Performing threat modeling, architecture reviews, and
application testing ensuring critical vulnerabilities are
identified, communicated to team members, and driving delivery of
- Developing and delivering security training to software
- Researching emerging technologies and maintaining awareness of
current security risks in support of security enhancement and
- Coordinating around, participating in and managing information
- Implementing tools to test and enforce application security
policy as part of DevSecOps pipeline
- Using appropriate interpersonal styles and subject matter
knowledge to partner, gain trust and influence across the
- Delivering best in class customer service to internal
- Playing a senior role in design, development, quality and
operations of services owned by the team partnering across product
management, architects and operations.
- Mentor software engineers, security engineers and evangelize
We're excited about you if you have:
- Experience in AWS(Amazon Web Services),
Containers(Dockers/Kubernetes), Microservice architectures, past
DevOps/Software engineering experience.
- Experience with security testing tools such as Kali, Snyk,
Checkmarx, GoSec, Burp Suite, OWASP ZAP, etc.
- Proficiency with application pen testing and vulnerability
An ideal candidate may also have:
- Familiarity on Frameworks such as Ruby on Rails, Java Spring
- Strong communication skills and desire to collaborate across
- Demonstrated ability to ship production-quality software in a
- Experience working with firmware and hardware security
- Familiarity with data privacy regulations and compliance
- OSCP, OSWE, SANs, AWS Security Speciality Certification,
Certified Kubernetes Security Specialist (CKS).
- Experience with threat modeling and attack surface design
About our team:
Our IT Security Engineering Team works alongside our teams in
Systems, Monitoring, Application Engineering, and Network
Engineering to deliver top notch and secure infrastructure and
automation solutions. We are experts in the IT security field, but
are also well-versed in applications, development life cycles, and
automation techniques. We have passionate debates about technology
with consensus in solutions, flexible team structures, an
irrelevance of title in problem solving, and a desire to Do The
Enova currently uses a multitude of Application Security tools such
as Checkmarx, Snyk, Burp Suite Pro, Anchore Container Security, AWS
(GuardDuty, SecurityHub), GoSec. Our server and application
platform primarily runs on Vmware and several workloads exist in
Amazon, with plans to expand services into the cloud.
Enova is a leading financial technology company providing online
financial services through its AI and machine learning powered
lending platform. Enova serves the needs of non-prime consumers and
small businesses, who are frequently underserved by traditional
banks. Enova has provided more than 7 million customers with over
$40 billion in loans and financing with market leading products
that provide a path for them to improve their financial health.
Want to learn more? Just ask any of our almost 1,500 employees.
Our goal at Enova, we believe that diversity and inclusion among
our teammates is critical to our success as a global company, and
we seek to recruit, develop and retain the most talented people
from a diverse candidate pool. It is our policy to provide equal
employment opportunity for all persons and not discriminate in
employment decisions by placing the most qualified person in each
job, without regard to any other classification protected by
federal, state, or local law. California Applicants: Click here to
Keywords: Enova International, Jacksonville , Senior Product Security Engineer (Remote), Engineering , Jacksonville, Florida
Didn't find what you're looking for? Search again!