Product Security Engineer (Remote)
We are interested in every qualified candidate who is eligible to work in the United States. However, we are not able to sponsor visas or take over sponsorship at this time.
Enova is currently accepting candidates for remote positions in the following eligible states: AL, AK, AR, AZ, CT, GA, IA, ID, IL, IN, KY, LA, MA, ME, MD, MN, MO, MS, NC, ND, NE, NH, NV, NJ, NM, OH, OK, OR, PA, RI, SC, SD, TN, UT, VT, WI, WV, WY.
About the role:
This is a hands-on role requiring in-depth knowledge of software security principles. You will be responsible for enabling security testing and enforcement across Enova Products. You will be responsible for prioritization and implementation of various DevSecOps projects and Tech initiatives which spans across all of Enova Products. In addition, you will be responsible for conducting application static code reviews, dynamic security assessments, secure architecture reviews. You will be expected to have a “can-do” attitude and work independently to drive solutions. Enova’s Security Engineering team designs, implements, and administers the tools and mechanisms involved with providing end to end IT security for Enova.
- Be a DevSecOps Evangelist.
- Conduct code reviews and security testing for new projects and initiatives
- Knowledge of Integrating Security Testing into the CI/CD Pipeline.
- Expertise in API Security testing.
- Automate security testing and embed security testing into the SDLC.
- Collaborate with architects, product managers, and other teams to deliver high quality secure product
- Provide and Guide Secure Architecture Reviews.
- Perform internal/external application penetration tests.
- Lead projects independently while working collaboratively with the team to ensure its success.
- Run annual application security training for software developers.
- Experience with security testing tools such as Kali, Metasploit, Burp Suite, OWASP ZAP, etc.
- Proficiency with application pen testing and vulnerability assessments
- Experience with OWASP security concepts and discovering vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
- Understanding of static code analysis products
An ideal candidate may also have:
- Experience in Container security and cloud security/architecture patterns.
- OSCP, OSWE, SANs, AWS Security Speciality Certification, Certified Kubernetes Security Specialist (CKS).
- Experience with threat modeling and attack surface design
About our team:
Our IT Security Engineering Team works alongside our teams in Systems, Monitoring, Application Engineering, and Network Engineering to deliver top notch and secure infrastructure and automation solutions. We are experts in the IT security field, but are also well-versed in applications, development life cycles, and automation techniques. We have passionate debates about technology with consensus in solutions, flexible team structures, an irrelevance of title in problem solving, and a desire to Do The Right Thing.
Enova currently uses a multitude of Security tools such as Palo Altos, Cisco ASAs, F5 technologies, ForeScout, Proofpoint, CyberArk, Nessus and Splunk SIEM to provide security controls throughout the environment. Our server and application platform primarily runs on Vmware and several workloads exist in Amazon, with plans to expand services into the cloud.
Benefits & Perks:
- Flexible work schedule (In-office T/W/Th and remote M/F for hybrid-eligible roles)
- Health, dental, and vision insurance including mental health benefits
- 401(k) matching plus a ROTH option (U.S. Based employees only)
- PTO & paid holidays off
- Sabbatical program (for eligible roles)
- Summer hours (for eligible roles)
- Paid parental leave
- DEI groups (B.L.A.C.K. @ Enova, HOLA @ Enova, Women @ Enova, Pride @ Enova, South Asians @ Enova, APEX @ Enova, and Parents @ Enova)
- Employee recognition and rewards program
- Charitable matching and a paid volunteer day…Plus so much more!
Enova International is a leading financial technology company that provides online financial services through our AI and machine learning-powered Colossus™platform. We serve non-prime consumers and businesses alike, while offering world-class technology and services to traditional banks—in order to create accessible credit for millions.
Being a values-driven organization is at the core of Enova’s success. We live our values by listening to our customers, challenging assumptions, thinking big, setting high expectations, and hiring and developing the best. Through our values and our commitment to making Enova an awesome place to work, we maintain an environment of inclusion and culture where our employees can thrive. You can learn more about Enova’s values and culture here.
Something looks off?