Product Security Engineer (Remote)

We are interested in every qualified candidate who is eligible to work in the United States. However, we are not able to sponsor visas or take over sponsorship at this time.

Enova is currently accepting candidates for remote positions in the following eligible states: AL, AK, AR, AZ, CT, GA, IA, ID, IL, IN, KY, LA, MA, ME, MD, MI, MN, MO, MS, NC, ND, NE, NH, NV, NJ, NM, OH, OK, OR, PA, RI, SC, SD, TN, UT, VT, WI, WV, WY.

About the role: 

This is a hands-on role requiring in-depth knowledge of software security principles. You will be responsible for enabling security testing and enforcement across Enova Products. You will be responsible for prioritization and implementation of various DevSecOps projects and Tech initiatives which spans across all of Enova Products. In addition, you will be responsible for conducting application static code reviews, dynamic security assessments, secure architecture reviews. You will be expected to have a “can-do” attitude and work independently to drive solutions. Enova’s Security Engineering team designs, implements, and administers the tools and mechanisms involved with providing end to end IT security for Enova.

What you’ll be doing: 

• Be a DevSecOps Evangelist.
• Conduct code reviews and security testing for new projects and initiatives
• Knowledge of Integrating Security Testing into the CI/CD Pipeline.
• Expertise in API Security testing.
• Automate security testing and embed security testing into the SDLC.
• Collaborate with architects, product managers, and other teams to deliver high quality secure product 
• Provide and Guide Secure Architecture Reviews.
• Perform internal/external application penetration tests.
• Lead projects independently while working collaboratively with the team to ensure its success.
• Run annual application security training for software developers.

We’re excited about you if you have:

• Experience with security testing tools such as Kali, Metasploit, Burp Suite, OWASP ZAP, etc.
• Proficiency with application pen testing and vulnerability assessments
• Experience with OWASP security concepts and discovering vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
• Understanding of static code analysis products

An ideal candidate may also have:

• Experience with Python, Go, Java, Ruby, JavaScript, PostgreSQL, React etc.

• Experience in Container security and cloud security/architecture patterns.

• OSCP, OSWE, SANs, AWS Security Speciality Certification, Certified Kubernetes Security Specialist (CKS).

• Experience with threat modeling and attack surface design 

About our team:

Our IT Security Engineering Team works alongside our teams in Systems, Monitoring, Application Engineering, and Network Engineering to deliver top notch and secure infrastructure and automation solutions. We are experts in the IT security field, but are also well-versed in applications, development life cycles, and automation techniques. We have passionate debates about technology with consensus in solutions, flexible team structures, an irrelevance of title in problem solving, and a desire to Do The Right Thing.

Enova currently uses a multitude of Application Security tools such as Checkmarx, Snyk, Burp Suite Pro, Anchore Container Security, AWS (GuardDuty, SecurityHub), GoSec. Our server and application platform primarily runs on Vmware and several workloads exist in Amazon, with plans to expand services into the cloud.

#LI-RC1