Security Engineer

What you’ll be doing:
As an IT Security Engineer, you’ll be an advocate for Enova’s future in IT Security and Compliance. You
will have the opportunity to develop, implement and maintain security solutions and mechanisms
throughout our corporate and production environments. Additionally, you will be responsible for setting
the architectural direction and interfacing with business and technology groups throughout the
organization to deliver cutting edge solutions.

Your core priorities will be to:
● Provide network and application security focused architectural guidance to IT teams
● Continuously evaluate Enova's infrastructure (on-prem and cloud), propose enhancements and
design changes as needed
● Practice proactive maintenance to ensure proper security posture
● Evaluate new technologies and trends, while making recommendations to improve the security of
our environment
● Collaborate with Product teams, Engineering, Development, and Compliance to ensure
operational readiness of new solutions and ongoing optimization/improvement of existing
solutions
● Oversee and develop security standards based on security best practices
● Develop a methodology for log aggregation, monitoring, and analysis to enable fast response to
security events.
● Assist with framework development for internal pen tests and vulnerability assessments.
● Provide training and mentorship across IT teams.
● Respond to security incidents, assist with troubleshooting and provide on-call support as needed

What you should have:
● In-depth knowledge of security events management and incident response procedures
● In-depth knowledge of IT security principles along with heavy security operations experience
● Experience with large Linux environments
● Experience with solution architecture/documenting software architectures
● Experience with application security, secure SDLC and penetration testing
● Understanding of DevOps principles, tools and the correlation with cloud architecture
● Understanding of infrastructure-as-code and SRE principles
● Familiarity with Cloud security fundamentals (AWS cloud platform preferred)
● AWS Security principles and services, AWS Config, IAM, WAF, GuardDuty and AWS networking
from a security perspective
● Terraform, Git or similar toolsets
● Container security and Kubernetes
● Comfort with popular scripting and programming language frameworks.

About our team:
Our IT Security Engineering Team works alongside our Systems, Monitoring, Application Engineering, and
Network Engineering teams to deliver top notch, secure infrastructure and automation solutions. We are
experts in the IT security field, but are also well-versed in networking, applications, development life
cycles, and automation techniques. We have passionate debates about technology with consensus in solutions, flexible team structures, an irrelevance of title in problem solving, and a desire to do the right
thing.

Each member of our team works and supports all security tools and will never be limited to a specific
solution allowing for continued growth. We currently use a multitude of Security tools such as Palo Altos,
Cisco ASAs, F5 technologies, AWS security services, ForeScout, Proofpoint, CyberArk, Nessus and
Splunk SIEM to provide security controls throughout the environment. Our server and application platform
primarily runs on Vmware and several workloads exist in Amazon, with plans to expand services into the
cloud.