Senior Product Security Engineer (Remote)

The health and safety of Enova’s employees is our number one priority.  Enova has not yet determined a return to office date, but will require all employees to be fully vaccinated for COVID-19 before such date.  Proof of vaccination will be required.  Enova will consider exceptions to this policy on a case-by-case basis for those who need accommodation due to medical reasons or sincerely-held religious beliefs or practices.

About the role: 

In this role, you will develop, implement and maintain security solutions and mechanisms throughout the corporate and production environments within Enova. This is a hands-on role requiring in-depth knowledge of software security principles.You will be performing threat modeling and security architecture reviews, and guide product and technology teams to integrate security into their software development lifecycle. In addition, you will conduct static code reviews and dynamic security assessments. You will be expected to have a “can-do” attitude and work independently to drive solutions. Enova’s Security Engineering team designs, implements, and administers the tools and mechanisms involved with providing end to end IT security for Enova.

What you’ll be doing: 

• Conduct code reviews and security testing for new projects and initiatives
• Research and recommend emerging security technologies/tools to address current and future threats
• Knowledge of Integrating Security Testing into the CI/CD Pipeline.
• Expertise in API Security testing.
• Collaborate with architects, product managers, and other teams to deliver high quality secure product 
• Provide and Guide Secure Architecture Reviews.
• Perform internal/external application penetration tests
• Lead projects independently while working collaboratively with the team to ensure its success
• Run annual application security training for software developers.

We’re excited about you if you have:

• Experience with security testing tools such as Kali, Metasploit, Burp Suite, OWASP ZAP, etc.
• Proficiency with application pen testing and vulnerability assessments
• Experience with OWASP security concepts and discovering vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
• Understanding of static code analysis products

Things we like, but don’t require:

• Experience with Ruby, Rails, or PostgreSQL
• Understanding of git and version control
• OSCP, OSWE, SANs, and pen testing
• Experience with threat modeling and attack surface design 

About our team:

Our IT Security Engineering Team works alongside our teams in Systems, Monitoring, Application Engineering, and Network Engineering to deliver top notch and secure infrastructure and automation solutions. We are experts in the IT security field, but are also well-versed in applications, development life cycles, and automation techniques. We have passionate debates about technology with consensus in solutions, flexible team structures, an irrelevance of title in problem solving, and a desire to Do The Right Thing.

Enova currently uses a multitude of Security tools such as Palo Altos, Cisco ASAs, F5 technologies, ForeScout, Proofpoint, CyberArk, Nessus and Splunk SIEM to provide security controls throughout the environment. Our server and application platform primarily runs on Vmware and several workloads exist in Amazon, with plans to expand services into the cloud.