Our client is
reinventing credit to make it more honest and friendly, giving consumers the
flexibility to buy now and pay later without any hidden fees or compounding
The company values
information security as a critical part of the company’s continued success. Our
mission is to make information security programmatic and cultural within the
business, enabling the company to succeed in building honest financial
products. The Security team posture increases security and reduces risk while
securely enabling access to information for those who need it.
What You'll Do
- Develop application security
and product best practices to standardize security practices.
- Provide security design review
and code reviews to the organization to ensure the product features meet
security requirement and best practices.
- Review, analyze, and evaluate
both internally developed software and vendor products and procedures to
address security requirements and concerns.
- Serve as subject matter expert
for static and dynamic analysis security tools.
- Work with DevOps engineers to
integrate static and dynamic analysis security tools into CI/CD pipelines.
- Interpret security tools
findings, 3rd penetration testing results, and bug bounty program
- Provide vulnerability remediation
guidance and mentoring to product development software engineers.
- Develop company-wide security
projects and processes to discover security defects in source code,
dependencies, and/or other artifacts.
- Develop and improve
documentations on security processes and procedures.
- Build metrics to track security
defects and automate the collection of security information to derive
- Enable automation of product
security testing and find innovative ways to scale the security team.
- Evaluation of new technologies,
tools, and/or development techniques that impact security.
What We Look For
- Team player, high work ethics,
attention to details is a must.
- Ability to communicate
effectively with business representatives in explaining security topics
clearly and where necessary, in layman's terms.
- Experience with Cloud and
virtualized technology in environments such as AWS or GCP.
- Ability to efficiently
communicated security to any audience, such as explaining vulnerabilities
and weaknesses in the OWASP Top 10, WASC, and/or CWE 25 and discuss
effective defensive techniques and countermeasures to both business and
- Deep understanding of network
protocols such as HTTP and SSL/TLS.
- Familiar with means to
defend modern Web applications and APIsFamiliarity with dynamic and static
analysis tools and ability to interpret dynamic/static analysis tools, and
penetration test results and describe issues and fixes to non-security
- Familiarity with common
reconnaissance, exploitation, and post-exploitation frameworks.
- Deep understanding of
continuous integration / continuous deployment processes and tools.
- Ability to automate tasks using
a scripting language (Python, Shell, etc).
- Ability to program in Python,
- Security certification such as
CISSP, OSCP is a plus.
- BA/BS degree in a related field
or equivalent experience is a plus.