Security Engineer - Application Security

Carter Wellington Limited - More jobs by this advertiser

Security Engineer, Application Security


Our client is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.


The company values information security as a critical part of the company’s continued success. Our mission is to make information security programmatic and cultural within the business, enabling the company to succeed in building honest financial products. The Security team posture increases security and reduces risk while securely enabling access to information for those who need it. 


What You'll Do


  • Develop application security and product best practices to standardize security practices.
  • Provide security design review and code reviews to the organization to ensure the product features meet security requirement and best practices. 
  • Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements and concerns.
  • Serve as subject matter expert for static and dynamic analysis security tools.
  • Work with DevOps engineers to integrate static and dynamic analysis security tools into CI/CD pipelines.
  • Interpret security tools findings,  3rd penetration testing results, and bug bounty program submissions.
  • Provide vulnerability remediation guidance and mentoring to product development software engineers.
  • Develop company-wide security projects and processes to discover security defects in source code, dependencies, and/or other artifacts.
  • Develop and improve documentations on security processes and procedures.
  • Build metrics to track security defects and automate the collection of security information to derive metrics.
  • Enable automation of product security testing and find innovative ways to scale the security team.
  • Evaluation of new technologies, tools, and/or development techniques that impact security.


What We Look For


  • Team player, high work ethics, attention to details is a must.
  • Ability to communicate effectively with business representatives in explaining security topics clearly and where necessary, in layman's terms.
  • Experience with Cloud and virtualized technology in environments such as AWS or GCP.
  • Ability to efficiently communicated security to any audience, such as explaining vulnerabilities and weaknesses in the OWASP Top 10, WASC, and/or CWE 25 and discuss effective defensive techniques and countermeasures to both business and engineering staff.
  • Deep understanding of network protocols such as HTTP and SSL/TLS.
  • Familiar with  means to defend modern Web applications and APIsFamiliarity with dynamic and static analysis tools and ability to interpret dynamic/static analysis tools, and penetration test results and describe issues and fixes to non-security experts.
  • Familiarity with common reconnaissance, exploitation, and post-exploitation frameworks.
  • Deep understanding of continuous integration / continuous deployment processes and tools.
  • Ability to automate tasks using a scripting language (Python, Shell, etc).
  • Ability to program in Python, experience with Javascript is a plus.
  • Security certification such as CISSP, OSCP is a plus.
  • BA/BS degree in a related field or equivalent experience is a plus.


Carter Wellington Limited

Company Profile

1 June 2020
Location: United States Cadiz San Francisco
Salary: $160000 to $190000 USD per year
Work type:
Full time
Information and Communication Technology
Apply Now

This advertiser's application form opens in a new window. Check your browser's popup blocker settings if you experience problems.

Bookmark and Share
  • Previous Next

This website uses cookies

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy.
I agree
Read more