Senior Product Security Engineer (Remote)

Enova is currently accepting candidates for remote positions in the following eligible states: AL, AK, AR, AZ, CT, GA, IA, ID, IL, IN, KY, LA, MA, ME, MD, MI, MN, MO, MS, NC, ND, NE, NH, NV, NJ, NM, OH, OK, OR, PA, RI, SC, SD, TN, UT, VT, WI, WV, WY.

About the role: 

In this role, you will be responsible for building, developing and designing strategies of embedding security testing and enforcement within the SDLC across Enova Products. This is a hands-on role requiring in-depth knowledge of software security principles. You will be responsible for prioritization and implementation of various DevSecOps projects and Tech initiatives across all of Enova’s Digital Products. In addition, you will be responsible for conducting application static code reviews, dynamic security assessments, build Container security standards, AWS security posture assessments. You will be expected to have a “can-do” attitude and work independently to drive solutions. Enova’s Security Engineering team designs, implements, and administers the tools and mechanisms involved with providing end to end IT security for Enova.

What you’ll be doing: 

• Serving as a security subject matter expert in a consultative capacity with the development teams through the software engineering process – including security reviews/remediation at various stages of the SDLC.
• Building partnerships with other engineering teams, be a source of expertise in security best practices.
• Performing threat modeling, architecture reviews, and application testing ensuring critical vulnerabilities are identified, communicated to team members, and driving delivery of mitigations.
• Developing and delivering security training to software engineers.
• Researching emerging technologies and maintaining awareness of current security risks in support of security enhancement and development efforts.
• Coordinating around, participating in and managing information security projects.
• Implementing tools to test and enforce application security policy as part of DevSecOps pipeline
• Using appropriate interpersonal styles and subject matter knowledge to partner, gain trust and influence across the organization.
• Delivering best in class customer service to internal customers
• Playing a senior role in design, development, quality and operations of services owned by the team partnering across product management, architects and operations.
• Mentor software engineers, security engineers and evangelize security initiatives.

We’re excited about you if you have:

• Experience in AWS(Amazon Web Services), Containers(Dockers/Kubernetes), Microservice architectures, past DevOps/Software engineering experience.
• Experience with security testing tools such as Kali, Snyk, Checkmarx, GoSec, Burp Suite, OWASP ZAP, etc.
• Proficiency with application pen testing and vulnerability assessments

An ideal candidate may also have:

• Programming experience in Go, Python, Java, JavaScript, Ruby etc.
• Familiarity on Frameworks such as Ruby on Rails, Java Spring Boot etc..
• Strong communication skills and desire to collaborate across teams
• Demonstrated ability to ship production-quality software in a dynamic environment
• Experience working with firmware and hardware security
• Familiarity with data privacy regulations and compliance
• OSCP, OSWE, SANs, AWS Security Speciality Certification, Certified Kubernetes Security Specialist (CKS).
• Experience with threat modeling and attack surface design 

About our team:

Our IT Security Engineering Team works alongside our teams in Systems, Monitoring, Application Engineering, and Network Engineering to deliver top notch and secure infrastructure and automation solutions. We are experts in the IT security field, but are also well-versed in applications, development life cycles, and automation techniques. We have passionate debates about technology with consensus in solutions, flexible team structures, an irrelevance of title in problem solving, and a desire to Do The Right Thing.

Enova currently uses a multitude of Application Security tools such as Checkmarx, Snyk, Burp Suite Pro, Anchore Container Security, AWS (GuardDuty, SecurityHub), GoSec. Our server and application platform primarily runs on Vmware and several workloads exist in Amazon, with plans to expand services into the cloud.

#LI-RC1

Benefits & Perks:

• Flexible work schedule (In-office T/W/Th and remote M/F for hybrid-eligible roles)
• Health, dental, and vision insurance including mental health benefits
• 401(k) matching plus a ROTH option (U.S. Based employees only)
• PTO & paid holidays off
• Sabbatical program (for eligible roles)
• Summer hours (for eligible roles)
• Paid parental leave
• DEI groups (B.L.A.C.K. @ Enova, HOLA @ Enova, Women @ Enova, Pride @ Enova, South Asians @ Enova, APEX @ Enova, and Parents @ Enova)
• Employee recognition and rewards program
• Charitable matching and a paid volunteer day…Plus so much more!

About Enova

Enova International is a leading financial technology company that provides online financial services through our AI and machine learning-powered Colossus™platform. We serve non-prime consumers and businesses alike, while offering world-class technology and services to traditional banks—in order to create accessible credit for millions. 

Being a values-driven organization is at the core of Enova’s success. We live our values by listening to our customers, challenging assumptions, thinking big, setting high expectations, and hiring and developing the best. Through our values and our commitment to making Enova an awesome place to work, we maintain an environment of inclusion and culture where our employees can thrive. You can learn more about Enova’s values and culture here. 

It is our policy to provide equal employment opportunity for all persons and not discriminate in employment decisions by placing the most qualified person in each job, without regard to any other classification protected by federal, state, or local law. California Applicants: Click here to review our California Privacy Policy for Job Applicants.