Security Analyst - Application Security (Remote)

Progressive Leasing is a leading provider of in-store and e-commerce lease-to-own solutions. As an almost 20+ year old FinTech company that has gone from start-up to industry leader, we know how to innovate, simplify, and value all people. We are a company founded on our grit and we are constantly looking to the future. As an ever-evolving group of entrepreneurs and technologists, we strive to do the right thing period in all aspects of our work. We are a subsidiary of PROG Holdings (NYSE: PRG), an exciting FinTech holding company, with three business segments including Progressive, Vive Financial, and Four, a Buy Now Pay Later (BNPL) platform.

We are currently looking for a high-powered Security Analyst to join our team!

The Security Analyst position supports our application security team for the purpose of threat and vulnerability management within PROG developed applications and web application infrastructure. This role will be focused on confirming security scans are being run regularly, automated tickets are being accurately maintained, reviewing reported false positives, responding to occasional security-related pipeline roadblocks, and ensuring engineering teams have the information necessary to remediate reported findings. Documentation, technical aptitude, and knowledge growth are key components of this role. 

This position reports to the Director, Information Security and is fully remote, requiring home office space. 

YOUR DAY-TO-DAY:

• Assist in the support and documentation of DAST, IaC, SAST, and SCA solutions, including operational processes 

• Support security and technology operations to maintain availability and security of deployed applications  

• Support the operation of vulnerability scanning 

• Support the engineering staff in the investigation and remediation of vulnerabilities 

• Provide AppSec support for Security Operations and Incident Response 

YOU'LL BRING:

• Knowledge of threats to include common attack vectors, methodologies and payloads/exploits 

• Knowledge of the OWASP Top Ten and OWASP API Top Ten Projects. 

• Ability to troubleshoot complex applications 

• Base application programming knowledge desired 

• Strong interdepartmental communication skills 

• Operational experience with security scanning, using tools like BrightSec, Mend, and Snyk 

• Operational experience with security automation using Python 

• Operational experience configuring and managing virtual and AWS cloud-based environments 

• Knowledge of Information Security program development, and roadmap design aligned to security policies, standards, guidelines, etc. 

• Knowledge of penetration testing methodologies and practices 

• Knowledge of forensic practices and procurement processes 

• Working knowledge of ITIL including incident, problem, and change management 

ADDITIONAL REQUIREMENTS:

• AA/AS combined with 1+ years of overall application security experience and/or application development experience 

Progressive Leasing welcomes and encourages diversity in the workplace. We do not discriminate in any aspect of employment on the basis of race, color, religion, national origin, ancestry, gender, sexual orientation, gender identity and/or expression, age, veteran status, disability, or any other characteristic protected by federal, state, or local employment discrimination laws where Progressive Leasing does business.