Senior Application Security Engineer

Overview

Company Overview

Headquartered in Atlanta, Georgia, GreenSky is a leading U.S. financial technology company Powering Commerce at the Point of Sale® for a growing ecosystem of merchants, consumers, and banks. Our highly scalable, proprietary, and patented technology platform enables merchants to offer frictionless promotional payment options to consumers at the point-of-sale, driving increased sales volume and accelerated cash flow. Banks leverage our technology to provide loans to super-prime and prime consumers nationwide. Since our inception over five million U.S. consumers have financed more than $41 billion in commerce through our paperless, real time “apply and buy” technology.

Position: Sr. Application Security Engineer

Location: Atlanta or Remote US

Position Overview

GreenSky is looking for a versatile application security engineer to support the security engineering team and enhance our security capabilities. The ideal candidate will have a strong background in software development, excellent problem-solving skills, and the ability to work collaboratively with cross-functional teams. As a Senior Application Security Engineer, you will be responsible for designing, developing, and maintaining the application security program, tools and capabilities to ensure the security and integrity of our software solutions. This role will also involve conducting threat modeling to identify potential security risks and implementing automation to enhance the efficiency and reliability of our security processes. Additionally, you will be responsible for integrating security best practices into the development lifecycle and staying up to date with the latest security trends and technologies.

Duties & Responsibilities

Responsibilities:

• Implement and oversee various security technologies, including Web Application Firewalls (WAF), Static/Dynamic/Interactive Application Security Testing, penetration testing tooling, and other threat detection systems.
• Collaborate with product managers, designers, and other engineers to deliver high-quality software solutions
• Leverage cloud native, open source and commercial tools to mature application security capabilities and drive automation
• Build detections and dashboards as needed in the SIEM and assistant in technical investigations when incidents occur
• Participate in code reviews and provide productive feedback to team members.
• Conduct threat modeling to identify potential security risks
• Focus on driving security efficiencies, enabling security team members to work on more advanced tasks.
• Integrate security best practices into the development lifecycle
• Identify gaps in current capabilities and drive efforts to close the gaps
• Maintain up-to-date level of knowledge related to security threats, vulnerabilities and mitigations set forth to reduce attack surface

Required Skills/Qualifications

Required Skills/Qualifications:

• 5+  years of experience in application security related fields
• Experience in detecting, analyzing, and resolving vulnerabilities in web applications, APIs, and mobile applications.
• Strong knowledge and experience with secure coding practices
• Up-to-date understanding of application security weaknesses for various technologies including web applications, databases, and multi-tier applications
• Familiarity with DevSecOps methodologies and the integration of security into CI/CD pipelines using tools like GitLab and Jenkins
• Experience with threat modeling, design reviews, risk analysis and control design
• Ability to analyze event and incident logs and work with SOC and IR teams to assess security events related to malware, vulnerabilities, and exploits
• Experience and proficiency in at least one programming language and framework (Java, Python, Ruby)
• Extensive expertise in network security, as well as authentication and authorization mechanisms

GreenSky is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.