Application Security Engineer
WHO WE ARE:
Freedom Financial Network is a family of companies that takes a people-first approach to financial services, using technology to empower consumers to overcome debt and create a brighter financial future. The company was founded in 2002 by Brad Stroh and Andrew Housser on the belief that by staying committed to helping people, you can ensure better financial outcomes for both the customer and the business. This Heart + $ philosophy still guides the vision of our growing company, which has helped millions of people find solutions for their financial needs.
What began with 2 people in a spare bedroom has now rapidly expanded to a vibrant business that employs over 2,200 employees (known internally as The Freedom Family) in two locations: San Mateo, CA and Tempe, AZ. When you visit either of our offices, you’ll understand why our employees have voted us the Best Place to Work for the last several years. It’s a place where the Heart + $ philosophy continues to thrive, where we believe that success is only achieved by doing what’s right for our customers, our employees, and our communities.
In order to create brighter futures for our clients, employees, and businesses, Freedom Financial Network holds itself to four core values that have grown out of our Heart + $ philosophy: to care for everyone around us, act with integrity every time, collaborate with everybody we work with, and get better at what we do every day.
The Application Security Engineer is a technical expert concerned with analyzing software designs and implementations from a security perspective, working to identify and resolve security issues both directly and in partnership with development teams. You will both develop and leverage appropriate security analysis, defenses, and countermeasures at each phase of the software development life-cycle in an Agile CI/CD environment.
With a focus on both internal and external facing systems, the Application Security Engineer envisions, designs, specifies, implements, and monitors those controls that integrate with our development pipelines to secure code and application releases. The Engineer also fosters automated integration and inter-operability across multiple vendors’ security appliances; this integration is not just between those appliances that are deployed within Freedom Financial Network production systems, but also between those internal devices connected to outside parties.
- Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools
- Systematically address application security issues and develop secure coding practices for multiple development teams
- Integration of application authentication, encryption, authorization, and access control
- Provide mitigation strategies for applications from infrastructure, architecture, and secure coding perspectives
- Utilize application security scanning tools such as Rapid7 to interpret reports and validate identified vulnerabilities and associated risks
- Utilize source code scan tools such as Veracode, Checkmarx, or SonarQube to assist application development teams to apply the best practice for application security and catch potential vulnerabilities at early stage
- Proactively work with team members to address security and compliance issues
- Provide education and assistance to application developers for applying Security Software Development Life Cycle
- Collaborate with development teams to prioritize and remediate vulnerabilities throughout the application life-cycle
- 5 + years of enterprise systems security experience with emphasis on application development
- Ability to identify problems, analyze data and present conclusions effectively
- Experience with Security Information Event Management (SIEM) tuning and reporting
- Solid understanding of Vulnerability Management, including an understanding of the process and activities required in vulnerability scanning, identification and reporting through to vulnerability remediation efforts
- Knowledge of frameworks, standards, and best practices (i.e. NIST, OWASP, PCI, ISO, COBIT,)
- Experience working with any/all of these web concepts: Flux, REST, JSON, JWT, and Swagger
- Experience working with SQL and NoSQL
- Familiarity with tools like Node.js, React, Spring boot, Angular, etc
- Experience with Google Cloud Platform is highly preferred
- Experience with Docker and/or Kubernetes is highly preferred
- CISSP, CEH, CISM or similar certifications
- Critical Thinking -- Using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
- Active Listening -- Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times.
- Writing -- Communicating effectively in writing as appropriate for the needs of the audience.
- Skilled at communicating and prioritizing threats and vulnerabilities to a diverse audience, and be able to confidently express and assist with proper remediation methods
CULTURAL FIT (Our Core Values):
- Care (for everyone): We show compassion and contribute to the well-being and growth of those around us. We only pursue products that improve the financial lives of our clients.
- Act with Integrity (every time): We take the right action even when it is hard and even when no one is watching. We treat our employees, clients, and communities the way they wish to be treated.
- Get Better (every day): We innovate, iterate, and improve each day. We are creative, take thoughtful risks, and ultimately learn and recover from failures.
- Collaborate (with everybody): We strive to work together toward a common purpose by proactively sharing information and inviting participation. We recognize the perspective of various groups and embrace healthy, constructive debate.
WHY JOIN THE FREEDOM FAMILY?
- Fast, continued growth – there’s a lot of opportunity for advancement
- Voted a Phoenix Best Place to Work 9 times by our employees including the #1 spot for 2 years in a row!
- Benefits start within 30 days
- 401k with employer match
- 3 weeks’ paid vacation (increased with tenure)
- 9 paid holidays & 5 sick days
- Paid time off for volunteer work and on your birthday
Attention Agencies & Search Firms: We do not accept unsolicited candidate resumes or profiles. Please do not reach out to anyone within Freedom Financial Network (FFN) to market your services or candidates. All inquiries should be directed to Talent Acquisition only. We reserve the right to hire any candidates sent unsolicited and will not pay any fees without a contract signed by FFN’s Talent Acquisition leader.