Application Security Engineer

Engineering Salt Lake City, Utah Helena, Montana


Who we are

Welcoming, collaborative and having the opportunity to make an impact - is how our employees describe working here.  Galileo is a financial technology company that provides innovative and revolutionary software products and services that power some of the world's largest Fintechs. We are the only payments innovator that applies tech and engineering capabilities to empower Fintechs and financial institutions to unleash their full creativity to achieve their most inspired goals. Galileo leads its industry with superior fraud detection, security, decision-making analytics and regulatory compliance functionality combined with customized, responsive and flexible programs to accelerate the success of all payments companies and solve tomorrow's payments challenges today. We hire energetic and creative employees while providing them the opportunity to excel in their careers and make a difference for our clients. Learn more about us and why we work here at  

The role

The Application Security Engineer is responsible for driving secure software development and testing practices with the goal of protecting Galileo’s commercial and internal applications and data. The ideal candidate comes with a strong background in application development and information security while demonstrating the ability to grow and thrive in a fast paced environment.

As a member of the Security team, you will be part of a group of highly skilled engineers tuned-in to threat research and technical innovation. You will work closely with the engineering teams and other business functions to tackle complex technical problems and build secure products.

What you’ll do:

  • Partner with software engineers, DBAs and QA engineers to ensure adequate security processes and tools are in place throughout to mitigate identified risks to an acceptable level, and to meet business objectives and regulatory requirements;
  • Based on your own strong software development background with prominent web development languages and frameworks, provide security advice to development and testing teams;
  • Provide expert-level guidance to business analysts, testers, and development teams during internal and external application security assessments. Must be able to identify, re-create, and remediate security defects;
  • Provide training for development and QA teams on how to implement security into their existing practices; 
  • Help to develop a security mind amongst the engineering teams;
  • Implement and execute an application-level threat modeling program for the enterprise;
  • Prioritize and track security issues and work with the necessary teams to ensure remediation;
  • Serve as a leader by promoting security awareness, mentoring other team members, and staying up-to-date on current software development technologies and security controls;
  • Embrace a culture of continuous service improvement and service excellence

What you’ll need:

  • Bachelor's degree in computer science or a related field.
  • 5+ years of enterprise software development experience.
  • 3+ years of application security experience.
  • 3+ years of experience with Python or other scripting languages.
  • 3+ years of experience with Java (or another Object-Oriented Programming language).
  • Experience with using security testing tools.
  • Deep understanding of OWASP Top 10 recommendations and how to implement them.
  • Experience in UNIX/Linux operating systems administration.
  • Experience with real world implementation of secure coding practices.

Nice to have:

  • Familiarity with at-scale services.
  • Familiarity with Docker and kubernetes.
  • Familiarity with relational databases.
  • Familiarity with cloud security and best practices.
  • Familiarity with security standards such as PCI DSS, ISO 27001, NIST SP 800-53, CIS CSC, etc.
  • Experience working with identity and access control management solutions.
  • Familiarity with infrastructure security best practices.
  • Experience working with a distributed team.
  • Experience with the creation and development of a functional red team.

Why you’ll love working here

Galileo offers market competitive salaries, covers 100% of your family's medical premiums and provides a true work/life balance.  Each employee receives a generous bank of PTO each year as well as 11 paid holidays.  Additionally, Galileo offers humanitarian PTO to each employee to participate in global volunteer projects as part of The Galileo Foundation. Did we mention reimbursement for applicable professional development including tuition and certifications?  If you are looking for a leading edge technology environment with a positive and rewarding culture, join the Fintech revolution.  Join Galileo!

SoFi does not seek salary history information from job applicants

Galileo Financial Technologies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law