Software Security Engineer

Engineering Remote, United States


Description

ABOUT GOODLEAP

We provide friendly financing options for those who dream of living a more sustainable lifestyle and want to save money using modern technology. Our collective mission is to make a positive impact on the planet, build lasting relationships with our valued partners and customers, and deliver a tech-enabled financing experience that is simple, fast, and frictionless.

We are creating a financial ecosystem that connects billions of dollars of capital to millions of homeowners that want to convert their outdated houses into modern, smart, energy-efficient homes. By unlocking access to numerous products that help people achieve better sustainability, we are revolutionizing the home improvement industry and protecting our only planet.

As part of our world-positive initiative, we are also the official sponsor of GivePower – a foundation that uses solar-based solutions to power life’s basic needs for people in developing regions of the world.

If you have an unstoppable desire to make a meaningful impact on our planet, and help mission-driven businesses and consumers achieve a more sustainable future, join us.

Learn more about our perks and culture! 

  • Competitive pay
  • Comprehensive benefits package
Position Summary

Responsible for helping the development teams secure their code. Your role will include threat modeling, code review, triaging vulnerabilities and managing tools including SAST, SCA, IAST, and DAST. You’ll work closely with software engineers, process engineers, architects, and others to help integrate security best practices into their development, build and test processes to ensure consistent application of security controls. You’ll also help prioritize vulnerability mitigations according to risk so the engineering team is focused on the tasks that provide the best security ROI.

Essential Job Duties & Responsibilities
  • Evaluate the security of code, native sites, mobile apps, and APIs; where issues are discovered, work cross-functionally to prioritize resolution/mitigation.
  • Conduct security risk assessments. 
  • Perform manual security testing of native sites, mobile apps, and APIs.
  • Assist teams with the integration of Secure Development activities into automated CI/CD pipelines following a Secure Software Development Framework (SSDF) model.
  • Consult with engineering teams on secure coding practices.
  • Serves as a subject matter expert (SME) on Software Security.
  • Participate in design, planning and architecture sessions with engineering management, architects, operations, and development teams.
  • Perform Threat Modeling, Security Architecture review, and Static/Dynamic Application Security Testing.
  • Provide mentorship and guidance throughout engineering team and share an in-depth understanding of the company and industry methodologies, policies, standards, and controls.
  • Help with the effort to secure our code and running applications.

Required Skills, Knowledge & Abilities 
  • Understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.
  • Experience with standard security assessment and testing tools (code and application scanners)
  • Software development experience in one of the following core languages: TypeScript, JavaScript and C#/.NET
  • Proven ability to combine business acumen, technical acumen, and process expertise to assess requirements and alignment.
  • Demonstrated ability to use multiple avenues of communication (verbal, written, ticketing, messaging, etc.).
  • Ability to prioritize, manage, and deliver on multiple tasks simultaneously and ability to partner with management in support of key initiatives and projects.
  • Strong bias toward action, flexible, resourceful, and able to operate effectively and independently within a dynamic, agile, and fast-paced environment.
  • CSSLP, GWEB, GSSP, CASS, CEH, CISSP or comparable certifications are a plus

Additional Information Regarding Job Duties and Job Descriptions

Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law.

If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you!  Apply today!


*GD