Senior Application Security Engineer
Who we are:
SoFi is a digital personal finance company whose mission is to help its members achieve financial independence to realize their ambitions, whether that be to buy a house one day, start a family on their own terms or be debt free. We aim to be at the center of our members’ financial lives, and to help every member Get Their Money Right®. By joining SoFi, you’ll become part of a forward-thinking company that is transforming financial services by embracing technology to build innovative loan products, investment tools, and more. One of the fastest growing fintech companies, we’ve grown from 250 employees in 2015 to over 1,500 employees today, and are well on our way to reaching 1 million members. With offices across the US, we offer the excitement of a rapidly growing startup with the stability of a seasoned management team and some of the best talent around. As an employer, we strive to hire employees who are committed to both our company’s mission and our desire to build the best culture in the world. If you are driven, passionate about what you do, and excited about the SoFi mission, we would love to hear from you.
SoFi is a mission driven company where we are laser focused on helping our members get their money right. We’re doing this by providing a set of game changing capabilities for our members across a broad set of financial products that our members use daily -- moving from a high pressure, transaction based sales relationship to a mutually beneficial, incentive-aligned lifetime relationship. We are looking for a talented Senior Application Security Engineer who’s both excited about this mission and about using technology to help make our member’s financial lives better.
SoFi is seeking an experienced Senior Application Security Engineer to further its Security program. The ideal candidate comes with a strong background in application development and information security. The Senior Application Security Engineer is responsible for driving secure software development and testing practices with the goal of protecting SoFi's commercial and internal applications and data. The ideal candidate will demonstrate the ability to grow and thrive in a fast paced environment. The ideal candidate will also demonstrate the ability to help mentor and grow the more junior members of the team.
As a member of the Security team, you will be part of a group of highly skilled engineers tuned-in to threat research and technical innovation. You will work closely with the engineering teams and other business functions to tackle complex technical problems and build secure products.
What you’ll do:
- Partner with software engineers, DBAs and QA engineers to ensure adequate security processes and tools are in place throughout to mitigate identified risks to an acceptable level, and to meet business objectives and regulatory requirements;
- Based on your own strong software development background with prominent web development languages and frameworks, provide security advice to development and testing teams;
- Provide expert-level guidance to business analysts, testers, and development teams during internal and external application security assessments. Must be able to identify, re-create, and remediate security defects;
- Provide training for development and QA teams on how to implement security into their existing practices;
- Help to develop a security mind amongst the engineering teams;
- Implement and execute an application-level threat modeling program for the enterprise;
- Prioritize and track security issues and work with the necessary teams to ensure remediation;
- Serve as a leader by promoting security awareness, mentoring other team members, and staying up-to-date on current software development technologies and security controls;
- Embrace a culture of continuous service improvement and service excellence
What you’ll need:
- Bachelor's degree in computer science or a related field.
- 5+ years of enterprise software development experience.
- 3+ years of application security experience.
- 3+ years of experience with Python or other scripting language.
- 3+ years of experience with Java (or another Object-Oriented Programming language).
- Experience with using security testing tools.
- Deep understanding of OWASP Top 10 recommendations and how to implement them.
- Experience in UNIX/Linux operating systems administration.
- Experience with real world implementation of secure coding practices.
Nice to have:
- Familiarity with at-scale services.
- Familiarity with Docker and kubernetes.
- Familiarity with relational databases (MySQL or Postgres).
- Familiarity with cloud security and best practices.
- Familiarity with security standards such as PCI DSS, ISO 27001, NIST SP 800-53, etc.
- Experience working with identity and access control management solutions.
- Familiarity with infrastructure security best practices.
- Experience working with a distributed team.
- Experience with the creation and development of a functional red team.
- Security certifications (e.g., CISSP, CEH or relevant SANS GIAC).
Why you’ll love working here:
- Competitive salary packages and bonuses
- Comprehensive medical, dental, vision and life insurance benefits
- Generous vacation and holidays
- Paid parental leave for eligible employees
- 401(k) and education on retirement planning
- Tuition reimbursement on approved programs
- Monthly contribution up to $200 to help you pay off your student loans
- Great health & well-being benefits including: telehealth parental support, subsidized gym program
- Employer paid lunch program (except for remote employees)
- Fully stocked kitchen (snacks and drinks)
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records