About The Role
The Application Security Engineer is responsible for driving secure software development and testing practices with thegoal of protecting SoFi’s commercial and internal applications and data. The candidate must be able to collaborate withsolution architects, developers, testers, product managers and R&D leaders to perform security assessments, design and code reviews, threat modeling, testing and training in order to prevent, identify, analyze and remediate any existing or potentially emerging security defects throughout the software development lifecycle. The ideal candidate will be a thought leader, an innovator, self-motivated and a driver.
By joining SoFi, you’ll become part of a forward-thinking company that is transforming financial services. Ranked as one of the fastest growing fin tech companies, we look forward to having strong talents joining our team. We offer theexcitement of a rapidly growing startup with a strong leadership team.
As a direct report to the Software Engineer Manager, and dotted line to the Chief Information Security Officer, you willhave the following responsibilities:
- Partner with enterprise and solutions architects, software engineers, DBAs and QA engineers to ensure adequate security processes and tools are in place throughout to mitigate identified risks to an acceptable level, and to meet business objectives and regulatory requirements;
- Based on your own strong software development background with prominent web development languages and frameworks, provide security advice to development and testing teams;
- Provide expert-level guidance to business analysts, testers, and development teams during internal and external application security assessments. Must be able to identify, re-create, and remediate security defects;
- Provide training for development and QA teams on how to implement security into their existing practices;
- Implement and execute a threat modeling program for the enterprise;
- Prioritize and track security issues and work with the necessary teams to ensure remediation;
- Serve as a leader by promoting security awareness, mentoring other team members, and staying up-to-date oncurrent software development technologies and security controls;
- Embrace a culture of continuous service improvement and service excellence; and
- Stay current on security trends related to threats, vulnerabilities and secure software development.
- Bachelor's degree in computer science or a related field required; 5+ years of enterprise software development experience with 3+ years of application security experience.
- Strong understanding of agile development practices, and how to integrate security into those practices.
- In-depth knowledge of common web application security flaws and secure coding practices, and the ability to clearly explain security issues to project and development staff;
- Experience with using security testing tools Nessus, Burp
- Knowledge of Docker, Kafka,
- Excellent oral and written communication skills to effectively interact with internal and external customers and department staff, as described above.
- High level of analytical, planning and organizational ability.
- Ability to effectively communicate with others, performs work in a team environment, and relay necessary information as appropriate.
- Security certifications (e.g., CISSP, CSSLP, CEH or relevant SANS GIAC) desired.
- Catered lunches or the equivalent for employees who work in a SoFi office, a fully stocked kitchen, and subsidized gym membership.
- Competitive salary packages and bonuses.
- A flexible vacation policy allows you to truly relax and reboot.
- Comprehensive health, vision, dental, and life insurance as well as disability benefits.
- 100% of health, vision, and dental premiums paid by SoFI for employees and their dependents.
- 401(k) and education on retirement planning. ?
- Tuition reimbursement on approved programs, up to $5,250 a year.
- Monthly contribution to help you pay off your student loans.