the smart solution for Portland jobs

Senior Application Security Engineer

Company: Simple Finance Technology Corp
Location: Portland
Posted on: February 16, 2019

Job Description:

The Company:We're a tech company that's changing how people bank and think about their finances. We value empathy, curiosity, craft and efficacy. Our mission is to help people feel confident with their money. We do that by bringing humanity, elegance and ease to the consumer banking experience. And we make banking beautiful.The Job:As an engineer on the Product Security team, you'll be responsible for making sure that the products that Simple ships to our customers are secure. Safety isn't a static, unchanging concept. Rather, a safe product is well-designed, has had a lot of craft put into its' design and delivery, and is unlikely to have critical security vulnerabilities.On a day to day basis you will be working closely with our software engineers and other product security engineers to help impact design decisions and correct security flaws as they are found. You will also conduct in-house penetration testing and code-reviews of Simple applications and platform and develop and integrate automated solutions for conducting these tests.This is a experienced-level position with a high degree of autonomy - you will tackle and manage high-level security tasks in using processes that you have input in creating and maintaining. You will work closely with a variety of engineering disciplines, and will need to communicate effectively and be productive in an environment working with other engineers.The Team: We believe strongly in metrics, testing, continuous integration, and working fluidly and harmoniously with our engineering and product teams. We take security very, very seriously.About You: You will be successful in this role if you are passionate about security and continuously seek ways to improve your craft. You believe that security is more of a concept than an organization and it is your mission to foster that culture across team boundaries. You have long term plans to eliminate risk and are able to seek out the highest value mitigations first. You are able to demonstrate easily whether something is vulnerable or not and educate your peers on the best methods for mitigation.What You'll Do All Day:

  • Perform security assessments of existing and newly developed Simple features and products. Clearly communicate identified vulnerabilities and identify new assessment techniques to prevent them in the future. Document comprehensive reports on the assessment effort and discovered vulnerabilities.
  • Review and triage bug bounty submissions, reproduce vulnerabilities, determine and execute appropriate payouts.
  • Leverage automated security analysis tools and integrate them within our development workflow. Work to improve the accuracy and coverage of these tools.
  • Participate in threat modeling with engineers and product teams.
  • Provide consultation to engineering teams on technical security decisions including architecture, design, code, testing strategy, and triage of security bugs.
  • Provide training to engineering on relevant security topics including facilitation of capture the flag events and/or monthly training lunch and learns.
  • Participate in on-call rotation and respond to security-related incidents.We'd Like To See:
    • Knowledge of security flaws and their resolution as listed in sites like OWASP, SANS, etc.
    • Experience with secure application architecture, design, development, code review, and penetration testing of web and mobile applications
    • Experience developing automated security testing solutions with the ability to integrate into engineering tools such as Github, Jenkins, or other continuous integration tools.
    • Proficiency with at least one programming language, such as Python or Ruby.
    • Experience with JVM based languages
    • Familiarity with cloud security, especially as it relates to AWS.
    • Understanding of cryptography, including protocols, key management, encryption and hashing methods.
    • Experience writing vulnerability reports and communicating their technical details and security impact to developers and management.
    • Experience with security and engineering tools such as Burp Suite, sqlmap, wireshark, Apache mod_security or other WAF solutions, Threat Stack, Jenkins, and Git.
    • Experience managing bug bounty programsDetails:We recognize the dire lack of diversity in our industry, and we're not okay with it. We actively seek to address it with our hiring and retention processes, as well as our office culture. If you're on the fence about whether you're a fit, we say go for it, and apply!Why Simple's a Great Place to Work:
      • Based in Portland, Oregon-- a beautiful place to live and work (or just see in the background if you work remotely).
      • Competitive salary and benefits package.
      • A supportive and nurturing place to work. We actively consider how we can improve employees' quality of life--both inside and outside the office.
      • Committed to hiring quality human beings. Simple is a place where others will watch out for you and help you learn. We actually like and respect each other.
      • We give a damn about what we do, both as individual contributors and as a company on a mission to change banking. We're passionate and nerdy about our work; in fact we're kind of that way about things outside of work, too.In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire. Email our team at if you need an accommodation in the application process.A background check will be required for this opportunity.Simple provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability,--- or genetics. In addition to federal law requirements, ---Simple ---complies with all ---applicable state and local laws governing nondiscrimination in employment in every location in which the company has ---employees. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.By submitting this application, you certify that the facts contained in your application are true and complete to the best of your knowledge. If you are employed, false statements on your application will be grounds for termination. - provided by Dice Security, JVM

        Keywords: Simple Finance Technology Corp, Portland , Senior Application Security Engineer, Engineering , Portland, Oregon

        Click here to apply!

        Didn't find what you're looking for? Search again!

        I'm looking for
        in category

Other Engineering Jobs

Senior Front End Engineer
Description: We are looking for a talented Senior Frontend Engineer to join our software dev team InsideTrack is passionate about student success. Since 2001, we have been dedicated to partnering with colleges and (more...)
Company: InsideTrack
Location: Portland
Posted on: 02/16/2019

Quality Engineer
Description: Title: Quality Engineer Location: Portland, OR Type: Direct Hire Job: DM IGNW is an engineering-based resourcing company with offices in Portland/OR, Seattle/WA and Austin/TX. We have global partnerships (more...)
Company: InfoGroup Northwest
Location: Clackamas
Posted on: 02/16/2019

Chassis Mechanic
Description: Job Title Chassis Mechanic Employee Type Employee Requisition Primary Location Portland, Oregon Job Description Who Are We WASTE CONNECTIONS, Inc. NYSE: WCN is not only the best waste services company (more...)
Company: Waste Connections
Location: Portland
Posted on: 02/16/2019

Machine Learning Engineer
Description: Indeed Prime is a free service that connects qualified job-seekers that's you with top companies hiring tech roles.With one application you can be considered for thousands of tech roles from leading (more...)
Company: Indeed Prime
Location: Portland
Posted on: 02/16/2019

Senior Platform Engineer
Description: Job ID: 38713 Not able to use 3rd Party Agencies br br Senior Platform Engineer br br Our client is seeking a Senior Platform Engineer to join their dynamic team in Hillsboro, OR. Our client (more...)
Company: VanderHouwen
Location: Hillsboro
Posted on: 02/16/2019

Dynamics CRM Solutions Engineer
Description: All resumes will remain strictly confidential. US Citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor visa's at this time.JOB OVERVIEW: ul li Provide (more...)
Company: Triad Technology Group
Location: Portland
Posted on: 02/16/2019

Azure DevOps Engineer Rate-Open, Duration: 18 Months
Description: Centizen Inc. is a global IT solutions and consulting firm focused on delivering scalable--- solutions that address complex business problems of our clients. We provide above market salaries and benefits. (more...)
Company: Centizen
Location: Beaverton
Posted on: 02/16/2019

Engineering Technician I (Materials Only)
Description: Job Description General Responsibilities: Perform field and/or laboratory testing, observation, and inspection of construction materials e.g. soils, aggregates, concrete, asphalt, and steel . Communicate (more...)
Company: Terracon
Location: Portland
Posted on: 02/16/2019

Diesel Mechanics Career Fair!
Description: Diesel MechanicDiesel Mechanic---s keep our customers on the road by providing light mechanical repairs to drivers. You---ll also help your manager keep things flowing. We take a lot of pride in delivering (more...)
Company: Love's Travel Stops & Country Stores
Location: Aurora
Posted on: 02/16/2019

Full Stack Engineer
Description: Job Description Our client is a consulting firm with clients across the Portland metro area. You will be assigned to clients as needed. This position will start with a 2-year contract project on site (more...)
Company: Data Resource Group
Location: Beaverton
Posted on: 02/16/2019

Log In or Create An Account

Get the latest Oregon jobs by following @recnetOR on Twitter!

Portland RSS job feeds