Application Security Engineer

April 11, 2024

Apply Now

Receive Emails with Similar Jobs

ONE

WebsiteLinkedInAll Job Openings

ONE is a financial technology company that focuses on providing innovative banking services through a mobile application. Although not a traditional bank, ONE offers various banking services in partnership with Coastal Community Bank. The company's offerings include cash back rewards, credit building tools, early direct deposit options, and high-yield savings accounts. ONE also features a digital wallet for shopping benefits, especially at Walmart. With an emphasis on user-friendly online banking, ONE aims to help customers take control of their credit, manage their finances, and earn rewards without the typical fees associated with traditional banks.

201 - 500 employees

💳 Fintech

📋 Description

• As an Application Security Engineer, you'll be responsible for ensuring that One delivers secure and reliable applications at scale. By partnering with engineers to build security into the product from the ground up, creating engineering tools and workflows that test and validate artifacts, and actively developing security frameworks, you’ll be the champion of modern Application Security Engineering at One and have a direct impact on the security of all of our products. You’ll provide subject-matter expertise to product teams regarding security best practices, optimize our secure coding practices, and use offensive security techniques to harden our environment and help improve our overall security practices.

🎯 Requirements

• 4+ years of experience in security engineering, DevSecOps, and application development. • Excellent knowledge of the CVSS, MITRE ATT&CK, and OWASP Top 10. • Proficiency in TypeScript. • Practical understanding of AWS and its core services (VPC, EC2, RDS). • Demonstrated experience in modern application architecture and deployment practices. • Experience with Library/API/Framework development. • Experience with integrating security scanning tools with CI/CD, Web Application pentesting, fuzzing and DAST. • Expertise in verifying and measuring common security vulnerabilities, and demonstrated ability to communicate these concepts to technical and non-technical partners. • Exposure to most of the following technologies: AWS, iOS, Android, Vault, Kubernetes, PKI, React, GraphQL, and Datadog. • Knowledge of cryptography including algorithms, standards, and their practical applications such as x.509 certificates. • Experience defining security architecture patterns and standards. • Proficiency in modern security evaluation tooling (Burp, Wireshark, Kali et al.) • Preferably, understanding of regulatory compliance concerns (GLBA, CCPA, PCI). • The Triple H Factor: Humble, Hungry and Honest.

🏖️ Benefits

• Competitive cash • Benefits effective on day one • Early access to a high potential, high growth fintech • Generous stock option packages in an early-stage startup • Remote friendly (anywhere in the US) and office friendly - you pick the schedule