Senior Application Security Engineer - Hybrid

Senior Application Security Engineer - Hybrid Irving, Texas, United States · New York, New York, United States Octane offers instant financing to fuel your lifestyle. Get instant finance offers with no impact to your credit. Octane is revolutionizing recreational purchases by delivering a seamless, end-to-end digital buying experience. We connect people with their passions by combining cutting-edge technology and innovative risk strategies to make lifestyle purchases - like powersports vehicles, RVs, and OPE - fast, easy, and accessible. Octane is seeking an experienced Application Security Engineer to lead and enhance our application security initiatives. This role will focus on integrating robust security measures into the software development lifecycle, conducting security assessments, and guiding development teams in identifying and mitigating application security risks. You will play a critical role in securing our applications, microservices, and infrastructure, while also fostering a security-first mindset across teams. This is a hybrid role based in our Dallas/Irving, Texas or NYC office. Responsibilities: Review, design and integrate security into the Software Development Lifecycle processes Perform manual and automated security assessments against Octane applications, microservices, and application components Perform threat modeling and risk assessments on existing and proposed projects Analyze existing processes and technologies used by development, data and product teams and embed security practices Partner with development and QA teams to ensure application security risks are identified and mitigated using appropriate security controls Test applications for security vulnerabilities using SAST/DAST/SCA solutions Provide pragmatic recommendations to remediate security concerns in the code and misconfigurations Triage and prioritize security incidents as needed as part of the incident response processes Own application security education and training across development, data and QA teams Requirements: Master's / Bachelor's degree in Cybersecurity/Engineering preferred or significant relevant equivalent experience 5+ years of experience in Information Security, preferably application security and incident response experience GIAC Certified Web Application Penetration Tester (GWAPT) and/or GIAC Certified Web Application Defender is preferred Familiar with processes such as threat intelligence, threat hunting, incident response and other threat & vulnerability processes Strong knowledge and understanding of application development frameworks and processes (prefer past experience as a full-stack developer) Experience in identifying application security vulnerabilities and addressing them in modern application technology stacks Experience developing automations using languages such as Python Hands-on experience in configuring CI/CD solutions to utilize security solutions with the aim to mature towards a well-implemented DevSecOps Expert knowledge of OWASP and OWASP API Top threats and remediations (should be able to recognize and mitigate security issues with manual code review) Familiarity with common libraries and frameworks used for mitigating common application-level threats Knowledge of defense-in-depth architecture as it relates to cloud and application security Compensation: The role described above offers a base salary of $125,000 to $165,000. Your offer will be based on the alignment of your qualifications with the requirements of the job, location, and internal equity. In addition to the above-mentioned salary, Total Rewards include a stock option package, and benefits as outlined below. Robust Health Care Plans (Medical, Dental & Vision) Up to 5 weeks time off (self-managed) Retirement Plan (401k) with company match! Educational Assistance/Tuition Reimbursement up to $3K/year Life Insurance (Basic, Voluntary & AD&D) Short Term / Long Term Disability Robust Ancillary benefits including accident insurance, hospital insurance, etc. Wellhub (Gympass) Wellness Benefit Powersports Safety Benefit Disclaimer: The above statements are intended to describe the general nature and level of work being performed by associates assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed. Octane Lending is an equal opportunity employer committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or any other protected status with respect to recruitment, hiring, promotion and other terms and conditions of employment. #J-18808-Ljbffr

Created: 2025-01-14