Oportun is hiring a
Senior Software Engineer

Summary

Join Oportun's Engineering Business Unit as a Senior Software Engineer and contribute to designing, developing, and maintaining sophisticated software solutions. As a key member of the engineering team, you will be responsible for solving business problems with technical solutions, mentoring junior engineers, and collaborating closely with cross-functional teams.

Requirements

• Requires a Bachelor’s degree in Computer Science, Information Assurance/Security, Cyber Security, Computer Engineering, Electrical Engineering, a related field, or a foreign equivalent
• Must have 6 years of experience in the job offered or related occupation
• Must have 4 years of experience in software security architecture and design review; Threat Modeling; Security Code Review; SDLC; Best practices and mitigations for application security; AWS security; Penetration Testing; and in range of security technologies including VPC, IAM, KMS, etc. in AWS

Responsibilities

• Conduct threat modeling
• Architecture review
• Security code review
• Security assessment
• PCI testing
• Penetration testing (web application, native application, web services, cloud-based services, and infrastructure assessments)
• Perform in-depth security review of new application features
• This includes identifying security vulnerabilities (OWASP top ten, common issues in NVD, RCE), reviewing code in Java/JavaScript/Golang, verifying security posture through pen-test (using manual/automated techniques with tools from third parties
• Perform cloud infrastructure security reviews; the primary focus will be on AWS and many of its common service components (EKS, Istio, S3, IAM, EC2, VPC)
• Document security best practices
• Develop tools, libraries, scripts or customize existing tools to automate security vulnerability detection and remediation
• Identify gaps in existing cloud security architecture design/configuration and recommend changes (authentication, authorization, network segmentation, container configuration, bastion host setup)
• Partner with engineering and operation teams to integrate mitigation controls into continuous integration, delivery and deployment processes
• Work on areas to develop security baseline for cloud, container, and application and integrate into the CI/CD pipeline
• Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements (PCI, NIST controls, SOC2)