Senior Web Application Security Engineer
LearnVest is redefining the American approach to personal finance. Our planners leverage financial technology to create simple, affordable, realistic plans for anyone who wants to feel confident about their money and optimistic about the future.
Since launching in 2010, LearnVest has been one of the premier financial technology companies in the country, helping thousands of people make progress on their financial goals. LearnVest was acquired by Northwestern Mutual in 2015 and is now scaling its technology and personal finance approach to help millions of people across both the LearnVest and Northwestern Mutual brands.
Job Description
The Security Engineering team is seeking highly talented application security engineers to protect the applications that interact with our internal and external end-users. Your role is to design, implement, test and operate as well as provide support to the engineering, infrastructure, security and IT teams to continuously improve and protect our production architecture and applications.
Our current tech stack includes AWS, Linux, Ansible, Docker, Kubernetes, Spring, Node.js, Java8, iOS, and Python.
Responsibilities
- Integrate into development teams to provide security expertise on system, network, encryption, authentication, security specific code, and governance
- Perform code reviews to discover and demonstrate flaws such as SQL Injections, XSS Scripting, and Cross Site Request Forgery (CSRF)
- Develop automation and tooling to improve attack and fraud prevention
- Conduct periodic penetration testing of large scale internal applications
- Support vendor and partner security assessments
- Research emerging trends and technologies to assess the threats they may face.
Qualifications
- Minimum 3 years working with web-scale environments
- Minimum 2 years working in a security capacity
- Ability to scale security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques.
- Experience with manual interception proxies such as Charles Proxy, Burp, or Fiddler
- Familiarity in identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
- Have strong experience in security Java, Javascript, and iOS applications
- Proficient with Linux
- Intermediate to expert knowledge with Amazon Web Services
- Very strong verbal and written communication skills
Benefits
- Fully stocked snacks, beer fridge, cold brew kegs, frequent catered lunches, company dodgeball team, and whiskey hours
- Tuition reimbursement, commuter plans, and paid time off
- Highly competitive compensation that include base salary plus bonus
- Medical/Dental/Vision plans, Matching 401(k), pension program