Senior Security Engineer

🕒 May 21

🇺🇸 United States – Remote

💵 $175k - $185k / year

⏰ Full Time

🟠 Senior

👮‍♂️ Cybersecurity / Security Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

AutoFi

WebsiteLinkedInAll Job Openings

201 - 500 employees

💳 Fintech

☁️ SaaS

💰 $85M Series C on 2022-03

Fintech • Automotive • SaaS

AutoFi is a company that provides an advanced finance-centered digital retailing platform for car dealerships, aiming to streamline and enhance the car buying and selling process both online and in showrooms. The platform addresses common dealership challenges such as decision overload, consumer distrust, and desk bottlenecks by offering intelligent lender routing and simplified sales processes. By incorporating flexible solutions into branded buying experiences, AutoFi enables dealers, OEMs, and marketplaces to engage customers anytime, anywhere, helping them to sell smarter and improve profitability. Established in 2016, AutoFi focuses on empowering sales teams for efficient operation and enhanced customer satisfaction by providing tools to facilitate faster sales and better lender decisions.

📋 Description

• Define, implement, and maintain security practices, standards, and controls across AutoFi’s products, services, cloud environments, and internal systems. • Partner with engineering and product teams to conduct security design reviews for new features, architecture changes, sensitive workflows, and production-bound implementations. • Design and implement security standards and secure development practices across engineering teams. • Champion security-related activities throughout the software development lifecycle, including secure design, threat modeling, secure coding practices, security testing, and risk-based remediation. • Implement, operate, and improve DevSecOps tooling and processes, including SAST, DAST, SCA, secret scanning, dependency analysis, and other application security controls. • Assess infrastructure, web applications, and cloud environments to help identify, prioritize, and drive remediation of security risks. • Triage vulnerability findings from application security tools, penetration tests, vendor assessments, external reports, and internal reviews. • Conduct proactive threat hunting using available telemetry from cloud environments, application logs, WAF events, identity systems, endpoint signals, and security platforms. • Support continuous improvement of AutoFi’s security operations processes, including alert tuning, detection logic, workflow automation, and post-incident lessons learned. • Assist in defining, implementing, and maintaining third-party risk management policies, procedures, standards, and assessment workflows. • Conduct and support vendor security assessments • Identify, document, and help reduce risks related to third-party vendors, SaaS platforms, integrations, service providers, and business partners.

🎯 Requirements

• 6+ years of experience in security engineering, application security, cloud security, security operations, or a related security function. • Experience designing and implementing security controls for modern SaaS, cloud, web application, and API environments. • Hands-on experience with application security practices, including secure design reviews, threat modeling, secure code review, vulnerability assessment, and OWASP-based testing methodologies. • Strong understanding of SAST, DAST, IAST, and SCA tooling • Experience with web & cloud security controls/frameworks • Familiarity with network and web application protocols (HTTP/S, SAML 2.0, OAuth, Rest APIs) • Experience with SIEM platforms, alert triage, security investigations, detection workflows, and incident response procedures. • Familiarity with indicators of compromise, indicators of attack, threat hunting techniques, and incident escalation processes. • Industry experience building data-driven applications with Javascript, Node.js, and NoQSL. • Minimum BS/BA in Cybersecurity, Information Security, Computer Science, or relevant degree, with the ability to demonstrate sophisticated logical thought processes. • Ability to communicate security risks clearly to engineering, product, compliance, business, and executive stakeholders. • Comfortable operating in a fast-paced environment with evolving priorities and shared ownership across multiple security domains.

🏖️ Benefits

• We offer full training and a competitive total rewards package along with great benefits • Medical, Dental & Vision coverage - 100% premium coverage for employee / 50+% for dependents • Flexible work hours • Remote environment • Competitive pay • Visionary leadership team • Growth opportunities within a dynamic culture • Wellness & cultural initiatives (fitness challenges, wellness webinars, virtual games, regional activities, etc.) • Up to $1K per year for employee professional development • Stock options - we are all owners!