Senior Security Engineer

🕒 il y a 19 jours

🇺🇸 États-Unis – Télétravail

💵 $175 000 - $185 000 / an

⏰ Temps Plein

🟠 Senior

👮‍♂️ Cybersécurité / Ingénieur Sécurité

🦅 Parrain de Visa H1B

Cette entreprise a parrainé des visas H1B par le passé.

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

AutoFi

Site WebLinkedInTous les Emplois

201 - 500 employés

💳 Fintech

☁️ SaaS

💰 €85 000 000 Series C en 2022-03

Fintech • Automotive • SaaS

AutoFi est une entreprise qui offre une plateforme de vente au détail numérique avancée centrée sur la finance pour les concessionnaires automobiles, visant à rationaliser et améliorer le processus d'achat et de vente de voitures à la fois en ligne et en showroom. La plateforme répond aux défis courants des concessions tels que la surcharge décisionnelle, la méfiance des consommateurs et les goulets d'étranglement administratifs en proposant un routage intelligent des prêteurs et des processus de vente simplifiés. En intégrant des solutions flexibles dans des expériences d'achat de marque, AutoFi permet aux concessionnaires, aux constructeurs OEM et aux marketplaces de s'engager auprès des clients à tout moment et en tout lieu, les aidant à vendre plus intelligemment et à améliorer la rentabilité. Fondée en 2016, AutoFi se concentre sur l'autonomisation des équipes de vente pour un fonctionnement efficace et une satisfaction client accrue grâce à la fourniture d'outils facilitant des ventes plus rapides et de meilleures décisions de prêt.

Description

• Define, implement, and maintain security practices, standards, and controls across AutoFi’s products, services, cloud environments, and internal systems. • Partner with engineering and product teams to conduct security design reviews for new features, architecture changes, sensitive workflows, and production-bound implementations. • Design and implement security standards and secure development practices across engineering teams. • Champion security-related activities throughout the software development lifecycle, including secure design, threat modeling, secure coding practices, security testing, and risk-based remediation. • Implement, operate, and improve DevSecOps tooling and processes, including SAST, DAST, SCA, secret scanning, dependency analysis, and other application security controls. • Assess infrastructure, web applications, and cloud environments to help identify, prioritize, and drive remediation of security risks. • Triage vulnerability findings from application security tools, penetration tests, vendor assessments, external reports, and internal reviews. • Conduct proactive threat hunting using available telemetry from cloud environments, application logs, WAF events, identity systems, endpoint signals, and security platforms. • Support continuous improvement of AutoFi’s security operations processes, including alert tuning, detection logic, workflow automation, and post-incident lessons learned. • Assist in defining, implementing, and maintaining third-party risk management policies, procedures, standards, and assessment workflows. • Conduct and support vendor security assessments • Identify, document, and help reduce risks related to third-party vendors, SaaS platforms, integrations, service providers, and business partners.

🎯 Exigences

• 6+ years of experience in security engineering, application security, cloud security, security operations, or a related security function. • Experience designing and implementing security controls for modern SaaS, cloud, web application, and API environments. • Hands-on experience with application security practices, including secure design reviews, threat modeling, secure code review, vulnerability assessment, and OWASP-based testing methodologies. • Strong understanding of SAST, DAST, IAST, and SCA tooling • Experience with web & cloud security controls/frameworks • Familiarity with network and web application protocols (HTTP/S, SAML 2.0, OAuth, Rest APIs) • Experience with SIEM platforms, alert triage, security investigations, detection workflows, and incident response procedures. • Familiarity with indicators of compromise, indicators of attack, threat hunting techniques, and incident escalation processes. • Industry experience building data-driven applications with Javascript, Node.js, and NoQSL. • Minimum BS/BA in Cybersecurity, Information Security, Computer Science, or relevant degree, with the ability to demonstrate sophisticated logical thought processes. • Ability to communicate security risks clearly to engineering, product, compliance, business, and executive stakeholders. • Comfortable operating in a fast-paced environment with evolving priorities and shared ownership across multiple security domains.

🏖️ Avantages

• We offer full training and a competitive total rewards package along with great benefits • Medical, Dental & Vision coverage - 100% premium coverage for employee / 50+% for dependents • Flexible work hours • Remote environment • Competitive pay • Visionary leadership team • Growth opportunities within a dynamic culture • Wellness & cultural initiatives (fitness challenges, wellness webinars, virtual games, regional activities, etc.) • Up to $1K per year for employee professional development • Stock options - we are all owners!