Senior Application Security Engineer

Overview

About GreenSky

GreenSky, LLC, headquartered in Atlanta, is a leading technology company Powering Commerce at the Point of Sale® for a growing ecosystem of merchants, consumers, banks and institutional investors. GreenSky’s highly scalable, proprietary and patented technology platform enables merchants to offer frictionless promotional payment options to consumers, driving increased sales volume and accelerated cash flow. The GreenSky® Program is operated on behalf of, and financing is provided by, federally insured, federal or state chartered financial institutions, which leverage GreenSky’s technology to provide loans to super-prime and prime consumers nationwide. Since the GreenSky® Program’s inception, nearly 6 million consumers have financed more than $50 billion of commerce using GreenSky’s real time “apply and buy” technology. For more information visit www.greensky.com.

Overview

GreenSky is a well-established, leading fintech company, headquartered in Atlanta. We make it easy for businesses of all sizes to offer credit to their customers with a fast and paperless solution. With billions of dollars in loans and hundreds of thousands of satisfied customers, we are evolving the consumer credit marketplace.

We have developed a highly scalable loan origination and servicing platform and unique loan origination tools to deliver a differentiated level of service to our stakeholders, merchant and retailer channel partners, consumers, and borrowers.

Leveraging proprietary mobile technology, we are continuing to build on our successes. We have a great team and are proud of the employer-of-choice environment we’ve created. GreenSky is backed by some of the leading private equity investors in the world. Our corporate headquarters is in the expanding fintech hub of Atlanta, GA.

Position: Sr. Application Security Engineer

Location: Atlanta or Remote US

Position Overview

GreenSky is looking for a versatile application security engineer to support the security engineering team and enhance our security capabilities. The ideal candidate will have a strong background in software development, excellent problem-solving skills, and the ability to work collaboratively with cross-functional teams. As a Senior Application Security Engineer, you will be responsible for designing, developing, and maintaining the application security program, tools and capabilities to ensure the security and integrity of our software solutions. This role will also involve conducting threat modeling to identify potential security risks and implementing automation to enhance the efficiency and reliability of our security processes. Additionally, you will be responsible for integrating security best practices into the development lifecycle and staying up to date with the latest security trends and technologies.

Duties & Responsibilities

• Implement and oversee various security technologies, including Web Application Firewalls (WAF), Static/Dynamic/Interactive Application Security Testing, penetration testing tooling, and other threat detection systems.
• Collaborate with product managers, designers, and other engineers to deliver high-quality software solutions
• Leverage cloud native, open source and commercial tools to mature application security capabilities and drive automation
• Build detections and dashboards as needed in the SIEM and assist in technical investigations when incidents occur
• Participate in code reviews and provide productive feedback to team members.
• Conduct threat modeling to identify potential security risks
• Focus on driving security efficiencies, enabling security team members to work on more advanced tasks.
• Integrate security best practices into the development lifecycle
• Identify gaps in current capabilities and drive efforts to close the gaps
• Maintain up-to-date level of knowledge related to security threats, vulnerabilities and mitigations set forth to reduce attack surface

Required Skills/Qualifications

5 years of experience in application security related fieldsExperience in detecting, analyzing, and resolving vulnerabilities in web applications, APIs, and mobile applications.Strong knowledge and experience with secure coding practicesUp-to-date understanding of application security weaknesses for various technologies including web applications, databases, and multi-tier applicationsFamiliarity with DevSecOps methodologies and the integration of security into CI/CD pipelines using tools like GitLab and JenkinsExperience with threat modeling, design reviews, risk analysis and control designAbility to analyze event and incident logs and work with SOC and IR teams to assess security events related to malware, vulnerabilities, and exploitsExperience and proficiency in at least one programming language and framework (Java, Python, Ruby)Extensive expertise in network security, as well as authentication and authorization mechanismsGreenSky is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.