Senior Security Engineer II, Application Security

OppFi is a tech-enabled, mission-driven specialty finance platform that broadens the reach of community banks to extend credit access to everyday Americans. Through best-in-class customer service, transparency, responsible lending, and financial inclusion, we support consumers, who are turned away by mainstream options, to build better financial health.

We are a team of caring, innovative, and inclusive individuals who thrive in being immersed in diverse talents, expertise, perspectives, and backgrounds. Our employees approach every new challenge with an unparalleled ability to see what could be rather than settle for what is. Our business principles guide us and create an open and collaborative culture where we improve 1% every day, and the best ideas always win! We welcome individuals who want to make an impact in the financial system by facilitating credit access, expanding financial inclusion, promoting financial health, and delivering exceptional customer service.

A few other fun facts about us. OppFi is one of the top consumer-rated financial platforms online, maintaining a 4.5/5.0-star rating on Trustpilot. We are a 2023 Crain’s Fast 50™ company and were named on Built In's 2024 Best Places to Work in Chicago.

 About the job:

As a Application Security Engineer II, you will play a pivotal role in safeguarding the company's systems, applications, and data by implementing robust security solutions and practices. Collaborating with cross-functional teams, you will ensure that our technology ecosystem adheres to industry security standards and aligns with company policies. Reporting to the Director of Security, you will contribute to securing the development lifecycle, enhancing the security posture of our applications, and providing guidance to development teams.

This role is ideal for a proactive professional who excels at analyzing applications, identifying vulnerabilities, and mitigating risks in the ever-evolving landscape of cybersecurity threats.

What you get to do:

• Secure Development Practices: Collaborate with developers to promote secure coding practices, conduct code reviews, and ensure alignment with organizational security standards.
• Penetration Testing and Vulnerability Management: Support penetration testing efforts, perform security assessments during project reviews, and manage application scanning throughout the software development lifecycle (SDLC).
• Threat modeling: identifying and mitigating potential security risks in applications and services. This would involve collaborating with development teams analyzing system architectures, designing secure solutions, and adherence to security best practices.
• Third-Party Risk Management: Monitor security vulnerabilities in third-party libraries, prioritize risks, and implement effective mitigations.
• Application Security Enhancements: Enhance internal libraries, build systematic protections for classes of vulnerabilities, and implement secure defaults to protect against unsafe third-party code.
• Static Application Security Testing (SAST): Integrate static analysis tools into continuous integration (CI) workflows, empowering developers to manage and mitigate code risks effectively.
• Security Advocacy: Advocate for application security across the organization by mentoring engineers, conducting training sessions, and fostering a culture of security awareness.
• Code Reviews: Conduct independent and paired code reviews, focusing on identifying vulnerabilities and educating developers on best practices.
• Supply Chain Security: Manage and secure software supply chains using tools such as Artifactory or similar platforms.

What you will bring to the team:

• Experience: 5+ years of experience in application development or application security.
• Technical Expertise:
• Proficiency in at least two programming languages (e.g., Ruby, Python, Clojure, or Apex).
• Hands-on experience with web application penetration testing and deploying SAST tools in developer workflows.
• Comprehensive knowledge of web vulnerabilities and deploying best-practice fixes in legacy and modern codebases.
• Supply Chain Security: Strong understanding of supply chain security principles and experience managing risks associated with third-party libraries and dependencies.
• Collaboration: Proven ability to work closely with development teams, fostering security awareness and improving secure coding practices.
• Mentorship: Demonstrated experience mentoring engineers in security concepts, helping them identify and remediate vulnerabilities.
• Tooling and Processes: Familiarity with integrating security tools into CI/CD pipelines and managing security risks across the development lifecycle.

Why Join Us?

• Impactful Work: Be at the forefront of securing critical systems and applications, directly contributing to the organization's resilience against emerging threats.
• Collaboration: Work alongside passionate security and development professionals who value innovation and teamwork.
• Growth Opportunities: Expand your expertise in application security, participate in cutting-edge security projects, and mentor the next generation of security professionals.
• Security Advocacy: Play a key role in fostering a security-first culture across the company

Reports to:  Director of Security Engineering

Total Rewards and Benefits:

The starting base salary for this position is $123,200 per year. The actual offer, reflecting the total compensation package and benefits, will be at the company’s sole discretion and determined by a myriad of factors including, but not limited to, years of experience, depth of experience, and other relevant business considerations. The total compensation package includes eligibility and potential for performance-based bonuses as well as equity grants dependent upon the role and job level.

OppFi offers a flexible, remote environment, 401(k) matching program, and generous paid time off. Other benefits include medical, dental, and vision coverage, and tuition reimbursement. There are also additional benefits, including DoorDash DashPass, Figo pet insurance, Rocket Lawyer, and access to LinkedIn Learning. OppFi also offers Fringe, which is a lifestyle benefits platform that allows employees decide how to spend rewards from dozens of vendors like Uber, DoorDash, and UrbanSitter. #LI-Remote

EEO Statement:

OppFi is an equal opportunity employer and does not discriminate based on any actual or perceived legally recognized protected bases under local, state, federal law, or regulations. Our goal as a company is to build an equitable workplace that actively works to dismantle systems of oppression in our processes, procedures, and interactions. We aim to help our employees thrive where they work and beyond. Check out our Culture page here.

As part of OppFi’s commitment to providing equal opportunity to qualified individuals, OppFi will ensure that persons with disabilities are provided reasonable accommodation as defined by applicable laws and organizational policies. If reasonable accommodation is needed to participate in the job application or interview processes or job requirements, please contact our People Team at recruiting@oppfi.com.

Pursuant to the requirements of the California Consumer Privacy Act, OppFi is providing the "OppFi California Employee Privacy Policy", which details the categories of personal information collected and your rights under the policy. If you are a California resident, please review the policy here: https://www.oppfi.com/careers/.

The information in this document is for general informational purposes only. It is not intended to be an all-inclusive list or description of the organization and its requirements for positions and employees. OppFi reserves the right to modify or change the information on this document at its discretion.