Senior Security Engineer II

OppFi is a tech-enabled, mission-driven specialty finance platform that broadens the reach of community banks to extend credit access to everyday Americans. Through best-in-class customer service, transparency, responsible lending, and financial inclusion, we support consumers, who are turned away by mainstream options, to build better financial health.

We are a team of caring, innovative, and inclusive individuals who thrive in being immersed in diverse talents, expertise, perspectives, and backgrounds. Our employees approach every new challenge with an unparalleled ability to see what could be rather than settle for what is. Our business principles guide us and create an open and collaborative culture where we improve 1% every day, and the best ideas always win! We welcome individuals who want to make an impact in the financial system by facilitating credit access, expanding financial inclusion, promoting financial health, and delivering exceptional customer service.

A few other fun facts about us. OppFi is one of the top consumer-rated financial platforms online, maintaining a 4.5/5.0-star rating on Trustpilot. We are a 2023 Crain’s Fast 50™ company and were named on Built In's 2024 Best Places to Work in Chicago.

 About the job:

We are looking for a motivated, and service-oriented Senior Security Engineer I with hands-on knowledge of AWS, cloud architecture, and security best practices to join our expanding Information Security team. You will work directly with OppFi internal teams to ensure overall environment security, visibility, and compliance measures are adhered to and enforced. You will evaluate existing technical capabilities and systems,  and identify opportunities for improvements while maintaining standard operating procedures and protocols to ensure Security Operations continues to meet operational requirements.

What you get to do:

• Balance the needs of delivering technical security assurance while still allowing development and operations teams to move quickly
• Conduct cloud and on-prem vulnerability assessments, analyzing vulnerabilities, determining severity, and recommending paths for eliminating or mitigating security gaps
• Triage, investigate and respond to potential incidents. Provide on-call support when needed.
• Work with Engineering and IT teams to ensure that programmatically-deployed infrastructure is built following OppFi’s security principles
• Ensure the proper security controls are deployed within our cloud environments to address confidentiality, integrity, and availability of these services
• Build automation for in-house network, service, and endpoint security testing
• Help with the identification and evaluation of security gaps, and translate them into functional specifications to implement
• Cybersecurity related duties as assigned/required to support specialized activities.
• Develop and implement robust security architectures encompassing firewall policies, VPNs, intrusion detection/prevention systems (IDS/IPS), network segmentation, and access control mechanisms.
• Integrate and manage CASB solutions to provide visibility and control over data and applications in the cloud.
• Deploy and manage WAF solutions to safeguard web applications against threats and vulnerabilities.
• Maintain a current understanding of the security threat landscape. Research and review new technologies and trends

What you will bring to the team:

• Bachelor’s Degree in Computer Science, Information Assurance, Cyber Security, or related field of study
• CISSP, Security+, or other Cybersecurity Industry recognized certification
• Experience with security operations systems: MDM, DLP, Firewalls, CASB, Log collectors, SIEM/SOC, EDR, VPN.
• 7+ years of experience in security operations
• Strong attention to detail with an analytical mind and outstanding problem-solving skills
• Solid Understanding of Incident response process and procedures including in the cloud
• Experience using a vulnerability management tool (Qualys, Tenable, etc) to scan, manage and prioritize vulnerabilities
• Professional demeanor, good interpersonal skills, and ability to excel in a high-paced multi-tasked environment
• Knowledge of AWS, Azure, cloud infrastructure and IT infrastructures
• Able to automate/script daily tasks using Python, Bash or equivalent
• Some experience with security operations systems: MDM, DLP, Firewalls, CASB, Log collectors, SIEM/SOC, EDR, VPN
• Knowledge of security and risk management practices and security frameworks (FFIEC, NIST, ISO, CIS Benchmarks, SOC2)
• Experience with Terraform and CloudFormation is a huge plus
  
  

Reports to:  Manager, Security Operations

EEO Statement:

OppFi is an equal opportunity employer and does not discriminate based on any actual or perceived legally recognized protected bases under local, state, federal law, or regulations. Our goal as a company is to build an equitable workplace that actively works to dismantle systems of oppression in our processes, procedures, and interactions. We aim to help our employees thrive where they work and beyond. Check out our Culture page here.

As part of OppFi’s commitment to providing equal opportunity to qualified individuals, OppFi will ensure that persons with disabilities are provided reasonable accommodation as defined by applicable laws and organizational policies. If reasonable accommodation is needed to participate in the job application or interview processes or job requirements, please contact our People Team at recruiting@oppfi.com.

Pursuant to the requirements of the California Consumer Privacy Act, OppFi is providing the "OppFi California Employee Privacy Policy", which details the categories of personal information collected and your rights under the policy. If you are a California resident, please review the policy here: https://www.oppfi.com/careers/.

The information in this document is for general informational purposes only. It is not intended to be an all-inclusive list or description of the organization and its requirements for positions and employees. OppFi reserves the right to modify or change the information on this document at its discretion.