Software Development Engineering - Advisor
Role details
Job location
Tech stack
Job description
DUTIES: Develop, configure, and maintain automated applications and infrastructure security scanning programs including SAST, DAST, and SCA. Design and maintain automation test frameworks and integrate automated tests into CI/CD pipelines. Lead and administer the HackerOne bug bounty and vulnerability disclosure program and collaborate with engineering team to remediate critical vulnerabilities, preventing security breaches. Work with engineering team to build applications inventory for vulnerability management teams to prioritize vulnerabilities and remediation, Security Governance team for risk assessment, and Data security team for PII scanning. Plan, coordinate, and oversee penetration testing for internal products and applications. Lead fraud detection, remediation, and SDLC metrics projects across all Oportun applications to identify non-compliance, assess risk, and strengthen application security.
Requirements
REQUIREMENTS: Bachelor's degree in Computer Science, Computer Engineering or a related field and 4 years in any job title involving application security experience. Prior experience must include: 4 years working with SAST, IAST, DAST, and SCA tooling in support of DevSecOps; 4 years implementing a vulnerability management program; 4 years working with coding and scripting; 3 years performing security architecture and design reviews; 3 years working with threat modeling; 3 years running or participating in bug bounty programs; and 2 years working with securing cloud architectures.
