Engineering Business Unit Overview:
The charter for Engineering group at Oportun is to be the world-class engineering force behind our innovative products. The group plays a vital role in designing, developing, and maintaining cutting-edge software solutions that power our mission and advance) our business. We strike a balance between leveraging leading tools and developing in-house solutions to create member experiences that empower their financial independence.
The talented engineers in this group are dedicated to delivering and maintaining performant, elegant, and intuitive systems to our business partners and retail members. Our platform combines service-oriented platform features with sophisticated user experience and is enabled through a best-in-class (and fun to use!) automated development infrastructure. We prove that FinTech is more fun, more challenging, and in our case, more rewarding as we build technology that changes our members’ lives.
Engineering at Oportun is responsible for high quality and scalable technical execution to achieve business goals and product vision. They ensure business continuity to members by effectively managing systems and services - overseeing technical architectures and system health. In addition, they are responsible for identifying and executing on the technical roadmap that enables product vision as well as fosters member & business growth in a scalable and efficient manner.
Position Overview:
As a Senior Software Engineer at Oportun, you will be a key member of our engineering team, responsible for designing, developing, and maintaining sophisticated software solutions in achieving the charter of the engineering group. Your mastery of a technical domain enables you to take up business problems and solve them with a technical solution. With your depth of expertise and leadership abilities, you will actively contribute to architectural decisions, mentor junior engineers, and collaborate closely with cross-functional teams to deliver high-quality, scalable software solutions that advance our impact in the market. This is a role where you will have the opportunity to take up responsibility in leading the technology effort – from technical requirements gathering to final successful delivery of the product - for large initiatives (cross-functional and multi-month long projects).
Responsibilities:
Conduct threat modeling, architecture review, security code review, security assessment, PCI testing, penetration testing (web application, native application, web services, cloud-based services, and infrastructure assessments). Perform in-depth security review of new application features. This includes identifying security vulnerabilities (OWASP top ten, common issues in NVD, RCE), reviewing code in Java/JavaScript/Golang, verifying security posture through pen-test (using manual/automated techniques with tools from third parties. Perform cloud infrastructure security reviews; the primary focus will be on AWS and many of its common service components (EKS, Istio, S3, IAM, EC2, VPC). Document security best practices, develop tools, libraries, scripts or customize existing tools to automate security vulnerability detection and remediation. Identify gaps in existing cloud security architecture design/configuration and recommend changes (authentication, authorization, network segmentation, container configuration, bastion host setup). Partner with engineering and operation teams to integrate mitigation controls into continuous integration, delivery and deployment processes. Work on areas to develop security baseline for cloud, container, and application and integrate into the CI/CD pipeline. Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements (PCI, NIST controls, SOC2).
Minimum Education & Experience Requirements:
Requires a Bachelor’s degree in Computer Science, Information Assurance/Security, Cyber Security, Computer Engineering, Electrical Engineering, a related field, or a foreign equivalent. Must have 6 years of experience in the job offered or related occupation. Must have 4 years of experience in software security architecture and design review; Threat Modeling; Security Code Review; SDLC; Best practices and mitigations for application security; AWS security; Penetration Testing; and in range of security technologies including VPC, IAM, KMS, etc. in AWS.