Senior Security Engineer
Skills and experience needed
Organization(s) name(s)
Location
Monetary compensation
Monetary compensation
Why this opportunity exists
• Roostify is transforming the mortgage industry with an innovative and integrated platform that’s streamlining the entire digital lending experience. We believe that home lending should be a fair, fast, and transparent experience. Our software is used by banks across the country to improve lending experiences every day. We are a team of innovative thinkers on a mission to reinvent the lending experiences so people can accelerate their future. • As a senior security engineer, you will take a leadership role in at-scale defensive security measures surrounding product development, design and architecture as part of the engineering team at Roostify.You will interface with and act as a subject matter expert in all things related to platform, data and infrastructure security.
Responsibilities
• Be responsible for Roostify’s Secure SDLC process and specifically own the security toll-gates for the Design, Build, Implementation and Operation phases. • During the Design phase - reviewing technical designs and architectures from a security perspective. Lead security reviews and participate as a member of the Architecture Review Board (ARB). • During the Build Phase - providing guidance and ensuring that secure coding standards are being followed, performing code reviews for security modules, and performing static and dynamic analysis before code is deployed to staging and production infrastructures. • During the Implementation Phase - collaborating with our DevOps teams to ensure that that infrastructure is hardened, per industry best practices and standards, and doing Implementation security reviews. • Lastly, during the Operation phase, ensure that infrastructure is being monitored continuously, collect and analyze metrics to measure effectiveness of the security controls and participate in security incident response and investigations. • Manage the security roadmap for the engineering org and align it with the priorities of the InfoSec team and the company as a whole. Work collaboratively with the various engineering and operations teams to drive execution of the same. . • Manage annual application security open testing performed by independent vendors and coordinate with the InfoSec team for scheduling and scope of such tests. Assist design and remediation of any identified findings. • Participate in ISO, SOC and customer third-party risk assessments. Drive remediation of any identified product or platform deviations or control gaps resulting from audits and security reviews.
Additional requirements (other than skills)
• Expert knowledge of web security best practices and standards such as OWASP top 10, n-tier architectures. • Experience with cloud infrastructures and architectures and security tooling. AWS experience is highly desired. Experience with GCP is a plus. • Working knowledge of security fundamentals such as cryptography, identity and access management, etc. • Experience with information security techniques, strategies, and methodologies for SaaS providers and weaknesses of alternative solutions, conclusions or approaches to problems • Hands on experience with static and dynamic analysis tools such as - Veracode, SonarQube, Brakeman Pro, Burp Suite, etc. • Experience with vulnerability scanning tools such as Rapid 7, Qualys, etc. • CISSP or comparable certification desired but not required • Track record of continuing professional development to keep abreast of latest developments relevant to security best practices and technologies. • Must possess excellent oral and written communication skills and be able to communicate effectively with both internal and external stakeholders including executives • Passion, drive, commitment and tenacity in leading via influencing
Language(s) required
Career path
• Bachelor’s or master degree in Computer Science (or equivalent) and a minimum of 6 years of relevant experience with progressively increasing responsibilities. Expertise with secure coding practices and standards. Familiarity with Ruby and/or Java, React and Javascript.
About the organization(s)
• Roostify is transforming the mortgage industry with an innovative and integrated platform that’s streamlining the entire digital lending experience. We believe that home lending should be a fair, fast, and transparent experience. Our software is used by banks across the country to improve lending experiences every day. We are a team of innovative thinkers on a mission to reinvent the lending experiences so people can accelerate their future.
Team culture
• At Roostify we have a value of People First. We strive to provide the best experiences to our employees and candidates. We consider applicants without regards to race, color, national origin, sex, age, religion, sexual orientation, gender identity, veteran status, marital status, physical or mental disability, or other protected classes under all local, state, and federal laws and ordinances. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Additional benefits
Additional compensation
Agreement type
Posted: February 23, 2021 04:29 AM
Manuela Vargas Jaramillo Verified
Independent RecruiterWhat are signals?
Signals are a way of compiling a list of people you’ll consider working with. Others can signal you as well.
By signaling a person or organization you notify them that you’ll consider working with them. Thus:
- You will be notified of all or relevant jobs they post or when they’re open to new opportunities (your choice).
- When they search for talent, they’ll notice you signaled them.
- Your signals are only visible to people you have signaled. You can, however, share them with others to collaborate.
55% of jobs are filled via referrals 1 . With Signals, Torre makes it easy for you.