Senior Information Security Engineer
At OnDeck, we make small business a big deal. We’re improving the world’s economic landscape by changing the way small businesses access capital. We care intensely about each other, our company and the customers we serve, and are committed to making every day count.
Technology at OnDeck is a mix of building world-class user experiences for our partners and direct customers, data processing to enable underwriting model development and real-time lending decisions, automating operational and compliance workflows, and generating precise money movements and calculations to service our customers. We have an emphasis on scalability, security, reliability and accuracy.
The OnDeck Security team is committed to protecting the data and well-being of our clients and team members. We are looking for a security-minded engineer help secure the financial data of small businesses nation-wide. As a Security Engineer, you analyze the security of OnDeck data, systems, and applications. You enjoy discovering and addressing complex security problems by collaborating with development, QA, analytics, IT, and DevOps teams, an. assessing designs against relevant security threats, this position will provide you with a challenging opportunity to learn and grow.
Bring your passion for learning, experimentation, and creative thinking!
Even if you don’t fit this description exactly, but you’ve got a great software development and systems engineering background having dealt with infrastructure or application security issues (like PCI compliance), please contact us too!
As a Senior Information Security Engineer at OnDeck on the Security Team, you will:
- Manage Vulnerability Management Activities such as scanning, review, prioritization, and remediation
- Manage and perform network security reviews including firewalls, IDS/IPS rules, and general architecture
- Conduct security investigations and maintaining chain of custody throughout the process
- Review IDS/IPS rules and deployment to ensure optimum efficiency and defense
- Deploy and improve upon security sensors throughout the environment such as, but not limited to:
- IPS
- Two-factor authentication
- SIEM
- Review Access and User Permissions
- Automate Incident Management Activities
- Investigate and respond to security incidents
- Investigate and respond to third-party reported security vulnerabilities.
- Collaborate with Development, IT, QA, and DevOps teams to help ensure designs and implementations meet security standards
- Provide guidance on the design and correct implementation of planned security controls such as authentication, authorization, auditing, and encryption.
- Take ownership in building roadmaps to meet security program goals to achieve not only compliance, but also meet and exceed industry standards such as SOX, ISO, and NIST.
- Experience with Windows Domains and Systems
- Contribute to security policy, standards, and guidelines
- Research and work with Security Vendors and Solution providers to ensure the security team is equipped with the proper tools and solutions
- Develop training materials for company-wide general security awareness and job-specific security training from topics ranging from sensitive data handling to leveraging security tools properly
Necessary qualifications for success:
- If based in VA, willing to travel to NY office from time-to-time to work with Development, IT, QA, and DevOps teams as necessary for critical projects
- Some weekends or after-hours work may be necessary including on-call security operations support
- 5+ years experience with any combinations of the following: penetration testing, automation, threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system and network security
- Experience with securing data in Amazon Web Services (AWS), Salesforce, Postgres, and MongoDB
- Experience with Network Security Scanning tools and penetration testing technologies (NMAP, Rapid7 Nexpose/Insight, Tenable Nessus/Security Center, Metasploit, Cobalt Strike, etc.)
- Experience with infrastructure and development tools such as, but not identical to, ELK stacks, Vagrant, Ansible, Gradle, Maven, Stash, etc.
- Experience and detailed technical knowledge in security engineering, network security, authentication and security protocols.
- Experience with Splunk Enterprise or S
- Strong understanding of Network protocols such as TCP/IP, DNS, VPNs (IPSEC), and wireless security technologies (PEAP, WPA, etc).
- Experience working within an environment that requires compliance such as PCI, SOX, FedRAMP.
- Strong understanding of industry security standards and organizations (SANS, HIPAA, PCI, NIST, SOX, etc).
- Bachelors Degree or higher (or equivalent experience). Computer Science/Engineering major is preferable.
Nice-to-haves (not required):
- Relevant Security Certifications such as CEH, GCIH, ECIH, OSCP, CISSP, CISM
- Experience Security Data in AWS
- Experience with infrastructure and security tools such as, but not identical to, HP Fortify, IBM AppScan, Veracode, Black Duck, Sonatype, Securonix, and ArcSight.
- Experience performing security reviews on: RESTful web services, Java web applications, JSON, Server-side JavaScript (e.g. Node.js), Angular
About OnDeck:
As the largest online small business lender in the U.S. serving more than 700 different industries, we have been trusted by over 80,000 small businesses by providing them with a term loan or line of credit to help them build growing and thriving enterprises. Since 2007, we’ve issued over $10 billion in capital.
Join us as we enable small businesses to achieve their goals. At OnDeck, we’re reinventing small business financing. We care intensely about each other, our company and the customers we serve, and are committed to making every day count. We are small enough to be nimble and strong enough to make a big impact.
OnDeck believes that each and every team member plays an important role in our company’s success. That’s why we strive to provide you and your family with a competitive and comprehensive benefit program with a variety of options and opportunities. We offer:
- Generous Vacation
- Comprehensive Healthcare
- Educational Reimbursement
- 401k Matching
- Parental Leave
- Sports Teams
- Stocked Kitchens
- Loan Consolidation
We are going to ask you to talk about your accomplishments. Here are some of ours:
- WorldatWork, 2017 Seal of Distinction
- Fortune 50 Best Workplaces for Diversity, 2016
- Fortune 50 Best Small and Medium Companies to Work For, 2016
- Fortune 30 Best Workplaces in Finance and Insurance, 2016
- Built in Colorado, Top 100 Digital Companies in Colorado, 2015, 2016, 2017
- Crain’s New York Business Fast 50, 2013, 2014, 2015, 2016, 2017
- Fortune and Great Place to Work 100 Best Workplaces for Millennials, 2015
- Fortune/Great Place To Work Great Rated! People’s Picks: 20 Great Workplaces in Financial Services, 2015
- Crain’s New York Best Places to Work, 2013, 2014, 2015
- Colorado SHRM Best Companies to Work For in Colorado, 2015
- Forbes’ America’s Most Promising Companies, 2013, 2014
- Selling Power Magazine Best Company to Sell For, 2013, 2014, 2015, 2016, 2017, 2018
- 500|5000, 2013, 2014
As part of our dedication to maintaining an inclusive and diverse workforce, OnDeck provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, OnDeck complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
OnDeck expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of OnDeck’s employees to perform their job duties may result in discipline up to and including discharge.
**No external recruiters or agents, please.**