Senior Application Security Engineer

Octane® is revolutionizing recreational purchases by delivering a seamless, end-to-end digital buying experience. We connect people with their passions by combining cutting-edge technology and innovative risk strategies to make lifestyle purchases - like powersports vehicles, RVs, and OPE - fast, easy, and accessible.

Octane adds value throughout the customer journey: inspiring enthusiasts with our editorial brands, including Cycle World® and UTV Driver®, instantly prequalifying consumers for financing online, routing customers to dealerships for an easy closing, and supporting customers throughout their loan with superior loan servicing.

Founded in 2014, we’re a company with 550+ employees and over 30 OEM and 4,000 dealer partners.

Octane is seeking an experienced Application Security Engineer to lead and enhance our application security initiatives. This role will focus on integrating robust security measures into the software development lifecycle, conducting security assessments, and guiding development teams in identifying and mitigating application security risks. You will play a critical role in securing our applications, microservices, and infrastructure, while also fostering a security-first mindset across teams. The preference is for this role to be hybrid based in our Dallas/Irving, Texas or NYC office, but will be open to remote candidates as well. 

Responsibilities: 

• Review, design and integrate security into the Software Development Lifecycle processes
• Perform manual and automated security assessments against Octane applications, microservices, and application components
• Perform threat modeling and risk assessments on existing and proposed projects
• Analyze existing processes and technologies used by development, data and product teams and embed security practices
• Partner with development and QA teams to ensure application security risks are identified and mitigated using appropriate security controls
• Test applications for security vulnerabilities using SAST/DAST/SCA solutions
• Provide pragmatic recommendations to remediate security concerns in the code and misconfigurations
• Triage and prioritize security incidents as needed as part of the incident response processes
• Own application security education and training across development, data and QA teams

Requirements:

• Master’s / Bachelor’s degree in Cybersecurity/Engineering preferred or significant relevant equivalent experience
• 5+ years of experience in Information Security. Prefer application security and incident response experience
• GIAC Certified Web Application Penetration Tester (GWAPT) and/or GIAC Certified Web Application Defender is preferred
• Familiar with processes such as threat intelligence, threat hunting, incident response and other threat & vulnerability processes
• Strong knowledge and understanding of application development frameworks and processes (prefer past experience as a full-stack developer)
• Experience in identifying application security vulnerabilities and addressing them in modern application technology stacks
• Experience identifying vulnerabilities in programming languages such as JavaScript (Node JS), and Python
• Experience developing automations using languages such as Python
• Hands-on experience in configuring CI/CD solutions to utilize security solutions with the aim to mature towards a well-implemented DevSecOps
• Expert knowledge of OWASP and OWASP API Top threats and remediations (should be able to recognize and mitigate security issues with manual code review)
• Familiarity with common libraries and frameworks used for mitigating common application-level threats
• Knowledge of defense-in-depth architecture as it relates to cloud and application security

Compensation

The role described above offers a base salary of $125,000 to $165,000. Your offer will be based on the alignment of your qualifications with the requirements of the job, location and internal equity.  In addition to the above-mentioned salary, Total Rewards include a stock option package, and benefits as outlined below.

Benefits:

• Robust Health Care Plans (Medical, Dental & Vision)
• Generous Parental Leave
• Up to 5 weeks time off (self-managed)
• Retirement Plan (401k) with company match!
• Educational Assistance/Tuition Reimbursement up to $3K/year 
• Life Insurance (Basic, Voluntary & AD&D)
• Short Term / Long Term Disability
• Robust Ancillary benefits including accident insurance, hospital insurance, etc
• Wellhub (Gympass) Wellness Benefit
• Powersports Safety Benefit

Disclaimer:  The above statements are intended to describe the general nature and level of work being performed by associates assigned to this classification.  They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.  All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.

Octane Lending is an equal opportunity employer committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or any other protected status with respect to recruitment, hiring, promotion and other terms and conditions of employment.

#LI-MZ1

#LI-Hybrid

#LI-Remote