At OnDeck, we make small business a big deal. Were improving the worlds economic landscape by changing the way small businesses access capital. We care intensely about each other, our company & the customers we serve, & are committed to making every day count.
Technology at OnDeck is a mix of building world-class user experiences for our partners & direct customers, data processing to enable underwriting model development & real-time lending decisions, automating operational & compliance workflows, & generating precise money movements & calculations to service our customers. We have an emphasis on scalability, security, reliability & accuracy.
The OnDeck Security team is committed to protecting the data & well-being of our clients & team members. We are looking for a security-minded engineer help secure the financial data of small businesses nation-wide. As a Security Engineer, you analyze the security of OnDeck data, systems, & applications. You enjoy discovering & addressing complex securityproblems by collaborating with development, QA, analytics, IT, & DevOps teams, an. assessing designs against relevantsecurity threats, this position will provide you with a challenging opportunity to learn & grow.
Bring your passion for learning, experimentation, & creative thinking!
Even if you dont fit this description exactly, but youve got a great software development & systems engineering background having dealt with infrastructure or application security issues (like PCI compliance), please contact ustoo!
As a Senior Information Security Engineer at OnDeck on the Security Team, you will:
- Manage Vulnerability Management Activities such as scanning, review, prioritization, & remediation
- Manage & perform network security reviews including firewalls, IDS/IPS rules, & general architecture
- Conduct security investigations & maintaining chain of custody throughout the process
- Review IDS/IPS rules & deployment to ensure optimum efficiency & defense
- Deploy & improve upon security sensors throughout the environment such as, but not limited to:
- Two-factor authentication
- Review Access & User Permissions
- Automate Incident Management Activities
- Investigate & respond to security incidents
- Investigate & respond to third-party reported security vulnerabilities.
- Collaborate with Development, IT, QA, & DevOps teams to help ensure designs & implementations meet security standards
- Provide guidance on the design & correct implementation of planned security controlssuch as authentication, authorization, auditing, & encryption.
- Take ownership in building roadmaps to meet security program goals to achieve not only compliance, but also meet & exceed industry standards such asSOX, ISO, & NIST.
- Experience with Windows Domains & Systems
- Contribute to security policy, standards, & guidelines
- Research & work with Security Vendors & Solution providers to ensure the security team is equipped with the proper tools & solutions
- Develop training materials for company-wide general security awareness & job-specific securitytraining from topics ranging from sensitive data handling to leveraging security tools properly
Necessary qualifications for success:
- If based in VA, willing to travel to NY office from time-to-time to work with Development, IT, QA, & DevOps teams as necessary for critical projects
- Some weekends or after-hours work may be necessary including on-call security operations support
- 5+ years experience with any combinations of the following: penetrationtesting, automation, threat modeling experience, secure coding, identity managementand authentication, software development, cryptography, system & network security
- Experience with securing data in Amazon Web Services (AWS), Salesforce, Postgres, & MongoDB
- Experience with Network Security Scanning tools & penetration testing technologies (NMAP, Rapid7 Nexpose/Insight, Tenable Nessus/Security Center, Metasploit, Cobalt Strike, etc.)
- Experience with infrastructure & development tools such as, but not identical to, ELK stacks, Vagrant, Ansible, Gradle, Maven, Stash, etc.
- Experience & detailed technical knowledge in security engineering, network security,authentication & security protocols.
- Experience with Splunk Enterprise or S
- Strong understanding of Network protocols such as TCP/IP, DNS, VPNs (IPSEC), & wirelesssecurity technologies (PEAP, WPA, etc).
- Experience working within an environment that requires compliance such as PCI, SOX, FedRAMP.
- Strong understanding of industry security standards & organizations (SANS, HIPAA, PCI,NIST, SOX, etc).
- Bachelors Degree or higher (or equivalent experience). Computer Science/Engineering major is preferable.
Nice-to-haves (not required):
- Relevant Security Certifications such as CEH, GCIH, ECIH, OSCP, CISSP, CISM
- Experience Security Data in AWS
- Experience with infrastructure & security tools such as, but not identical to, HP Fortify, IBM AppScan, Veracode, Black Duck, Sonatype, Securonix, & ArcSight.
As the largest online small business lender in the U.S. serving more than 700 different industries, we have been trusted by over 80,000 small businesses by providing them with a term loan or line of credit to help them build growing & thriving enterprises. Since 2007, weve issued over $10 billion in capital.
Join us as we enable small businesses to achieve their goals. At OnDeck, were reinventing small business financing. We care intensely about each other, our company & the customers we serve, & are committed to making every day count. We are small enough to be nimble & strong enough to make a big impact.
OnDeck believes that each & every team member plays an important role in our companys success. Thats why we strive to provide you & your family with a competitive & comprehensive benefit program with a variety of options & opportunities. We offer:
- Generous Vacation
- Comprehensive Healthcare
- Educational Reimbursement
- 401k Matching
- Parental Leave
- Sports Teams
- Stocked Kitchens
- Loan Consolidation
We are going to ask you to talk about your accomplishments. Here are some of ours:
- WorldatWork, 2017 Seal of Distinction
- Fortune 50 Best Workplaces for Diversity, 2016
- Fortune 50 Best Small & Medium Companies to Work For, 2016
- Fortune 30 Best Workplaces in Finance & Insurance, 2016
- Built in Colorado, Top 100 Digital Companies in Colorado, 2015, 2016, 2017
- Crains New York Business Fast 50, 2013, 2014, 2015, 2016, 2017
- Fortune & Great Place to Work 100 Best Workplaces for Millennials, 2015
- Fortune/Great Place To Work Great Rated! Peoples Picks: 20 Great Workplaces in Financial Services, 2015
- Crains New York Best Places to Work, 2013, 2014, 2015
- Colorado SHRM Best Companies to Work For in Colorado, 2015
- Forbes Americas Most Promising Companies, 2013, 2014
- Selling Power Magazine Best Company to Sell For, 2013, 2014, 2015, 2016, 2017, 2018
- 500|5000, 2013, 2014
As part of our dedication to maintaining an inclusive & diverse workforce, OnDeck provides equal employment opportunities (EEO) to all employees & applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, OnDeck complies with applicable state & local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms & conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation & training.
OnDeck expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of OnDecks employees to perform their job duties may result in discipline up to & including discharge.
**No external recruiters or agents, please.**