Innovation, collaboration, & success: at OnDeck,We Make It Happen. Weve changed the way small businesses access financing. With the spirit of a fintech start-up & the stability of a larger organization, OnDeck helps customers achieve their ambitions while leading in the small business lending space. We operate with a one team mindset, supporting each other & celebrating our wins together. If youre looking for a fast-paced, entrepreneurial, inclusive environment where you can make an impact on our customers & business, OnDeck could be the place for you.
Technology at OnDeck is a mix of building world-class user experiences for our partners & direct customers, data processing to enable underwriting model development & real-time lending decisions, automating operational & compliance workflows, & generating precise money movements & calculations to service our customers. We have an emphasis on scalability, security, reliability & accuracy.
The OnDeck Security team is looking for a security-minded engineering leader to help secure the financial data of small businesses nation-wide. As a Tech Lead, Application Security, you will integrate tools & analyze the security of OnDeck data, systems, & applications. You enjoy leading the discovery & remediation of securityissues, collaboration with development, QA, analytics, IT, & DevOps teams, & the assessment of designs against relevantsecurity threats. This position will provide you with a challenging opportunity to learn & grow.
As a Technical Lead, Application Security at OnDeck, you will:
- Provide technical leadership in the assessment, design & implementation of application security program
- Improve & manage the application security program by developing partnerships with tech & product teams
- Perform threat modeling & security architecture reviews
- Guide product & technology teams to integrate security into their software development lifecycle
- Conduct static code reviews & dynamic security assessments
- Effectively deliver technical debriefs to stakeholders including technical staff, stakeholders & leaders
- Perform & oversee application security vulnerability assessments, penetration testing & provide vulnerability remediation guidance
- Develops scripts, tools, methodologies & best practices to improve team capabilities while articulating business risks of technical vulnerabilities to various stakeholders
- Provide security training & outreach to internal development teams
Qualifications to make it happen:
- 8+ years of experience with any combinations of the following: dynamic applicationtesting, threat modeling experience, secure code review, identity managementand authentication, software development, cryptography.
- Have a strong knowledge of building security into continuous integration & delivery (CI/CD) pipeline.
- Use a risk-based approach, advocate for & help prioritize remediation of security findings & develop/report metrics measuring the state of application security program.
- Managerial experience, ideally having experience managing remote employees
- Experience with application security tools as OWASP ZAP, Portswigger Burp, IBM AppScan, HP WebInspect, & Acunetix.
- Know & recognize application security issues
- You leverage industry security standards & organizations such as NIST
- Publications or Tech Talks at conferences or meetups focused on Security.
- Experience working in DevSecOps & Security Automation.
- AWS Security experience or practices.
- Experience with securing data in Amazon Web Services (AWS), Salesforce, Postgres, & MongoDB is a plus
- You reject the idea of security being a blocker, & actively enjoycollaborating with colleagues across the entire engineering organization.
- You want to build things, not just break them
OnDeck is the largest online small business lender in the U.S. Since 2007, weve issued over $12 billion in loans for many business needs including inventory purchase, equipment acquisition, hiring, & general corporate purposes. Serving more than 700 industries throughout the country, OnDeck has been trusted by over 100,000 small businesses by providing them with a term loan or line of credit to help them build a growing & thriving enterprise.
Click here for a glimpse inside our offices
At OnDeck, itsWe Before Me. We support each other & we love seeing people succeed. Thats why we offer a competitive & comprehensive benefit program with a variety of options & opportunities. We offer:
- Flexible Paid Time Off; Paid Sick Days; Paid Holidays; Paid Birthday
- Comprehensive Healthcare (Medical/Dental/Vision/Life Insurance)
- Wellness Subsidy & Mental Health Coaches
- Voluntary Auto/Home/Pet Insurance
- Educational Reimbursement; Flexible Working Arrangements
- 401k Matching, Loan Consolidation, Employee Stock Purchase Program
- Paid Parental Leave & Sabbaticals
- Affinity Groups & Volunteer Events
We are going to ask you to talk about your accomplishments. Here are some of ours:
- Built in Colorado, Top 100 Digital Companies in Colorado, 2015, 2016, 2017
- Built in NYCs 100 Best Places to Work, 2019
- Colorado SHRM Best Companies to Work For in Colorado, 2015
- Crains New York Best Places to Work, 2013, 2014, 2015
- Crains New York Business Fast 50, 2013, 2014, 2016, 2017
- Denver Business Journal Largest Technology Employers in Denver, 2019
- Denver Business Journal Best Places to Work, 2019
- FinTech Breakthrough Award Best Overall LendTech Company, 2018
- Fortune 50 Best Workplaces for Diversity, 2016
- Fortune 50 Best Small & Medium Companies to Work For, 2016
- Fortune 30 Best Workplaces in Finance & Insurance, 2016
- Fortune.com & Great Place to Work 100 Best Workplaces for Millennials, 2015
- Fortune/Great Place To Work Great Rated! Peoples Picks: 20 Great Workplaces in Financial Services, 2015
- Forbes Americas Most Promising Companies, 2013, 2014
- Great Place to Work Certification, 2017, 2018, 2019
- Inc. 500|5000, 2013, 2014
- Inc. Hire Power, 2013
- Lending Trees Top Rated Customer Satisfaction, Q1 2018
- Selling Power Magazine Best Company to Sell For, 2013, 2014, 2015, 2016, 2017, 2018, 2019
- US News & World Report, Best Unsecured Business Loans of 2018 Best for Term Loans
- Washington Post Top Places to Work, 2019
- WorldatWork, 2017 Seal of Distinction
- TalentDesks Best Large Companies for Computer Science Jobs in Arlington, Virginia: #1, 2019
- TalentDesks Best Companies for Customer Service Jobs in Denver, Colorado: #1, 2019
- TalentDesks Best Companies for Quality Assurance Jobs in Denver, Colorado: #1, 2019
As part of our dedication to maintaining an inclusive & diverse workforce,OnDeck provides equal employment opportunities (EEO) to all employees & applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, OnDeck complies with applicable state & local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms & conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation & training.
OnDeck expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of OnDecks employees to perform their job duties may result in discipline up to & including discharge.
**No external recruiters or agents, please.**