Application Security Architect (Staff Engineer)

Helping the Everyday Consumer Build Financial Health 

OppFi is a leading financial technology platform that powers banks to help the everyday consumer gain access to credit. Through our unwavering commitment to customer service, OppFi helps consumers who are turned away by traditional providers build a better financial path. OppFi is an Inc. 5000 company for five straight years, a Deloitte's Technology Fast 500™, and the seventh fastest-growing Chicagoland company by Crain's Chicago Business. The company was also named on Forbes America 2021 list of America's Best Startup Employers and Built In's 2021 Best Places to Work in Chicago. We welcome individuals to join us in facilitating financial inclusion and credit access for everyday consumers to live the life they deserve.

OppFi is a team of caring, innovative, and inclusive individuals with diverse perspectives and backgrounds. Our employees approach every new challenge with an unparalleled ability to see what could be rather than settle for what is. We want people to be excited to come to work every day and know you are a part of making a difference. Our company values guide us and create an open and collaborative culture where we hold the door, say what we see, do what we say, and dare to win together!

We are looking for a hands-on, motivated, and deeply technical Security expert to join our Information Security team. This is a position of technical expertise, influence, and leadership. You will be responsible for helping us define and design the security solutions that meet the needs of the business while conforming to regulatory obligations, security standards, and policies. 

What you get to do: 

• Serve as a senior technical escalation point for junior team members, an advisor to leadership, and a business enabler in providing security consulting services across the company, especially in the application security domain.
• Leads the development of enterprise-wide application security designs as well as researches, develops, and recommends architectural policies and practices for current and future security initiatives from the definition phase through implementation.
• Build and manage secure development standards across the organization.
• Defines security requirements, tracks security-specific issues/concerns; provides solutions, communicate identified vulnerabilities being introduced into the environment, and identifies exceptions to policy.
• Work closely with other Technology and Product team members as part of the Software Development Life Cycle in developing complex end-to-end solutions.
• Assist with penetration testing, incident handling/digital forensics, continuous monitoring, intrusion detection/prevention, and vulnerability management.
• Cultivate secure coding standards based on industry-accepted frameworks.
• Participate in tactical projects as they arise to clarify and respond to identified security risks across different technical domains.
• Coach security engineers; Build and maintain relationships across the company to promote security awareness and initiatives.
• Monitors emerging business and cybersecurity trends and proactively identify emerging cybersecurity use cases and drive innovation opportunities.

What you will bring to the team:

• Bachelor's degree in Information Systems, Engineering, IT, Computer Science, or a related field, or equivalent alternative education, skills, and/or practical experience is required.
• 12 years of increasing experience applying security principles with at least 5 years of working experience in defensive application security. 5 years of experience as an engineering manager desired
• Technical Expertise
• In-depth experience with web vulnerabilities with a deep understanding of how to identify, exploit, and remediate common application vulnerabilities through the use of tools and code review.
• Hands-on experience integrating security into the various stages of a CI/CD pipeline.
• Experience working with application security platforms and web application penetration testing
• Functions equally well in abstract, conceptual, and architectural work as in granular technical implementation and configuration work.
• Solid understanding of core AWS services including compute (EC2, ECS, Lambda), network (VPC, Subnets, Security Groups), storage (S3, EFS, EBS), database (RDS), and identity (IAM).
• Experience maintaining cloud resources using infrastructure-as-code (CloudFormation, CDK, etc.).
• Scripting language experience (Bash, Python, etc.) with strong working knowledge of automation.
• Solid understanding of the AWS well-architected framework with working experience in implementing the security pillar of the framework.
• Security certifications (i.e. CCSP, CCSK, CISSP, and AWS).
• Leadership
• Demonstrated ability to think strategically about business, product, and technical challenges.
• Ability to coach and mentor junior engineers.
• Ability to influence others to accept and understand technical direction, new concepts, practices, and approaches. 
• Works proactively; anticipates and prevents highly complex problems crossing disciplines.
• Risk Management
• Deep understanding of enterprise risk management methods and techniques to drive successful outcomes in a complex environment.
• Experience with security, control, and risk frameworks (FFIEC, NIST, COBIT, ISO, etc.) and experience mapping control frameworks to security practices

Reports to: Chief Information Security Officer 

Job Level:  Staff Engineer 

The minimum salary based on qualifications and experience is $170,000. The total compensation package includes eligibility for performance-based bonuses as well as a 1-time equity grant based on level.

The actual offer, reflecting the total compensation package and benefits, will be at the company’s sole discretion, and determined by a myriad of factors including, but not limited to, years of experience, depth of experience, and other relevant business considerations.

Define your career at OppFi

OppFi is committed to providing an exceptional employee experience from Day 1. Key new hire programs include Day 1 Orientation, training with your manager and team, lunches with our CEO and President, and an educational summit featuring presentations by our senior leaders. Throughout and beyond your first-year journey, you'll have access to a variety of events focused on culture, inclusion, connection, and education. We want you to feel welcomed, informed, and valued for who you are and what you bring to our company. 

• Day 1 - Month 3: Define Your Mission

You’ll understand our company mission, values, and vision, and how your position at OppFi plays a part in that. With the help of your manager, you’ll set mission-aligned goals to make an impact in your role.

• Months 3 - 6: Define Your Belonging

You’ll understand OppFi’s culture and know how to engage with and influence that culture.

• Months 6 - 12: Define Your Journey

You’ll feel confident in your ability to execute in your role and empowered to take next steps in developing your career at OppFi.

Compensation and Benefits

OppFi offers a flexible remote environment, 401(k) matching program, and flexible paid vacation. Other benefits include medical benefits, dental and vision coverage, and tuition reimbursement. To support your wellness & growth, we provide monthly meditation and yoga classes and access to all LinkedIn Learning courses. We also offer Fringe, which is a lifestyle benefits platform that lets you decide how you want to spend your rewards from dozens of vendors like Uber, Doordash and Urban Sitter. Dress code is casual. 

EEOC Statement: 

OppFi is an equal opportunity employer and does not discriminate based on any actual or perceived legally recognized protected bases under local, state, or federal law or regulations. Our goal as a company is to build an equitable workplace that actively works to dismantle systems of oppression in our processes, procedures, and interactions. We aim to help our employees thrive where they work and beyond. Check out our Culture page here.

OppFi is committed to the full inclusion of all qualified individuals. As part of this commitment, OppFi will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact our People team at recruiting@oppfi.com. 

Pursuant to the requirements of the California Consumer Privacy Act, OppFi is providing the "OppFi California Employee Privacy Policy", which details the categories of personal information collected and your rights under the policy. If you are a California resident, please review the policy here: https://www.oppfi.com/careers/