Senior Application Security Engineer

Employee Applicant Privacy Notice
Who we are:
Shape a brighter financial future with us.
Together with our members, we're changing the way people think about and interact with personal finance.
We're a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we're at the forefront. We're proud to come to work every day knowing that what we do has a direct impact on people's lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.
About The role
SoFi Application Security team assists and partners with engineering, product and design organizations. Our mission is to secure the products and services delivered to our members and customers. We deploy best in class Application Security practices, compliance frameworks, and design patterns by collaborating with product owners, engineers, and executives. The mission is core to SoFi's value "Put our member's interest first".
As a Senior Application Security Engineer, you will be responsible for building and implementing security tools and services to support the development of SoFi's platforms, products, and services. You will work in conjunction with Product security engineers, development, and product teams to to bake security controls into software development lifecycle. This role is pivotal to build security with agility and help SoFi scale.
The ideal candidate will be highly collaborative, balancing the right level of security with business objectives, and working to creatively solve complex Application Security related problems in an agile environment.
What you'll do:

• Conduct application security design reviews to identify potential vulnerabilities and recommend mitigation strategies.
• Perform comprehensive code reviews to ensure adherence to security best practices and identify security flaws.
• Develop and implement security services, leveraging coding skills to create robust and scalable solutions.
• Collaborate with development teams to integrate security into the software development lifecycle.
• Design security features and controls to protect applications from threats and ensure compliance with security standards.
• Provide guidance and mentorship to developers on secure coding practices and security architecture.
• Stay current with the latest security trends, tools, and technologies to proactively address emerging threats.
• Contribute to the continuous improvement of security processes and practices within the organization.

What you'll need:

• At least 3-5 years of experience in Python, Java or Golang, emphasizing writing clean, maintainable, and secure code.
• Deep understanding of security fundamentals, including the OWASP Top 10 and best practices for application security.
• Demonstrated understanding on CI/CD pipeline security best practices.
• Knowledge of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols) and their security implications.
• Understanding of the Application Layer of the OSI model and its security considerations.
• Experience with securing mobile applications, understanding of mobile security best practices, and knowledge of platform-specific security features.
• Strong understanding of API security, including best practices for securing RESTful and GraphQL APIs.
• Ability to effectively prioritize and manage multiple work streams, ensuring timely and accurate delivery of security solutions.
• Strong written and verbal communication skills for articulating complex security concepts and solutions to technical and non-technical stakeholders alike.
• Strong understanding of data security principles and cryptography.

Preferred Qualifications:

• Bachelor's degree in computer science or equivalent from a fully accredited college or university
• 4+ years' experience in Application security engineering
• Experience with cloud-native products and an in-depth understanding of microservice topologies and implementations
• 4+ years of experience with programming in Golang or Python
• Knowledge of CI/CD, application development, and testing tools
• Ability to work in a fast-paced and Agile development environment
• Work and play well with others; SoFi is a collaborative environment
• Experience implementing data security solutions such as encryption, masking or tokenization

Nice to have:

• Open-source projects and/or contributions to open-source community
• AWS Certified Security / Solution Architect
• Master's or PhD in Computer Science or Engineering
• Financial services experience

Compensation and Benefits
The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate's experience, skills, and location.
To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi page!
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.
The Company hires the best qualified candidate for the job, without regard to protected characteristics.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
New York applicants: Notice of Employee Rights
SoFi is committed to embracing diversity. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email [email protected].
Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.
Internal Employees
If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.