Job Post

Senior Application Security Engineer

Website OnDeck

Financial services

Innovation, collaboration, and success: at OnDeck, We Make It Happen. We’ve changed the way small businesses access financing. With the spirit of a fintech start-up and the stability of a larger organization, OnDeck helps customers achieve their ambitions while leading in the small business lending space. We operate with a one team mindset, supporting each other and celebrating our wins together. If you’re looking for a fast-paced, entrepreneurial, inclusive environment where you can make an impact on our customers and business, OnDeck could be the place for you.

Technology at OnDeck is a mix of building world-class user experiences for our partners and direct customers, data processing to enable underwriting model development and real-time lending decisions, automating operational and compliance workflows, and generating precise money movements and calculations to service our customers. We have an emphasis on scalability, security, reliability and accuracy.

The OnDeck Security team is looking for a security-minded engineer to help secure the financial data of small businesses nation-wide. As a Security Engineer, you will integrate tools and analyze the security of OnDeck data, systems, and applications. You enjoy leading the discovery and remediation of security issues, collaboration with development, QA, analytics, IT, and DevOps teams, and the assessment of designs against relevant security threats. This position will provide you with a challenging opportunity to learn and grow.

As a Senior Application Security Engineer at OnDeck, you will:

Threat model and review new application designs
Detail Security requirements and recommendations for new application features and applications
Assess third party vendors for security vulnerabilities
Perform secure code reviews
Perform dynamic application assessments
Write security tests for applications
Manage the life cycle of application security vulnerabilities
Enhance the application security practice through automation and process
Work with incident response teams to identify potential threats and properly handle application security incidents
Qualifications to make it happen:


At least 5 years of experience with any combinations of the following: dynamic application testing, threat modeling experience, secure code review, identity management and authentication, software development, cryptography.
You reject the idea of security being a blocker, and actively enjoy collaborating with colleagues across the entire engineering organization.
You want to build things, not just break them.
Experience with application security tools as OWASP ZAP, Portswigger Burp, IBM AppScan, HP WebInspect, and Acunetix.
Know and recognize application security issues such as cross-site scripting, cross-site request forgery, authorization, injection attacks, etc. in code.
You can deal with compliance needs such as PCI, SOX, FedRAMP.
You leverage industry security standards and organizations such as SANS, HIPAA, PCI, NIST, SOX, and OWASP.

Publications or Tech Talks at conferences or meetups focused on Security.
Experience working in DevSecOps and Security Automation.
AWS Security experience or practices.
Experience with securing data in Amazon Web Services (AWS), Salesforce, Postgres, and MongoDB is a plus.
Development experience with Java and JavaScript. Ruby and Angular a plus.
About OnDeck:

OnDeck is the largest online small business lender in the U.S. Since 2007, we’ve issued over $12 billion in loans for many business needs including inventory purchase, equipment acquisition, hiring, and general corporate purposes. Serving more than 700 industries throughout the country, OnDeck has been trusted by over 100,000 small businesses by providing them with a term loan or line of credit to help them build a growing and thriving enterprise.

Click here for a glimpse inside our offices

At OnDeck, it’s We Before Me. We support each other and we love seeing people succeed. That’s why we offer a competitive and comprehensive benefit program with a variety of options and opportunities. We offer:

Flexible Paid Time Off; Paid Sick Days; Paid Holidays; Paid Birthday
Comprehensive Healthcare (Medical/Dental/Vision/Life Insurance)
Wellness Subsidy and Mental Health Coaches
Voluntary Auto/Home/Pet Insurance
Educational Reimbursement; Flexible Working Arrangements
401k Matching, Loan Consolidation, Employee Stock Purchase Program
Paid Parental Leave and Sabbaticals
Affinity Groups and Volunteer Events
We are going to ask you to talk about your accomplishments. Here are some of ours:

Built in Colorado, Top 100 Digital Companies in Colorado, 2015, 2016, 2017
Built in NYC’s 100 Best Places to Work, 2019
Colorado SHRM Best Companies to Work For in Colorado, 2015
Crain’s New York Best Places to Work, 2013, 2014, 2015
Crain’s New York Business Fast 50, 2013, 2014, 2016, 2017
Denver Business Journal Largest  Technology Employers in Denver, 2019
Denver Business Journal Best Places to Work, 2019
FinTech Breakthrough Award – Best Overall LendTech Company, 2018
Fortune 50 Best Workplaces for Diversity, 2016
Fortune 50 Best Small and Medium Companies to Work For, 2016
Fortune 30 Best Workplaces in Finance and Insurance, 2016 and Great Place to Work 100 Best Workplaces for Millennials, 2015
Fortune/Great Place To Work Great Rated! People’s Picks: 20 Great Workplaces in Financial Services, 2015
Forbes’ America’s Most Promising Companies, 2013, 2014
Great Place to Work Certification, 2017, 2018, 2019
Inc. 500|5000, 2013, 2014
Inc. Hire Power, 2013
Lending Tree’s Top Rated Customer Satisfaction, Q1 2018
Selling Power Magazine Best Company to Sell For, 2013, 2014, 2015, 2016, 2017, 2018, 2019
US News & World Report, “Best Unsecured Business Loans of 2018” – Best for Term Loans
Washington Post Top Places to Work, 2019
WorldatWork, 2017 Seal of Distinction
TalentDesk’s Best Large Companies for Computer Science Jobs in Arlington, Virginia: #1, 2019
TalentDesk’s Best Companies for Customer Service Jobs in Denver, Colorado: #1, 2019
TalentDesk’s Best Companies for Quality Assurance Jobs in Denver, Colorado: #1, 2019
As part of our dedication to maintaining an inclusive and diverse workforce, OnDeck provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, OnDeck complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

OnDeck expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of OnDeck’s employees to perform their job duties may result in discipline up to and including discharge.

**No external recruiters or agents, please.**

Tagged as: security, static code analysis

To apply for this job please visit