Pontera is a fintech company on a mission to help people retire better. Our software platform enables retirement savers to get the help they need managing their 401(k) and other retirement plan accounts as part of a personalized strategy by their trusted financial advisor.
Pontera is used by financial advisors across the nation– from SMB to Fortune 500 RIA firms, independent broker-dealers, plan custodians, and plan advisors. Backed by leading venture capital firms including ICONIQ Growth and Lightspeed Venture Partners, Pontera is built by talented individuals who share a dedication to helping people retire with greater security. Our team is fast-growing and driven to become one of the largest fintech companies in the world. Our culture is built on a people-first principle: in a complex and numbers-driven industry, we never lose sight of the people we serve and work alongside.
That’s where you come in.We are seeking a skilled Application Security Engineer to join our security team at Pontera, a rapidly growing fintech company, pioneering innovative solutions in the financial technology space. This role encompasses a comprehensive scope of application security responsibilities, with a significant focus on web application and API security.
RESPONSIBILITIES
- Managing vulnerabilities across our application, including identification, triaging, validation and mitigation, in collaboration with developers, product owners, and QA
- Configuring and maintaining security testing tools integrated within the CI/CD pipeline
- Facilitating pentests and bug bounty programs in partnership with external firms
- Conducting secure development training to enhance team awareness and skills in security best practices
- Collaborating with product teams to ensure security is integrated throughout the SDLC, focusing on product security from conception to deployment
- Ensuring the security of web applications and APIs against common attack techniques
- Developing strategies for the mitigation of potential security threats
REQUIREMENTS
- 3-5 years of proven experience in application security
- A collaborative team player with excellent problem-solving skills, able to work effectively across various teams and independently tackle challenges
- Passionate about security, continuously seeking knowledge in the latest industry trends, and driven to handle complex issues with creative solutions and leadership
- Profound knowledge and experience with OWASP guidelines are essential. The candidate must be well-versed in identifying, analyzing, and mitigating vulnerabilities in web application and API security.
- Strong understanding and practical experience in defending against common attack vectors such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection, and others. The ability to not only recognize but effectively mitigate these threats is critical.
- In-depth experience with SCA, SAST, Secrets scanning, DAST.
- Familiarity with vulnerability rating techniques and models like CVSS, CWE, OWASP Risk Rating, and DREAD.
- Strong understanding of Java, Angular, and SQL. While not required to write code, should be able to understand and review code for security vulnerabilities.
- Proficiency in GitHub, Jira, and IntelliJ IDEA (or similar IDEs).
- Experience with microservices architecture and container technologies like Docker and Kubernetes.
- Strong proficiency in English, both written and verbal, is essential.
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. In lieu of a formal degree, substantial experience in application security or a related area will be considered.
- Preferred Certifications: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), GIAC Web Application Penetration Tester (GWAPT), GIAC Secure Software Programmer - .NET/Java (GSSP) or Other relevant certifications in the field of cybersecurity and ethical hacking.
- Valuable Experience: Demonstrated experience in identifying and resolving security vulnerabilities. This can include a proven track record of filing CVEs, active participation in bug bounty programs, or achievements in CTF competitions.
WHAT WE OFFER
- Opportunity: Have a major impact at a fast-growing startup that is revolutionizing the FinTech industry
- Team Culture: A collegial, collaborative, fun work environment with frequent team events
- Equity: All new hires are eligible for equity grant participation
- Professional Development: Sponsored learning & development program
- Work Flexibility: A hybrid office work model (In-Office Mon/Tues/Weds and WFH Sun//Thurs)