Progressive Leasing
Senior Application Security Engineer (Remote)
Progressive Leasing, Salt Lake City, Utah, United States
Overview
Progressive Leasing
is a leading provider of in-store and e-commerce lease-to-own solutions. As a 20-year+ FinTech company, we innovate, simplify, and value all people. We are a subsidiary of PROG Holdings (NYSE: PRG), with three business segments including Progressive, Vive Financial, and Four, a Buy Now Pay Later platform. We are currently hiring a
Senior Application Security Engineer
to help grow our company and ensure our mission is achieved. This is a work-from-home position and can be performed remotely anywhere in the continental US or at our corporate locations in Utah or Arizona. Employee Value Proposition (EVP): PROG is dedicated to providing people with opportunity for inclusive collaboration, innovation, and development. WE ARE: Prog Tech embodies the modernity and transformational vision that is core to our business evolution. We are engineers who pride ourselves on daily progress, collaboration, and elevating others. We continuously experiment, fail fast, and deliver. YOU ARE: The Senior Application Security Engineer partners closely with engineering and DevOps to ensure security is built into applications and infrastructure from start to finish. You will own security in CI/CD pipelines, provide expertise in threat modeling, and mentor others to raise AppSec maturity. YOU’LL BRING: 5+ years of experience in application security engineering; working expertise in GitHub workflows, AWS, and Azure; proven experience building secure CI/CD pipelines; deep understanding of app security concepts (threat modeling, risk assessment, secure coding); strong experience with DAST, IaC, SAST, SCA, and other tools; familiarity with OWASP, NIST, CIS; strong problem-solving and analytical skills; excellent communication and collaboration skills; team-oriented mindset with passion for knowledge sharing. Responsibilities
Identify areas for improvement in our CI/CD pipeline and design, implement, and maintain security enhancements. Partner with engineering teams to integrate security controls and tooling into the SDLC. Develop and lead a threat modeling program for new and existing applications. Identify vulnerabilities across applications and APIs and engage engineering teams for remediation. Provide guidance on security best practices and vulnerability remediation prioritization to business and engineering teams. Evaluate, implement, and manage security tools and technologies. Mentor and coach engineers, DevOps, and other team members to build a strong AppSec culture. Participate in AppSec team programs (Security Influencers/Champions and office hours) to build relationships with business and engineering teams. Document security best practices, CI/CD pipeline requirements, and AppSec processes and conduct training workshops as applicable. Qualifications
5+ years of experience in application security engineering Working expertise in GitHub workflows, AWS, and Azure Proven experience building secure CI/CD pipelines Deep understanding of application security concepts (threat modeling, risk assessment, secure coding) Strong experience with DAST, IaC, SAST, SCA, and other security tools integrated into pipelines Familiarity with OWASP, NIST, CIS Strong problem-solving and analytical skills with a security mindset Excellent communication and collaboration skills Team-oriented mindset with a passion for sharing knowledge We offer
Competitive compensation Full health benefits (Medical/Dental/Vision/Life) + paid parental leave Company matched 401k Paid time off, paid holidays, and paid volunteer hours Employee Resource Groups (Black Inclusion Group, Women in Leadership, PRIDE, Adelante) Employee stock purchase program Tuition reimbursement Charitable gift matching Job-required equipment and services Progressive Leasing welcomes and encourages diversity in the workplace. We do not discriminate in any aspect of employment on the basis of race, color, religion, national origin, ancestry, gender, sexual orientation, gender identity and/or expression, age, veteran status, disability, or any other characteristic protected by applicable laws.
#J-18808-Ljbffr
Progressive Leasing
is a leading provider of in-store and e-commerce lease-to-own solutions. As a 20-year+ FinTech company, we innovate, simplify, and value all people. We are a subsidiary of PROG Holdings (NYSE: PRG), with three business segments including Progressive, Vive Financial, and Four, a Buy Now Pay Later platform. We are currently hiring a
Senior Application Security Engineer
to help grow our company and ensure our mission is achieved. This is a work-from-home position and can be performed remotely anywhere in the continental US or at our corporate locations in Utah or Arizona. Employee Value Proposition (EVP): PROG is dedicated to providing people with opportunity for inclusive collaboration, innovation, and development. WE ARE: Prog Tech embodies the modernity and transformational vision that is core to our business evolution. We are engineers who pride ourselves on daily progress, collaboration, and elevating others. We continuously experiment, fail fast, and deliver. YOU ARE: The Senior Application Security Engineer partners closely with engineering and DevOps to ensure security is built into applications and infrastructure from start to finish. You will own security in CI/CD pipelines, provide expertise in threat modeling, and mentor others to raise AppSec maturity. YOU’LL BRING: 5+ years of experience in application security engineering; working expertise in GitHub workflows, AWS, and Azure; proven experience building secure CI/CD pipelines; deep understanding of app security concepts (threat modeling, risk assessment, secure coding); strong experience with DAST, IaC, SAST, SCA, and other tools; familiarity with OWASP, NIST, CIS; strong problem-solving and analytical skills; excellent communication and collaboration skills; team-oriented mindset with passion for knowledge sharing. Responsibilities
Identify areas for improvement in our CI/CD pipeline and design, implement, and maintain security enhancements. Partner with engineering teams to integrate security controls and tooling into the SDLC. Develop and lead a threat modeling program for new and existing applications. Identify vulnerabilities across applications and APIs and engage engineering teams for remediation. Provide guidance on security best practices and vulnerability remediation prioritization to business and engineering teams. Evaluate, implement, and manage security tools and technologies. Mentor and coach engineers, DevOps, and other team members to build a strong AppSec culture. Participate in AppSec team programs (Security Influencers/Champions and office hours) to build relationships with business and engineering teams. Document security best practices, CI/CD pipeline requirements, and AppSec processes and conduct training workshops as applicable. Qualifications
5+ years of experience in application security engineering Working expertise in GitHub workflows, AWS, and Azure Proven experience building secure CI/CD pipelines Deep understanding of application security concepts (threat modeling, risk assessment, secure coding) Strong experience with DAST, IaC, SAST, SCA, and other security tools integrated into pipelines Familiarity with OWASP, NIST, CIS Strong problem-solving and analytical skills with a security mindset Excellent communication and collaboration skills Team-oriented mindset with a passion for sharing knowledge We offer
Competitive compensation Full health benefits (Medical/Dental/Vision/Life) + paid parental leave Company matched 401k Paid time off, paid holidays, and paid volunteer hours Employee Resource Groups (Black Inclusion Group, Women in Leadership, PRIDE, Adelante) Employee stock purchase program Tuition reimbursement Charitable gift matching Job-required equipment and services Progressive Leasing welcomes and encourages diversity in the workplace. We do not discriminate in any aspect of employment on the basis of race, color, religion, national origin, ancestry, gender, sexual orientation, gender identity and/or expression, age, veteran status, disability, or any other characteristic protected by applicable laws.
#J-18808-Ljbffr