Application Security Principal Engineer (Remote)

Progressive Leasing is a leading provider of in-store and e-commerce lease-to-own solutions. As an almost 20+ year old FinTech company that has gone from start-up to industry leader, we know how to innovate, simplify, and value all people. We are a company founded on our grit and we are constantly looking to the future. As an ever-evolving group of entrepreneurs and technologists, we strive to do the right thing period in all aspects of our work. We are a subsidiary of PROG Holdings (NYSE:PRG), an exciting FinTech holding company, with three business segments including Progressive, Vive Financial, and Four, a Buy Now Pay Later (BNPL) platform.

We are currently hiring a Principal Application Security Engineer (Remote) to help grow our company and ensure our mission is achieved!

This role is a work from home position and can be performed remotely anywhere in the continental US or in one of our corporate locations in Utah or Arizona.

WE ARE: Prog Tech embodies the modernity and transformational vision that is core to our business evolution. As passionate and hungry technical experts, we join together on the mission of progressing through technology. We believe in taking pride in our engineering, in the relentless pursuit of daily progress, and to bring others with you in your march to the future. We continuously experiment, fail fast, and constantly deliver.

YOU ARE: A high-powered application engineer looking to help drive and develop improvements to the application security program by working effectively with the Progressive Leasing organization and fellow security team members to protect our customers and their data by helping build and operate secure systems. The Application Security team is responsible for measures to improve and ensure the security of web, mobile, code and related components in Progressive Leasing products, including those of our acquired companies. The team owns secure development standards and training, security testing tools focused on the application layer (e.g., SAST, DAST, IAST, SCA), threat modeling, penetration testing, red team, vulnerability management programs, cloud security, and infrastructure-as-code (IaC) security. Application Security works in collaboration with other teams within the Information Security organization, including infrastructure and cloud security, vulnerability management, network security, security operations/incident response, and security compliance.

YOUR DAY-TO-DAY

• Perform management on automated security testing tools; maintain relationships with product vendors
• Review source code, software/system designs, and consult with engineers across the organization to identify and/or avoid security issues through alignment with security standards and best practices
• Perform manual security testing to uncover harder-to-find security flaws in new/existing features and system components
• Implement cloud and application security and contribute to program strategy and roadmap plans
• Run through threat modeling and adversary emulation exercises to ensure optimized security design decisions are being made
• Document and improve secure development lifecycle processes, standards and guidelines
• Provide guidance to engineers and developers on security topics
• Help with internal purple and red team exercises to proactively evaluate Progressive Leasing environments for security flaws
• Leverage your accumulated subject matter expertise on Progressive Leasing applications, systems and infrastructure to propose design patterns and drive architectural improvements which address security flaws

YOU’LL BRING

• Bachelor’s degree in business, Information Systems, Computer Science or technology-related field preferred
• Desired security certifications include: AWS Cloud Practitioner, Cisco CyberOps Associate, cisco Certified Network Associate, CompTIA Security+, CompTIA Network+, ISC2 Entry-Level, ISC2, GIAC, EC-Council, CompTIA, Cloud
• Minimum of 2 years of information technology work experience
• Worked 1-3 years as a security engineer in infrastructure, cloud, and application security
• Has supported assessing/securing complex environments
• Experience writing IaC. As well as experience with containers and container orchestration
• Strong familiarity with Cloud, Linux, Windows, and similar infrastructure/technologies
• Solid understanding of networking
• Knows how to multitask in a fast-paced environment
• Strong analytical and communication skills
• Exceptional attention to detail and accuracy
• Proven ability to meet deadlines with accuracy

WE OFFER   

• Competitive Compensation + STI 
• Full Health Benefits; Medical/Dental/Vision/Life Insurance + Paid Parental Leave
• Company Matched 401k
• Paid Time Off + Paid Holidays + Paid Volunteer Hours
• Employee Resource Groups (Black Inclusion Group, Women in Leadership, PRIDE, Adelante)
• Employee Stock Purchase Program
• Tuition Reimbursement
• Charitable Gift Matching
• Job required equipment and services

Progressive Leasing welcomes and encourages diversity in the workplace. We do not discriminate in any aspect of employment on the basis of race, color, religion, national origin, ancestry, gender, sexual orientation, gender identity and/or expression, age, veteran status, disability, or any other characteristic protected by federal, state, or local employment discrimination laws where Progressive Leasing does business.