OneMain Financial: Application Security Manager at OneMain Financial (Baltimore, MD) (Baltimore, MD)

Posted: Mar 26, 2021

Who we are:

OneMain Financial is the countrys largest lending-exclusive financial company. With nearly 1,500 branches across 44 states, we proudly offer safe, affordable and transparent installment loans to millions of hard-working people. Our customers turn to us to meet important financial needs, including debt consolidation, medical expenses, household bills, home improvements and auto purchases. OneMain is constantly innovating to serve customers when, where and how they want. Our steadfast commitment to doing the right thing extends to our customers, our employees and the communities where we live and work a mission thathasntchanged for more than 100 years.

Position Overview:
TheApplication Security Manageris ideally based Baltimore, MD.  Candidates may also be considered in Fort Worth, New York City, Evansville, and Fort Mill.Application Security Managerwill be responsibledriving the lifecycle of application security and embedded with the technology counterparts to ensure security is designing, documenting, and reviewing the implementation of security controls within applications across on-premises and cloud environments. 

Description:
Incorporatesecurity throughout the applicationdevelopmentlifecycle management process

  • Manage and assist with the identification and mitigation of application vulnerability findings and gaps to include the security Application Programming Interfaces (API) to prevent malicious activities from being passed to applications.

  • Collaborate with the DevOps organization and steer them to use secure application development best practices.

  • Provide guidance with secure application coding requirements gathering, detailed design, code tests, user tests, integration tests, performance tests, production deployment, maintenance, and evaluation of controls.

  • Advise on appropriate securecoding guidelines anddevelopment methodologies toimplement.

  • Evaluateand manage application securitywithoversight overclosed andopen-sourcecode governancefor theorganization.

  • Contribute to the enhancement of application security related policy, standards, and procedures.

  • Inspect software libraries for security weaknesses at source code level to ensure compliance with secure codingpractices.

  • Ensure proper application code change management procedures are followed tosafeguardthe integrity of theapplication.

  • Generate application security metrics reports to communicate to management

Experience:

  • 5 - 8 years of direct experiencewith Application Security

  • Solid practical experience with Integrated Development Environments (IDEs) 

  • Knowledge of SonarQube, Veracode and other source code analysis tools to perform static and dynamic codeanalysis

  • Strong data validation, bounds checking, buffer overflows, trapdoor identificationexperience

  • Knowledge of best practices and IT operations in zero downtime environment

Skills:

  • C and C++, Java, JavaScript, Ruby O Rails, JIRA, XML, and SQL

  • Experience with virtualization platforms such as VMware or Hyper-V

  • Experience with CI/CD tools such as Jenkins, TeamCity, Octopus

  • Experience with Docker, and orchestration suites such as Kubernetes, AKS/EKS/GKE

  • Familiarity with configuration management tools such as Ansible, Puppet, and Chef

  • Experience with version control solutions such as Git, SVN, TFS, GitHub,BitBucket, or similar

  • Experience with Agile/Scrum development methodology

  • Must be a persuasive, persistent, adaptable, innovative, and resourcefulindividual

CybersecurityTech, a team withinOneMainsTechnology department, is a fast-growing team focused on providing expert insight into risk, developing team members, and effective oversight of cybersecurity and technology risk. This is a team where you can work with great team members across the Cyber Risk, Cyber Tech, Risk Management, and Technology organizations. You will be challenged to excel with exciting and challenging opportunities daily. There is transparency and great support from management teams to allow team members to be effective, grow their careers and meet company goals. Hard work and initiative are rewarded and recognized by management and colleagues alike, which promotes a culture of respect and value across the organization. Within the CybersecurityTechteam, you will be conducting meaningful work and making a difference in the lives ofOneMainscustomers and team members by promoting a cybersecurity culture, optimizing cybersecurity capabilities, protecting data, and developing cyber resilient programs.

Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.

Benefits:

Because we want our team members to bring us their very best every day, we believe they deserve the right opportunities and benefits. Thats why we packed our comprehensive benefits package for full- and some part-timers with:

  • Health and wellbeing options for team members and their dependents
  • Up to 4% matching 401(k)
  • Tuition reimbursement
  • Continuing education
  • Bonus eligible
  • Paid time off
  • Paid volunteer time
  • And more

Our Company:

OneMain Financial is the countrys largest lending-exclusive financial company, proudly serving millions of customers with safe, affordable and transparent installment loans. Our customers turn to us every dayonline and at 1,500 branches in 44 statesto help them take control and improve their financial lives with solutions for debt consolidation, medical expenses, household bills, home improvements and auto purchases. Our talented and dedicated team members constantly look for responsible ways to serve our customers when, where and how they want. Its all about doing the right thinga mission that hasnt changed for more than 100 years.

#LI-EK1

More Information

Source: Stack Overflow


More Opportunities: