Senior Security Engineer

San Francisco, CA
IT /
Full Time /
Remote
About AutoFi
AutoFi is the leading provider of digital commerce technology that powers the sales and finance experiences for the most innovative brands and dealers in automotive. The AutoFi platform enables a more transactional buying experience with $4B in funded loans processed through AutoFi annually. AutoFi’s dynamic selling platform empowers dealers to sell vehicles more efficiently and profitably, both online and in the showroom. We are funded for years of future growth and backed by investors including Crosslink Capital, Santander Holdings USA, SVB Financial Group, Ford, BMW iVentures and Mouro Capital.

Our team is diverse - spread out across the U.S. and Canada, we have backgrounds from finance and technology as well as deep experience in all areas of the auto space. We’re empathetic, gritty, curious, and humble owners of this business and are supported by some of the biggest names in the auto and financial industries as commercial partners. We’ve never been more excited about the opportunity in front of us to help transition the auto industry from offline to online. If changing a trillion-dollar industry sounds exciting, we’d love to hear from you.

For more information, visit www.autofi.com.


In addition to competitive compensation plans, we offer the following benefits & perks:

    • $160,000 - $200,000 salary
    • Unlimited PTO
    • Comprehensive health, vision & dental plans for you and your family
    • Latest technology & software tools including company-paid MacBook computer
    • Remote office
    • Opportunity to quickly grow your career

Responsibilities:

    • Design and implement security practices and standards for security-related activities in the software engineering process (e.g. threat modeling and secure coding practices)
    • Implement tooling to support DevSecOps processes including SAST, DAST, IAST, and SCA
    • Assess infrastructure, web, and application environments to help identify & prioritize risks
    • Lead RED team activities, including both in-house and 3rd-party penetration tests
    • Drive first-level triage and resolution of Bug Bounty submissions

Required Qualifications:

    • Experience with static & dynamic analysis, security code reviews, and application security frameworks (e.g. OWASP)Strong understanding of SAST, DAST, IAST, and SCA tooling
    • Experience with web & cloud security controls/frameworks
    • Minimum of 6 years of experience designing secure products and engineering security functions
    • Familiarity with network and web application protocols (HTTP/S, SAML 2.0, OAuth, Rest APIs)
    • Industry experience building data-driven applications with Javascript, Node.js, and NoSQL
    • Minimum BS/BA in Cybersecurity, Information Security, Computer Science, or relevant degree, with the ability to demonstrate sophisticated logical thought processes
    • CISSP or similar certifications (SANS, CEH, AWS Security)
    • Comfortable in a fast-paced start-up environment.

Preferred Qualifications:

    • Experience with common threat modeling frameworks (STRIDE, DREAD, etc).
    • Experience with cloud-based Web Application Firewall solutions
    • Experience running or participating in bug bounty programs
    • Familiarity with ethical hacking and penetration testing tools & methodologies
    • Experience with AWS security best practices and native controls & services
    • Prior Automotive or Fin Tech experience 


What's in it for you:

- We offer full training and a competitive total rewards package along with great benefits
- Medical, Dental & Vision coverage - 100% premium coverage for employee / 50+% for dependents
- Flexible work hours
- Remote environment
- Competitive pay
- Visionary leadership team
- Growth opportunities within a dynamic culture
- Wellness & cultural initiatives (fitness challenges, wellness webinars, virtual games, regional activities, etc.)
- Up to $1K per year for employee professional development
- Stock options - we are all owners!


Individual compensation decisions are based on a number of factors, including the candidate’s experience and qualifications and local market conditions. Please note, the foregoing salary range does not reflect an employee’s total compensation package, which may include bonus, company equity, and health benefits.

AutoFi is an equal opportunity employer.  Individuals seeking employment are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, sexual orientation, gender identity or other protected status under all applicable laws, regulations, and ordinances.

Personal Information submitted as part of your application is subject to our website privacy policy, located at https://www.autofi.com/privacy-policy/