Engineer, Information Security-AppSec 190451

Pleasanton, CA
Technology & Operations – Information Security and IRM
Full time
Ellie Mae (NYSE:ELLI) is the leading cloud-based platform provider for the mortgage finance industry. Ellie Mae’s technology solutions enable lenders to originate more loans, reduce origination costs, and reduce the time to close, all while ensuring the highest levels of compliance, quality and efficiency. Visit ‪ EllieMae.com to learn more.

Ellie Mae is looking for a forward-thinking, passionate and dedicated individual to join our Information Security team. You would be responsible for the overall application security efforts and would play a key role in maintaining and continuing to enhance security for Ellie Mae. This will include working closely with our VP of Information Security to implement security policies and employ a variety of technologies to monitor adherence to these policies. This is a very senior position and will require someone that is comfortable working across multiple security disciplines, organization functions and departments. You will be responsible for Application Security of Next Generation and Current Generation application. Performing threat analysis of the architectures, propose solutions. Performing the threat analysis and tuning of Web attacks and perform forensic investigations. You will make an impact by defining the new generation security architecture for AWS cloud environment, recommend security architecture improvements, and provide metrics for executive-level dashboards.

Summary of Responsibilities

    • This individual would be responsible for the overall application security efforts and would play a key role in maintaining and continuing to enhance security for Ellie Mae. 
    • This will include working closely with our Sr. Director, Information Security to implement security policies and employ a variety of technologies to monitor adherence to these policies.
    • This is a very senior position and will require someone that is comfortable working across multiple security disciplines, organization functions and departments. 
    • The Sr. Engineer, Information Security will be responsible for Application Security of Next Generation and Current Generation application.
    • Performing threat analysis of the architectures, propose solutions. Performing the threat analysis and tuning of Web attacks and perform forensic investigations.
    • The Sr. Engineer, Information Security will play a key role in defining the new generation security architecture for AWS cloud environment, recommend security architecture improvements, and provide metrics for executive-level dashboards.

Basic Skills and Qualifications

    • Perform code review, static code analysis, dynamic code analysis.
    • Able to automate the security toolkits with automation tools like Jenkins, terraform, Jfrog, other repositories.
    • Proficient in SWAT analysis for threat modelling.
    • Proficient in OWASP Top 10 attacks, scenarios.
    • Proficient in performing Application Specific Pen Testing on Web applications, mobile Applications, REST API, SOAP API and able to build automated frameworks and toolkits.
    • Ability to script in python, Ruby, perl if required for security automation.
    • Serve as a resource cross-functionally to share security insight and best practices with other teams.
    • Design, build and deploy next generation cloud security practices to protect Company’s public and private cloud infrastructure.
    • Work across product, cloud and business systems teams to enhance and evangelize security in cloud environments.
    • Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts.
    • Evangelize security throughout the enterprise and drive changes needed to respond to emerging threats.
    • Lead initiatives to develop and build security utilities and tools that will enable others to operate more efficiently and securely in cloud environments.
    • Able to integrate the framework logs in SIEM.
    • Threat briefing to Product team and solutioning.

Basic Skills and Qualifications

    • In-depth knowledge of AWS and other public and private cloud infrastructures.
    • 5+Experience with building and operating secure infrastructures.
    • 5+ years of experience as a security professional.
    • In depth knowledge of AWS, other private cloud environment and security.
    • Strong understanding of Application Security, Oauth frameworks, OWASP top 10, Pen Testing.
    • Background in application development
    • Excellent written and communication skills
    • Strong work ethic, demonstrated self-starter, ability to work in a fast paced, team-oriented environment
    • Strong organizational skills
    • Strong technical aptitude, a desire to learn, and a very strong interest in security is a must
    • 2+ years working in a UNIX/Linux environment
    • 2+ years working in a Microsoft environment
    • Strong knowledge packet/traffic analysis, wireshark, BurpSuite, Nessus, nmap and related tools (e.g.: Wireshark, tcpdump)
    • SIEM (Ex: Splunk, ArcSight, etc)
    • Encryption technologies (ex: SSL/TLS, IPSec, TDE, PKI)
    • Authentication/Authorization
    • Experience with many of the following technologies: Web Application Firewall, DLP, HIPS, File Integrity, ETDR tools, Enterprise anti-malware solutions, Wireless Security
    • OS hardening and security best practices
#LI-TM1

Ellie Mae is an equal opportunity and affirmative action employer. Women, minorities, people with disabilities, and veterans are encouraged to apply.

We do not accept resumes from headhunters, placement agencies, or other suppliers that have not signed a formal agreement with us.