At ODX, we’re focused on helping banks reinvent the small business lending process. We provide a unique combination of market-leading software, analytic insights, and professional services to deliver a game changing digital experience. As a wholly-owned subsidiary of OnDeck (NYSE: ONDK), one of the largest online small business lenders, ODX draws on the heritage of $10 billion loaned over the last decade. We’re improving the world’s economic landscape by changing the way small businesses access capital. We care intensely about each other, our company and the customers we serve, and are committed to making every day count.
An ODX-powered bank experience allows customers to apply digitally, receive immediate decisions, and obtain funding as fast as same day. At the core of the ODX solution is a modular, scalable, and secure SaaS platform that enables banks to create a fully end-to-end digital experience or to select certain components. By utilizing the ODX platform, banks can focus on their desired business outcomes such as improved customer experiences, increased portfolio growth, and reduced processing costs.
Technology at ODX is a mix of building world-class user experiences for our partners and their customers, data processing to enable underwriting model development and real-time lending decisions, automating operational and compliance workflows, and generating precise money movements and calculations to service small business customers. We have an emphasis on scalability, security, reliability and accuracy.
Security at ODX:
The OnDeck Security team is looking for a security-minded engineer to help secure the financial data of small businesses nation-wide. As a DevSecOps Engineer, you will integrate security into the tech stack and analyze and improve the security of OnDeck data, systems, and applications. You enjoy leading the discovery and remediation of security issues, collaboration with development, QA, analytics, IT, and DevOps teams, and the assessment of designs against relevant security threats. This position will provide you with a challenging opportunity to learn and grow.
Bring your passion for learning, experimentation, and creative thinking!
Even if you don’t fit this description exactly, but you’ve got a great software development and systems engineering background having dealt with infrastructure or application security issues (like PCI compliance), please contact us too!
- Be embedded with development and devops teams
- Build new product security feature prototypes
- Integrate security tooling and practices into the SDLC and CI/CD pipeline
- Lead security assessments on applications, APIs and platforms. From design reviews to code reviews to penetration testing.
- Collaborate with Development, IT, QA, and DevOps teams to help ensure designs and implementations meet security standards.
- Take ownership in building roadmaps to meet security program goals to achieve not only compliance, but also meet and exceed industry standards such as SOX, ISO, and NIST.
- Build and tune tools to scale security assessment for faster feedback to Development, IT, QA, and DevOps teams through:
- Static code analysis
- Third party library vulnerability scanning
- Dynamic analysis
- Penetration testing
- Lead open source software risk reviews.
- Investigate and respond to security incidents and third-party reported security vulnerabilities.
- Contribute to security policy, standards, and guidelines
- Develop training materials for company-wide general security awareness and job-specific security training from topics ranging from sensitive data handling to leveraging security tools properly
What you offer us:
- You have 5+ years experience with any combinations of the following: penetration testing, threat modeling experience, secure coding, identity management and authentication, software development, cryptography
- You have 2+ years experience working with cloud technologies in an enterprise environment such as AWS EC2, CloudTrail, CloudWatch, AWS Config, and IAM
- You reject the idea of security being a blocker, and actively enjoy collaborating with colleagues across the entire engineering organization.
- You want to build things, not just break them.
- You have experience with application security tools as OWASP ZAP, Portswigger Burp, IBM AppScan, HP WebInspect, InsightVM, Nessus, and/or Qualys.
- You have experience with automation and deployment technologies such as Terraform and Ansible
- You know application security issues such as cross-site scripting, cross-site request forgery, authorization, injection, etc.
- You can deal with compliance needs such as PCI, SOX, FedRAMP.
- You leverage industry security standards and organizations such as SANS, HIPAA, PCI, NIST, SOX, and OWASP.
- You have with securing database technologies such as Postgres and MongoDB
ODX’s groundbreaking partnership efforts with banks began in 2015 and have subsequently proved that a bank and a financial technology (FinTech) company can work collaboratively to mutual benefit on a digital lending platform. ODX is now offering expanded platform solutions for small business lending to a broad range of banks and financial institutions globally.
As the largest online small business lender in the U.S. serving more than 700 different industries, we have been trusted by over 80,000 small businesses by providing them with a term loan or line of credit to help them build growing and thriving enterprises. Since 2007, we’ve issued over $10 billion in capital.
Join us as we enable small businesses to achieve their goals. At OnDeck, we’re reinventing small business financing. We care intensely about each other, our company and the customers we serve, and are committed to making every day count. We are small enough to be nimble and strong enough to make a big impact.
OnDeck and ODX believe that each and every team member plays an important role in our company’s success. That’s why we strive to provide you and your family with a competitive and comprehensive benefit program with a variety of options and opportunities. We offer:
- Generous Vacation
- Comprehensive Healthcare
- Educational Reimbursement
- 401k Matching
- Parental Leave
- Sports Teams
- Stocked Kitchens
- Loan Consolidation
We are going to ask you to talk about your accomplishments. Here are some of ours:
- WorldatWork, 2017 Seal of Distinction
- Fortune 50 Best Workplaces for Diversity, 2016
- Fortune 50 Best Small and Medium Companies to Work For, 2016
- Fortune 30 Best Workplaces in Finance and Insurance, 2016
- Built in Colorado, Top 100 Digital Companies in Colorado, 2015, 2016, 2017
- Crain’s New York Business Fast 50, 2013, 2014, 2015, 2016, 2017
- Fortune and Great Place to Work 100 Best Workplaces for Millennials, 2015
- Fortune/Great Place To Work Great Rated! People’s Picks: 20 Great Workplaces in Financial Services, 2015
- Crain’s New York Best Places to Work, 2013, 2014, 2015
- Colorado SHRM Best Companies to Work For in Colorado, 2015
- Forbes’ America’s Most Promising Companies, 2013, 2014
- Selling Power Magazine Best Company to Sell For, 2013, 2014, 2015, 2016, 2017
- 500|5000, 2013, 2014
As part of our dedication to maintaining an inclusive and diverse workforce, OnDeck provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, OnDeck complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
OnDeck expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of OnDeck’s employees to perform their job duties may result in discipline up to and including discharge.
**No external recruiters or agents, please.**