At ODX, we’re focused on helping banks reinvent the small business lending process. We provide a unique combination of market-leading software, analytic insights, and professional services to deliver a game changing digital experience.  As a wholly-owned subsidiary of OnDeck (NYSE: ONDK), one of the largest online small business lenders, ODX draws on the heritage of $10 billion loaned over the last decade. We’re improving the world’s economic landscape by changing the way small businesses access capital. We care intensely about each other, our company and the customers we serve, and are committed to making every day count.

An ODX-powered bank experience allows customers to apply digitally, receive immediate decisions, and obtain funding as fast as same day.  At the core of the ODX solution is a modular, scalable, and secure SaaS platform that enables banks to create a fully end-to-end digital experience or to select certain components. By utilizing the ODX platform, banks can focus on their desired business outcomes such as improved customer experiences, increased portfolio growth, and reduced processing costs.

Technology at ODX is a mix of building world-class user experiences for our partners and their customers, data processing to enable underwriting model development and real-time lending decisions, automating operational and compliance workflows, and generating precise money movements and calculations to service small business customers.  We have an emphasis on scalability, security, reliability and accuracy.

Security at ODX:

We are looking for a security-minded engineer to help secure the financial data of small businesses nation-wide. As an Application Security Engineer, you will integrate tools and analyze the security of ODX data, systems, and applications. You enjoy discovering and addressing security issues, collaborating with development, QA, analytics, IT, and DevOps teams, assessing designs against relevant security threats, this position will provide you with a challenging opportunity to learn and grow.

Bring your passion for learning, experimentation, and creative thinking!

Even if you don’t fit this description exactly, but you’ve got a great software development and systems engineering background having dealt with infrastructure or application security issues (like PCI compliance), please contact us too!


  • Build tools to scale security assessment for faster feedback to Development, IT, QA, and DevOps teams through:
    • Infrastructure vulnerability scanning
    • Server hardening and policy verifications leveraging NIST SCAP
  • Take ownership in building roadmaps to meet security program goals to achieve not only compliance, but also meet and exceed industry standards such as SOX, ISO, and NIST. Evaluate network, systems, and data security architecture and provide feedback to the Security Roadmap
  • Deploy and improve upon security sensors throughout the environment such as, but not limited to:
    • IPS
    • Two-factor authentication
    • SIEM
    • Access provisioning and review
    • Forensics tools
  • Investigate and respond to security incidents
  • Investigate and respond to third-party reported security vulnerabilities.
  • Collaborate with Development, IT, QA, and DevOps teams to help ensure designs and implementations meet security standards
  • Provide guidance on the design and correct implementation of planned security controls such as authentication, authorization, auditing, key management, and encryption
  • Support vendor risk reviews
  • Contribute to security policy, standards, and guidelines
  • Research and work with Security Vendors and Solution providers to ensure the security team is equipped with the proper tools and solutions
  • Develop training materials for company-wide general security awareness and job-specific security training from topics ranging from sensitive data handling to leveraging security tools properly

Qualifications for success:

  • You have 5+ years experience with any combination of the following: penetration testing, threat modeling experience, secure coding, identity management and authentication, cryptography, system and network security
  • You reject the idea of security being a blocker, and actively enjoy collaborating with colleagues across the entire engineering organization
  • You want to build things, not just break them
  • You have experience with infrastructure and security tools such as, but not identical to, zScaler, FireEye, Okta, Sailpoint, EnCase, exaBeam, Securonix, Qualys, Tenable, Rapid7, and ArcSight
  • You know network protocols such as TCP/IP, DNS, VPNs (IPSEC), and wireless security technologies (PEAP, WPA, etc) and can lead projects with IT
  • You can deal with compliance needs such as PCI, SOX, FedRAMP
  • You leverage industry security standards and organizations such as SANS, HIPAA, PCI, NIST, SOX, and OWASP
  • You have experience with securing data in Amazon Web Services (AWS), Salesforce, Postgres, and MongoDB
  • You have experience with configuration management tools such as Terraform, Vagrant, Packer and Ansible
  • Willingness to share and rotate some after-hours work with the team such as on-call security operations support

About ODX:

ODX’s groundbreaking partnership efforts with banks began in 2015 and have subsequently proved that a bank and a financial technology (FinTech) company can work collaboratively to mutual benefit on a digital lending platform.  ODX is now offering expanded platform solutions for small business lending to a broad range of banks and financial institutions globally.

About OnDeck:

As the largest online small business lender in the U.S. serving more than 700 different industries, we have been trusted by over 80,000 small businesses by providing them with a term loan or line of credit to help them build growing and thriving enterprises. Since 2007, we’ve issued over $10 billion in capital.

Join us as we enable small businesses to achieve their goals.  At OnDeck, we’re reinventing small business financing. We care intensely about each other, our company and the customers we serve, and are committed to making every day count. We are small enough to be nimble and strong enough to make a big impact.

Benefits for you:

OnDeck and ODX believe that each and every team member plays an important role in our company’s success. That’s why we strive to provide you and your family with a competitive and comprehensive benefit program with a variety of options and opportunities.  We offer:

  • Generous Vacation
  • Comprehensive Healthcare
  • Educational Reimbursement
  • 401k Matching
  • Parental Leave
  • Sports Teams
  • Stocked Kitchens
  • Loan Consolidation

We are going to ask you to talk about your accomplishments. Here are some of ours:

  • WorldatWork, 2017 Seal of Distinction
  • Fortune 50 Best Workplaces for Diversity, 2016
  • Fortune 50 Best Small and Medium Companies to Work For, 2016
  • Fortune 30 Best Workplaces in Finance and Insurance, 2016
  • Built in Colorado, Top 100 Digital Companies in Colorado, 2015, 2016, 2017
  • Crain’s New York Business Fast 50, 2013, 2014, 2015, 2016, 2017  
  • Fortune and Great Place to Work 100 Best Workplaces for Millennials, 2015
  • Fortune/Great Place To Work Great Rated! People’s Picks: 20 Great Workplaces in Financial Services, 2015
  • Crain’s New York Best Places to Work, 2013, 2014, 2015
  • Colorado SHRM Best Companies to Work For in Colorado, 2015
  • Forbes’ America’s Most Promising Companies, 2013, 2014
  • Selling Power Magazine Best Company to Sell For, 2013, 2014, 2015, 2016, 2017
  • 500|5000, 2013, 2014

As part of our dedication to maintaining an inclusive and diverse workforce, OnDeck provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, OnDeck complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

OnDeck expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of OnDeck’s employees to perform their job duties may result in discipline up to and including discharge.

**No external recruiters or agents, please.**

Apply for this Job

* Required

File   X
File   X