Associate Security Engineer (R11791)



India · Remote
Posted on Thursday, March 21, 2024


Oportun (Nasdaq: OPRT) is a digital banking platform that puts its 2.2 million members' financial goals within reach. With intelligent borrowing and savings, Oportun empowers members with the confidence to build a better financial future. Since inception, Oportun has provided more than $17.8 billion in responsible and affordable credit, saved its members more than $2.3 billion in interest and fees, and helped our members save an average of more than $1,800 annually. For more information, visit


Working at Oportun means enjoying a differentiated experience of being part of a team that fosters a diverse, equitable and inclusive culture where we all feel a sense of belonging and are encouraged to share our perspectives. This inclusive culture is directly connected to our organization's performance and ability to fulfill our mission of delivering affordable credit to those left out of the financial mainstream. We celebrate and nurture our inclusive culture through our employee resource groups.


We are seeking an Associate Security Engineer with a focus on cloud computing to join Security Engineering & Architecture team in Opotun’s internal cyber organization,. The Associate Security Engineer will design, engineer, deploy, and maintain custom automation products while also ensuring production systems in use by the Security Teams are operating smoothly, within uptime objectives, and updated with the latest content and functionality. This position within Oportun's Shift-Left Cyber Org will involve active participation in all aspects of the Engineering Ecosystem. The Associate Security Engineer will play a crucial role in defining and implementing security controls for both Oportun's infrastructure and applications. The Associate Security Engineer will coordinate with DevOps engineers and developers to monitor the pulse of system performance and capacity, proactively recommending and implementing changes while automating ‘toil’ and repetitive tasks.

By joining Oportun, the firm will invest in your personal growth in the areas of technical aptitude, leadership skills, and business acumen. Engineers will work cross-functionally with business partners and key stakeholders to deliver clear recommendations and solutions that drive results.

This is an exciting opportunity in an innovative organization where your contributions will have a meaningful impact on broadening access to financial products for consumers with little or no credit history.


  • Develop security controls to ensure cloud applications and infrastructure adhere to compliance / benchmarks.
  • Create intelligent automations to negate repetitive tasks within day-to-day operations of Security Teams.
  • Lead the initiatives around Outbound Email Security.
  • Configure and maintain Web Application Firewall.
  • Provide engineering insights and system integration efforts during Security Tools PoC activities.
  • Support Vulnerability management team with focus on Application Security Configurations and Coverage.
  • Build automation tools to support and maintain the inventory of application and associated cloud resources.
  • Comprehend deficiencies in security solutions and understand how to fine-tune and operate them.
  • Install, configure, integrate and implement technologies for enhanced auditing, prevention, detection, and response capabilities.
  • Conduct technical research or root cause analysis when necessary and implement resulting action items that contribute to our enterprise security strategy.
  • Maximize existing investment in security architecture and tools by comprehending deficiencies in current setup and understand how to fine-tune and operationalize them.
  • Design and implement standards, policies, and procedures for automations, integrations and other SecOps Activities.


  • Bachelor’s degree in computer science, information systems or related field from an accredited institution OR 1+ years of hands on experience in the fields of Engineering and Cyber Security.
  • Experience with scripting, programming and automation is a mandatory qualification for this role.
  • Experience with implementing solutions by way of consuming 3rd party SDKs. Awareness of API Security is a bonus.
  • Experience with delivering solutions at scale while leveraging DevSecOps processes.
  • Experience with application architecture and/or SDLC best practices.
  • Experience working in or with application development teams and understanding of engineering language/culture.
  • Comprehensive knowledge and hands-on programming practice with Python or Go.
  • Practical knowledge of Cloud Platform administration (AWS, Azure and Kubernetes).
  • Basic understanding of CI/CD pipelines and related tools (Github Actions, Bamboo, Jenkins, Azure DevOps).
  • Basic understanding of Internet security issues, OWASP Top 10, Security Protocols, OSI Security Architecture and Security Compliance and Controls.
  • General grasp of Operational processes, Endpoint Security and Vulnerability management principles.
  • Ability to build a strong, positive relationship with partnering engineering and security teams to develop effective solutions.
  • Ability to sufficiently document engineering efforts and results.
  • Passion for Security, Technology and Automation.
  • Preferred Certifications (Security+, etc.).

We are proud to be an Equal Opportunity Employer and consider all qualified applicants for employment opportunities without regard to race, age, color, religion, gender, national origin, disability, sexual orientation, veteran status or any other category protected by the laws or regulations in the locations where we operate.

California applicants can find a copy of Oportun's CCPA Notice here:

We will never request personal identifiable information (bank, credit card, etc.) before you are hired. We do not charge you for pre-employment fees such as background checks, training, or equipment. If you think you have been a victim of fraud by someone posing as us, please report your experience to the FBI’s Internet Crime Complaint Center (IC3).