As an Application Security Engineer, you’ll help drive Concora Credit’s Mission to enable customers to Do More with Credit – every single day.

The impact you’ll have at Concora Credit:

We are seeking a highly skilled Application Security Engineer to strengthen our application and product security posture across web, mobile, and cloud-based platforms. The ideal candidate will have deep hands-on experience in secure application development practices, threat modeling, and vulnerability management — with a proven track record of sustained collaboration and communication with development teams and supporting security programs within the financial services industry and PCI DSS compliance environments. The candidate's success will be dependent on their ability to Integrate with multiple teams and be a collaborative and guiding presence.

We hire people, not positions. That's because, at Concora Credit, we put people first, including our customers, partners, and Team Members. Concora Credit is guided by a single purpose: to help non-prime customers do more with credit. Today, we have helped millions of customers access credit. Our industry leadership, resilience, and willingness to adapt ensure we can help our partners responsibly say yes to millions more. As a company grounded in entrepreneurship, we're looking to expand our team and are looking for people who foster innovation, strive to make an impact, and want to Do More! We’re an established company with over 20 years of experience, but now we’re taking things to the next level. We're seeking someone who wants to impact the business and play a pivotal role in leading the charge for change.

As our Application Security Engineer, you will:

• Collaborate daily with development and project teams, assisting developers and architects to ensure compliance with established security standards and secure design principles.
• Identify, prioritize, and mitigate vulnerabilities based on OWASP Top 10, SANS CWE Top 25, and industry best practices.
• Lead application security assessments and reviews for web, mobile, and API-based systems throughout the SDLC.
• Collaborate with internal DevOps and other Dev teams to integrate, manage, and report on automated vulnerability scanning, SAST, DAST, and SCA platforms both as stand-alone tools and within CI/CD pipelines.
• Partner with DevOps and engineering teams to embed security controls early in the development process (“shift left”).
• Conduct secure code reviews and support developers in understanding and remediating findings.
• Conduct and coordinate penetration tests for internal systems and web and mobile applications to validate vulnerability findings and assess real-world exploitability.
• Champion secure coding practices and deliver targeted security training and awareness to engineering teams.
• Perform threat modeling and risk assessments for new applications and system changes.
• Support and maintain PCI DSS compliance as it relates to application security and data protection.
• Collaborate with infrastructure and cloud security teams to ensure consistent protection across the technology stack.
• Contribute to continuous improvement of the organization’s secure SDLC and AppSec frameworks.

These duties must be performed with or without reasonable accommodation.

We know experience comes in many forms and that many skills are transferable. If your experience is close to what we're looking for, consider applying. Diversity has made us the entrepreneurial and innovative company that we are today.

Requirements:

• 3-5 years of experience in Application Security, Secure Software Development, or related fields.
• Solid understanding of OWASP Top 10, secure coding standards, vulnerability management, penetration testing methodologies, and common web/mobile vulnerabilities.
• Hands-on experience with security testing tools (e.g. Sonarqube, Tenable WAS, Burp Suite, OWASP ZAP, Veracode, or similar).
• Experience integrating AppSec tools into DevOps pipelines (Azure DevOps, Git, etc.).
• Experience performing or managing web application penetration tests using tools such as Burp Suite, OWASP ZAP, or manual techniques aligned with OWASP Testing Guide.
• Strong familiarity with PCI DSS and other financial regulatory compliance frameworks.
• Practical knowledge of web technologies (REST, JavaScript, HTML5, CSS, JSON) and at least one modern programming language (e.g., Java, C#, Python, JavaScript, Swift).
• Experience securing mobile applications (iOS and Android) through static and dynamic analysis.
• Excellent communication skills and ability to work cross-functionally with engineering and compliance teams.

What’s In It For You:

• Medical, Dental and Vision insurance for you and your family
• Relax and recharge with Paid Time Off (PTO)
• 6 company-observed paid holidays, plus 3 paid floating holidays
• 401k (after 90 days) plus employer match up to 4%
• Pet Insurance for your furry family members
• Wellness perks including onsite fitness equipment at both locations, EAP, and access to the Headspace App
• We invest in your future through Tuition Reimbursement
• Save on taxes with Flexible Spending Accounts
• Peace of mind with Life and AD&D Insurance
• Protect yourself with company-paid Long-Term Disability and voluntary Short-Term Disability

Concora Credit provides equal employment opportunities to all Team Members and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Employment-based visa sponsorship is not available for this role.

Concora Credit is an equal opportunity employer (EEO).

Please see the Concora Credit Privacy Policy for more information on how Concora Credit processes your personal information during the recruitment process and, if applicable, based on your location, how you can exercise your privacy rights. If you have questions about this privacy notice or need to contact us in connection with your personal data, including any requests to exercise your legal rights referred to at the end of this notice, please contact caprivacynotice@concoracredit.com.