Search...

Application Security Engineer

Figure Technology Solutions, Inc. logo
Figure Technology Solutions, Inc.

Figure is a financial technology company offering home equity lines of credit (HELOCs) with a fast, 100% online application process. They leverage technology to provide quick approvals and funding, serving households looking to use their home equity for debt consolidation, home improvement, or other financial goals. They also offer partnerships and services for the broader financial market.

Charlotte, USA
About Figure Technology Solutions, Inc.

Figure is a financial technology company that provides home equity lines of credit (HELOCs) and other lending products. As the #1 non-bank HELOC lender in the U.S., they have served over 201,000 households. Figure's platform leverages cutting-edge technology, including AI, to offer a fast and efficient online application process, with approvals in as little as 5 minutes and funding in as few as 5 days. Their goal is to create more transparent and efficient capital markets. In addition to direct-to-consumer lending for purposes like home improvement, debt consolidation, and education, Figure also offers a partnership ecosystem for lenders, banks, and other businesses. Their product suite includes Figure HELOC, DSCR Loans, Cash-Out Refinance, and Crypto-Backed Loans.

View jobs by Figure Technology Solutions, Inc.

Skills

About the Role

You will play a pivotal role in securing Figure's software from the first line of code through deployment. You'll build and scale the vulnerability management program, embed secure coding practices into engineering workflows, and help ensure security standards are met at every stage of the software development lifecycle. You'll work closely with Engineering, DevOps, and IT to keep security processes resilient, scalable, and seamlessly integrated into daily workflows.

Requirements

  • Strong background in reading and writing code
  • Experience with CI/CD pipeline security integration
  • Experience with vulnerability management programs
  • Experience with threat modeling and security architecture reviews
  • Experience managing third-party penetration tests
  • Experience with incident response and on-call rotations

Responsibilities

  • Architect design and implement end-to-end security solutions including firewalls intrusion detection encryption protocols security event management and cloud security controls
  • Collaborate with DevOps to integrate security into CI/CD pipelines ensuring automation and repeatability of secure deployments
  • Conduct regular security assessments threat modeling and architecture reviews to identify risks and design mitigations
  • Lead cross-team initiatives that significantly improve security posture while balancing speed and innovation
  • Mentor engineers on security best practices and build a culture of security by design
  • Actively participate in incident response on-call rotations and post-incident reviews
  • Improve and run the vulnerability management program including triage prioritization tracking remediation and reporting
  • Manage third-party penetration tests including scoping vendor coordination and tracking remediation of findings
  • Automate sources of toil such as routine patching or dependency upgrades
  • Conduct threat modeling and security reviews for new features and services partnering with engineering teams early in the design process
  • Adhere to all company security policies and data handling procedures
  • Complete mandatory security awareness training within required timeframes
  • Promptly report any suspected security incidents or suspicious activity to the Security team

Benefits

  • Comprehensive medical dental and vision coverage with 100% employer-paid premiums for employees and dependents on select plans
  • Company HSA FSA Dependent Care FSA 401(k) and commuter benefits
  • Employer-paid life and disability insurance
  • 11 observed holidays and PTO plan
  • Up to 12 weeks of paid family leave
  • Continuing education reimbursement
  • Company equity in the form of RSUs