Application Security Engineer

  • Job Description:
    • Application Security Engineer

      The Financial technology space "Fintech" is booming and Guaranteed Rate is at the center of it. We are growing like crazy, and are one of the most successful Chicago startups. We are focused on automating the mortgage process for consumers. Imagine getting a mortgage with no email, no faxing, no stack of papers in 10 days or less instead of 40 or more! If you have been through the process of buying a home you know how amazing this will be. We are the #8 lender in the country and one of only 2 that is independent (not a bank) so we are in a good spot to win this race. We have already made tremendous strides and we are looking for someone who wants to help us finish the job and disrupt the entire industry.

      Who is GR?
      Guaranteed Rate is not your typical company and certainly not your typical mortgage company. We are technology driven, have tons of energy and we love what we do – great people and great products alongside our impeccable customer service (83 NPS, unheard of!). We’re in a River North office with exposed brick and duct work, windows we can actually open during the summer. The awesomeness doesn’t end there, we also have:
      • Holiday parties? We got’em! Not just major holidays, any holiday….Mardi Gras, Valentine’s Day, St. Paddy’s Day, Opening Day, Boxing Day (for our Canadian employee), Sweetest Day, Groundhog Day, etc..
      • Game room, library and white board paint for collaboration – yeah, it’s awesome.
      • Access to our free GR nurse practitioner. Psshh who needs a doctor’s appointment when our nurse can do it all? Did we mention the free part?
      • 401k with some matching, Blue Cross health care coverage – yup, dental and vision too, short-term disability, life insurance – we got ya covered on this one, legal assistance – for a small monthly fee.
      • Oh and did we mention you get a big fat employee discount on the origination fees to get a new mortgage or refinance thru Guaranteed Rate?

      The Position

      Application Security Engineers at Guaranteed Rate focus on our product. This means working directly with the product engineering teams to ensure security is built in. This position is an engineering first position that emphasizes software and allows team members to do what they love most; building. Team members are expected to assist with or perform the following duties:
      • Ensure the security and technical compliance of Guaranteed Rate developed software
      • Ensure the integrity of systems by maintaining logging and audit systems
      • Perform incident response as necessary
      • Build software security components that can be reused across a wide variety of applications
      • Work directly with development teams to help justify and fix potential vulnerabilities
      • Educate development teams on common software security issues through training and personal interactions
      • Work with legal and compliance to ensure successful execution of the overall security strategy
      • Work with business stakeholders to ensure security measures are creating a productive environment and adapting controls to promote productivity as well as security


      • Bachelor’s degree in Computer Science/Engineering, Security, or a related technical field, or equivalent work experience.
      • A solid grasp of computer networking
      • At least 5 years of software development experience in more than one language and framework
      • Strong knowledge of the OWASP Top 10 and other common software security knowledge indexes
      • Strong knowledge of Windows, and Linux platforms
      • Ability to understand and implement proper application of encryption
      • Basic understanding of compliance and how it relates to information systems
      • Solid written and verbal communication skills
      • Assist in the security risk analysis for current and new systems and recommend solutions for reducing exposure areas
      • Provide recommendations to mitigate risks through the appropriate use of technical, procedural, and administrative controls in accordance with legal and regulatory compliance standards and established industry best practice
      • Ability to navigate and work effectively across a complex, geographically dispersed organization.
      • Broad knowledge of Information Security technologies, techniques and processes
      • Ability to explain technical problems in an understandable way to all employees

      Product Experience and Necessary Skills

      • Microsoft (Windows, SQL Server, Active Directory, .NET)
      • Atlassian Products (JIRA, Confluence, HipChat, Insight)
      • Linux
      • Incident Response
      • Identity and Access Management
      • Clojure
      • JVM Runtime
      • Burpsuite
      • Threat Modeling
      • OWASP Top 10
      • AWS
      • Terraform
      • Encryption