OneMain Financial Jobs

Responsibilities

• Perform application security analysis using both automated and manual techniques, including:
• Static code analysis (SAST)
• Software composition analysis (SCA)
• Fuzzing
• Manual code and design reviews
• Identify, analyze, and help remediate application vulnerabilities
• Support software engineers in integrating security considerations into system and application designs
• Integrate and maintain application security tooling within CI/CD and DevSecOps pipelines
• Design, implement, and improve continuous integration security analysis tooling
• Tune and maintain security tools to reduce false positives and improve signal quality
• Assist development teams in understanding findings and implementing effective fixes
• Support threat modeling and secure design reviews
• Stay current with emerging vulnerabilities, attack techniques, and mitigation strategies
• Document findings, recommendations, and best practices
• Perform other duties as assigned

Requirements

• Bachelor's degree plus 2+ years of professional experience in cybersecurity or software development, or equivalent experience
• 2+ years of experience focused on application/software security
• Experience analyzing source code for security flaws
• Familiarity with secure software development practices
• Strong analytical, problem-solving, and communication skills
• Detail-oriented with strong written and verbal communication abilities
• Ability to qualify for and maintain a DoD or DoE Secret security clearance
• Ability to meet DoD 8140.01 Cyberspace Workforce Management requirements within six months of hire
• Good verbal and written communication skills
• Attention to detail

Candidates who have any of the following skills will be preferred:

• Active DoD Secret clearance or higher
• Experience identifying, exploiting, and remediating application vulnerabilities
• Credit for published CVEs is a strong plus
• Proficiency in one or more programming languages such as C++, Python, JavaScript, Rust
• Experience configuring and operating static analysis tools (e.g., Coverity, Klocwork, SonarQube)
• Experience configuring and operating software composition analysis tools (e.g., Snyk, Sonatype, Anchore, JFrog Xray)
• Experience with fuzzing frameworks (AFL, AFL++, honggfuzz, or similar)
• Experience with debugging, runtime instrumentation, or reverse engineering, including tools such as:
• strace
• eBPF
• Ghidra or IDA Pro
• Familiarity with threat modeling methodologies and frameworks such as MITRE ATT&CK
• Experience working in DevSecOps or Agile development environments

*Resumes, Cover Letters, and Applications which are generated by AI will not be considered for employment.

Colorado Residents: In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

Benefits

SciTec offers a highly competitive salary and benefits package, including:

• 4% Safe Harbor 401(k) match
• 100% company paid HSA Medical insurance, with a choice of 2 buy-up options
• 80% company paid Dental insurance
• 100% company paid Vision insurance
• 100% company paid Life insurance
• 100% company paid Long-term Disability insurance
• 100% company paid Hospital Indemnity insurance
• Voluntary Accident and Critical Illness insurance
• Short-term Disability insurance
• Annual Profit-Sharing Plan
• Discretionary Performance Bonus
• Paid Parental Leave
• Generous Paid Time Off, including Holiday, Vacation, and Sick Pay
• Flexible Work Hours

The pay range for this position is $96,000 - $146,000 / year. SciTec considers several factors when extending an offer of employment, including but not limited to the role and associated responsibilities, a c ndidate's work experience, education/training, and key skills. This is not a guarantee of compensation.

SciTec is proud to be an Equal Opportunity employer. VET/Disabled.