POSTED Sep 12

Product Security Engineer II

Envestnet is seeking a passionate and talented Product Security Engineer to join our Information Technology team.

Envestnet, Inc. (NYSE: ENV) is transforming the way financial advice and wellness are delivered. Our mission is to empower advisors and financial service providers with innovative technology, solutions, and intelligence to make financial wellness a reality for everyone.

Since our founding 20 years ago, we are fully vested in helping people live an intelligent financial life. If you love the idea of working in a Fintech company with the environment and excitement of a start-up where you are making everyday impact – then read on.

Job Summary:

The Product Security Engineer ensures that the engineering teams they partner with are leveraging the product security tools and practices in their development lifecycle. You will be providing assistance with vulnerability identification and remediation. You will aid in developing solutions to sustain current practices and look for opportunities to provide stronger security in the development lifecycle of internally developed and externally acquired software. You will participate in code reviews, provide solutions for streamlining and automating tools, work with engineering teams to address security in the development lifecycle, and advance security practices in the organization.

Job Responsibilities:

Work hand in hand with the engineering partners in our organization to understand their development, build, and deployment pipeline in order to integrate a defined set of security tools and best practices.
Take the output from our security tools, and security testing practices to formulate a remediation and mitigation strategy with the engineering partners to reduce the overall risk of Envestnet.
Promote Product Security culture in our organization leveraging our internal learning platforms, forums, and collaboration channels.
Review requirements, architectures, designs, and code and provide guidance on security remediation, mitigation, requirements, and enhancements.
Develop automation and integrate tools and services in the Enterprise Security Organization.

Required Qualifications:

Experience with common web application vulnerabilities, such as the OWASP Top 10, Common Weakness Enumeration (CWE), and business logic flaws. Ability to explain vulnerabilities and weaknesses and discuss effective defensive techniques.
Bachelor’s degree in Information Security, Computer Science, or related field.
Minimum 3-5 years in a software development environment using Java, .NET, or similar language.
Minimum 3-5 years of secure product development experience
Practical experience setting up, configuring, and onboarding with security tools in the SDLC such as SAST, DAST, secure test plans, etc.
Experience with a modern SDLC including CI/CD pipelines, multi-cloud architecture, API strategies, and container deployment.
Basic understanding of cloud services like AWS, Azure and Google Cloud

Preferred Qualifications:

Security+, CEH or other security certifications are a plus.

About Us:

Envestnet is a leading independent provider of technology‐enabled investment and practice management solutions to financial advisors who are independent, as well as those who are associated with small or mid‐sized financial advisory firms and larger financial institutions. Envestnet’s technology is focused on addressing financial advisors’ front, middle, and back‐office needs while leveraging our platform to grow their businesses and expand client relationships.

We offer a highly competitive compensation and benefits package as well as the excitement, challenges, and rewards of a fast-growing, entrepreneurial company.

Why Choose Envestnet:

Be a member of a leading financial services and products innovation company
Competitive Compensation/Total Reward Packages that include:
- Health Benefits (Health/Dental/Vision)
- Paid Time Off (PTO) & Volunteer Time Off (VTO)
- 401K – Company Match
- Annual Bonus Incentives
- Equity
- Parental Stipend
- Tuition Reimbursement
- Student Debt Program
- Charitable match
- Wellness Program
Work on global projects with diverse, energetic, team members who respect each other and celebrate differences
The best work locations with unlimited snacks!

The salary range for this position is $63,000 to $140,000.

Envestnet is an Equal Opportunity Employer.

#LI-LM2

Does this position require a security clearance?:

Yes

View all jobs posted by this company

Apply Now!

Resume

You don't have a resume loaded to the system, so this application won't include any resume attachment. If you don't have a resume to upload, you can use the cover letter area below and include a link to your resume if you prefer.

Resume

Cover letter

My passion for cybersecurity stems from a lifelong fascination with technology and problem-solving. In my early education I was interested in attending conferences and seminars of Information Technology, I was always drawn to understanding how things worked and how to build them. This natural curiosity naturally gravitated towards the ever-evolving world of cybersecurity.
My experience as a Cybersecurity Engineer in the past of 2 years with various certifications, by attending workshops and current at Secure Point 360, LLC further solidified my desire for a STEM career. Here, I thrived in the fast-paced environment, identifying and mitigating security risks for clients. Managing and monitoring SP360 as the unified endpoint management and admin instilled the importance of continuous vigilance in safeguarding data across various platforms (cloud, endpoints, servers, SAST). These experiences not only honed my technical skills but also showcased the critical role cybersecurity plays in protecting our digital world.
I am confident that I can make a significant contribution to your team. I have attached my resume for your review and would be grateful for the opportunity to discuss my qualifications further. Thank you for your time and consideration.
URL: https://www.linkedin.com/in/kenvishah/

Cover letter

MANON GUEGUEN
Paris, France – +33627310646 – manongueguen@protonmail.com
I am an accomplished analyst combining an expertise in geopolitics and cybersecurity. This background gives me a unique perspective on the current threat landscape. When it comes to my career, I am willing to relocate as my first wish is to evolve in an international environment. Personality-wise, I am a very active person, stimulated by ever-changing situations and new encounters.
EXPERIENCE
ALMOND Sèvres, France
Cybersecurity consulting
Cyber Threat Intelligence Analyst
JANUARY 2023 – TODAY
● Develop a new CTI service from scratch (decision making regarding the roadmap, initiate new projects, design
technical, tactical, and strategic intelligence reports, developing working methodologies, leading meetings, create
synergies with the SOC/CERT team and other business units, participate in the commercial strategy)
● Writing of intelligence reports: retail and financial sectors, data breach, threat landscape analysis, APT, ransomware etc
(strong understanding of the evolution of techniques, tactics and procedures (TTPs), cyber kill chain reconstruction,
edit and review content to match high quality standards)
● Writing of briefings on cyber events to different types of publics: technical, non-technical, journalists, senior
executives and CEOs (be quick to verify real-time news, articulate complex information with clarity and brevity)
● Writing of analysis on complex geopolitical issues (critical thinking, elaborate visuals and infographics)
● Writing of a study on the insider threat (critical thinking, collect and analyze data)
● Technology policy (AI, cyber laws) and threat actors’ monitoring (curiosity, strong organizational skills)
● Training on the basics of cybersecurity: key concepts, cryptography, OWASP, OSI, TCP/IP, network layers… (high
learning ability)
● Investigating SIEM alerts (OSINT, process the alerts raised in the SOAR, qualify incidents, ensure the follow-up)
● Give presentations to clients and collaborators (strong interpersonal and networking skills, e.g. highlighting key
conferences from Botconf 2023)
INSEAD Fontainebleau, France
Education
Exam invigilator NOVEMBER 2022 – DECEMBER 2022
XMCO Paris, France
Cybersecurity consulting
Threat Intelligence Analyst JUNE 2022 – OCTOBER 2022
● Daily writing of cybersecurity newsletters and alerts (threat criticality assessment, cyber kill chain reconstruction,
monitoring open and closed intelligence sources, good contextual analysis skills)
● Follow-up with clients (ability to popularize complex ideas and concepts)
● Research, identification and qualification of fraud schemes (good investigative skills)
● Elaboration of an economic intelligence service
● Technology development and threat actors’ monitoring (identify relevant content and conferences)
● Acquisition of technical skills (bash, network architecture…)
BOULANGERIE BLOT Melun, France
Bakery shop
Saleswoman SEPTEMBER 2021 – MAY 2022
ADVINTEL New York City, United-States (Remote)
Cybersecurity consulting
Threat Intelligence Analyst Intern APRIL 2021 – AUGUST 2021
● Mastery of the intelligence lifecycle (OSINT, HUMINT, SIGINT) and threat prevention through investigations (strong
research capabilities to gather information from various sources)
● Intelligence research and analysis, cybercrime research and investigation, finished intelligence products for 450+
customers, data analysis (knowledge of different types of malware, botnet groups, ransomware syndicates, TTPs, cyber
fraud and loss prevention, well-developed investigative mindset, good understanding of underground forums)
EDUCATION
GRENOBLE-ALPES UNIVERSITY Grenoble, France
MASTER’S DEGREE IN INTERNATIONAL SECURITY AND DEFENSE 2020 – 2021
● Cybersecurity: application of international law to cyberspace, states’ cyber capabilities, analysis of the notion of
cyberwar, global growth of the cybersecurity market
● Geopolitics: thesis on the diplomatic and strategic stakes of China’s involvement in cyberspace
ÉCOLE D’URBANISME DE PARIS Champs-sur-Marne, France
MASTER’S DEGREE IN URBAN PLANNING 2019 – 2020
PARIS 1 PANTHÉON-SORBONNE UNIVERSITY Paris, France
BACHELOR’S AND MASTER’S DEGREE IN GEOGRAPHY 2013 – 2017
SKILLS AND INTERESTS
● Technical: Python (beginner), MITRE ATT&CK, Maltego, Office 365, Agile, Scrum, ArcGIS, QGIS
● Languages: French (native), English (TOEIC 2019: 915/990), Mandarin (B1), Spanish (B1), Russian (beginner)
● Interests: defense, politics, academic research (press, conferences, life-long learning)
● Volunteering: Cyber Peace Institute (conduct phishing exercices and cybersecurity awareness trainings

View all jobs