Ally · 1 week ago
Penetration Tester - Application Security Engineer, Fellow
Charlotte, NC
Full-time
Hybrid
Senior Level
$135K/yr - $235K/yr
5+ years expAlly Financial is a customer-centric, leading digital financial services company. They are looking for a talented and trustworthy application security engineer to act as a subject matter expert, perform AppSec testing activities, coordinate vendor pen testing, and coach developers in enhancing security practices.
AutomotiveFinanceFinancial Services
No H1B
Hiring Manager
Mary Sofonia, PHR
Responsibilities
Lead the effort to build an effective API Security program:
Work with key stakeholders on gateway and cloud teams to develop a process to build a comprehensive inventory of API’s, endpoints, routes, etc
Enhance current AppSec processes and routines to include technical controls to enforce compliance and governance requirements across the API ecosystem
Perform penetration testing against products and systems, including web applications, web services, and mobile devices
Work closely with engineering to design, test, and maintain AppSec processes implementation
Collaborate with DevSecOps to implement, maintain, and improve shift-left scanning processes
Assist with coordination of vendor pen testing services with internal development teams
Collaborate with stakeholders to develop remediation strategies
Demonstrating practical/working exploitation of security flaws
Develop and enhance processes to automate the delivery of application security metrics
Review security scan output for false positives. Assist developers with remediation
Serve as an application security subject matter expert for all areas
Participate in threat modeling exercises
Effectively communicate vulnerability details, risks, and potential impacts to, application owners, developers, stakeholders, and partners
Act as a mentor for junior team members/interns
Design, implement, and support security-focused tools and services
Develop tools that improve security testing, reporting, and monitoring
Other duties as assigned
Qualification
Required
5+ years of experience in manual penetration testing of web and mobile applications
Understanding of cloud technologies and environments (AWS, Azure, Google)
Ability to demonstrate a clear understanding, at an enterprise level, of application, network, infrastructure, and data security architecture
Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment, and meet overall objectives
Ability to work under pressure and manage competing priorities
Knowledge of web application frameworks, deployment technologies and security software
Scripting capabilities for creating custom scripts to identify/exploit vulnerabilities
Strong writing skills to produce detailed reports for consumption by stakeholders at all levels from operations to executive
Preferred
Proven work experience in manual secure code review
Experience working with GitLab Ultimate CI/CD technology, shift-left tools, and application security workflows
GPEN, OSCP, CISSP, GWAPT, CEH, OffSec or similar certifications
Desired scripting experience: One or more of Python, JavaScript, PowerShell, shell script, Ruby, PHP, LUA etc
Bachelor's degree in Information Technology or Computer Science, or equivalent experience
Inherent passion for information security and service excellence
The ability to adapt to new situations and the desire to learn and stay current with AppSec trends, threats, and risks
Coding experience such as JavaScript or API
Benefits
Time Away: Program starts at 20 paid time off days in addition to 11 paid holidays and 8 hours of volunteer time off yearly (time off days are prorated based on start date and program varies based on full or part-time status and management level).
Planning for the Future: plan for the near and long term with an industry-leading 401K retirement savings plan with matching and company contributions, student loan pay downs and 529 educational save up assistance programs, tuition reimbursement, employee stock purchase plan, and financial learning center and financial coach access.
Supporting your Health & Well-being: flexible health and insurance options including medical, dental and vision, employee, spouse and child life insurance, short- and long-term disability, pre-tax Health Savings Account with employer contributions, Healthcare FSA, critical illness, accident & hospital indemnity insurance, and a total well-being program that helps you and your family stay on track physically, socially, emotionally, and financially.
Building a Family: adoption, surrogacy and fertility assistance as well as paid parental and caregiver leave, Dependent Day Care FSA back-up child and adult/elder care days and childcare discounts.
Work-Life Integration: other benefits including Mentally Fit Employee Assistance Program, subsidized and discounted Weight Watchers® program and other employee discount programs.
Other compensations: depending on the role for which you are considered, you may be eligible for travel allowances, relocation assistance, a signing bonus and/or equity.
Company
Ally
Ally Financial Inc. (NYSE: ALLY) is a leading digital financial services company and a top 25 U.S.
10001+ employees
Funding
Current Stage
Public CompanyTotal Funding
$1.75B2024-12-13Post Ipo Debt· $1B
2022-11-07Post Ipo Debt· $750M
2014-04-10IPO
Leadership Team
Russ Hutchinson
Chief Financial Officer
David Holland
Senior Vice President
Recent News
legacy.thefly.com
2026-01-22
2026-01-13
Company data provided by crunchbase