AppSec Jobs
← Back to all jobs

Envestnet

Product Security

Trivandrum, Kerala, IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Envestnet

Envestnet is a prominent wealth technology platform and financial wellness network based in Chicago. Founded in 1999, the company provides Software-as-a-Service (SaaS) solutions that empower over 109,000 financial advisors across more than 4,900 companies to manage over $6 trillion in assets and nearly 20 million accounts. Envestnet's innovative offerings include a core platform for unified advice, investment services, and practice management, as well as specialized tools like the Sustainability Platform™ for socially responsible investing and Unified Managed Household for comprehensive client asset analysis. The company has a rich history of growth through partnerships and acquisitions, launching its unified advice platform in 2000 and going public in 2010. Envestnet has been recognized as a leader in financial planning and portfolio management solutions. Its ecosystem supports over 800 asset managers and integrates with various partners to enhance advisor productivity and client experiences. Envestnet serves a diverse clientele, including major banks, wealth management firms, and financial professionals, focusing on delivering data-driven tools for financial wellness at every life stage.

Industry

financial services

Employees

2,800

731 engineers

Revenue

$1.3B

Website

Visit →

Security at Envestnet

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Envestnet's AppSec philosophy centers on exceeding the security and trust of clients and partners while protecting information from unwarranted disclosure.
  • The company is committed to weaving security into daily coding practices through a developer enablement approach that employs a more hands-on, interactive methodology.
  • The organization has adopted a 'shift left' strategy to embed security earlier in the development lifecycle while maintaining focus on Confidentiality, Integrity, and Availability as core risk principles.

Security Team

  • Envestnet maintains a dedicated independent application security program integrated with its development and release lifecycle.
  • The AppSec team is estimated at 10-15 professionals based on LinkedIn search results.
  • Key leaders include Derek Fisher (Head of Product Security) and Saran Makam (Director of Application Security at Envestnet | Yodlee).
  • The team reports into the Director of Security Operations.
  • As of March 2026, there are 2 active AppSec job postings with common skill patterns in automation of SAST/DAST/IAST/SCA, CI/CD pipeline integration, and DevSecOps practices.

Key Initiatives

  • Envestnet has implemented a Security Champions Program with all Security Champions completing certification in 2022, and 60% of Security Aware developers completing Levels 1 & 2 training through Secure Code Warrior.
  • The company practices 'shift left' by designing and implementing secure CI/CD pipelines with integrated security controls.
  • Their vulnerability management process includes a 90-day disclosure window from initial acknowledgment prior to public disclosure.
  • Security testing automation encompasses SAST, DAST, IAST, SCA, and container scanning.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.