Application Security Architect
Lending Club (NYSE: LC) opened in 2007 with one simple mission: create a more efficient, transparent and customer-friendly alternative to the traditional banking system that offers creditworthy borrowers lower interest rates and investors better returns. Today, we're the world's largest online credit marketplace, and we're radically changing the way lending operates. We're proud of the recognition we've received, including being named a World Economic Forum Technology Pioneer, a CNBC Disruptor 50, and one of The World's 10 Most Innovative Companies in Finance by Fast Company. We're conveniently located in downtown San Francisco, California.
About the Team
The Application Security Team plays a key role in protecting all software developed at Lending Club. This core team of application security engineers works closely with and in support of a large team of security focused software engineers all of which work to ensure Lending Club builds and maintains secure software for its customers and partners. As the Application Security Architect, you will focus on finding and fixing vulnerabilities, promoting good security practices, and solving classes of security problems through engineering solutions for both front and back end software. In addition, this team integrates tooling and automation, expert review and training throughout the Software Development Lifecycle (SDLC) to ensure security is prioritized at each step to identify potential vulnerabilities and design flaws.
The ideal individual contains a blend of application development experience and application security experience. You can jump in and solve problems directly in code and execute swiftly on complex problems. In addition, you can help build security solutions that scale and move at the speed of commerce—for example automated testing and reporting on risk. Lending Club is an agile tech company, and Application Security will work without constraints to both address risk and enable innovation.
The Application Security Architect reports to the Director, Application Security and is a key role in the broader Information Security Program within the Technology organization of Lending Club.
- Partner with developers, administrators and engineers to ensure secure design, development and implementation of Lending Club initiatives.
- Perform Architecture Risk Analysis of applications to identify deficiencies and provide practical solutions.
- You enable the the culture of security through the engineer community engagement.
- Lead and mentor developers to write secure software through activities like defensive programming techniques, usage of security frameworks and performing threat modeling.
- Document technical reports as needed to communicate security issues to senior leadership.
- Evaluate new security solutions to provide strategic recommendations in alignment with technology roadmap.
- Maintain application security tools and services to ensure quality within Lending Club's Software Security Development Lifecycle.
- Manage vulnerability discovery and remediation efforts from sources like static, dynamic, component, penetration testing and crowd-sourced web application testing approaches.
- Perform targeted penetration testing against mis-use cases for emerging applications and APIs.
- Become an authority in the Lending Club software stack to understand points of weakness and opportunities for better design patterns.
- Enable automated security testing at scale to measure vulnerability and report on risk across Lending Club applications.
- Deep understanding of encryption solutions and authentication patterns.
- 7+ years in the field of software security.
- 5+ years software engineering experience (Java focus).
- Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, Penetration Testing, Security Unit Testing, Red Teaming etc.)
- Knowledgeable regarding browser security controls (CSP, XFO, HSTS, etc.), OWASP Top 10, and authentication infrastructure (SAML, OAUTH).
- Knowledgeable regarding back end security topics such as secret management and service authentication.
- Strong ethics and understanding of ethics in information security.
- Good project management skills.
- Superb communication skills.
- B.S. Computer Science or similar combination of education and experience.
- Experience as a security consultant.
- Ability to write complex software and tools.
- Experience reverse engineering.
Why Join Us?
We offer all the important stuff like competitive salaries, equity, 100% paid medical and dental, and because we've been around longer we also have stuff like great food, game rooms, a super convenient location in downtown SF and a 401K match. More importantly, we're the clear market leader, which gives us awesome momentum. As Forbes put it, "While not often thought of as a "sharing economy" company, given the massive size of the financial industry Lending Club could end up being one of the most disruptive–and largest–companies in this sector." We think one of our own employees put it best: "Many companies talk about reshaping an industry, but Lending Club is one of the few that is actually achieving this lofty goal. Growth comes in monthly leaps that just seem to keep accelerating, leading to ever-larger opportunities. There is an intriguing focus on how to get more efficient and do bigger things. Working here is definitely a chance to be a part of something special."
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Meet Some of Lending Club's Employees
Senior Supervisor, Member Support
Tania makes sure borrowers have a great experience with Lending Club. She’s constantly looking ahead to ensure her team is fully staffed and ready to meet every borrower’s needs.
Back to top