Sr Application Security Engineer
Lending Club (NYSE: LC) opened in 2007 with one simple mission: create a more efficient, transparent and customer-friendly alternative to the traditional banking system that offers creditworthy borrowers lower interest rates and investors better returns. Today, we're the world's largest online credit marketplace, and we're radically changing the way lending operates. We're proud of the recognition we've received, including being named a World Economic Forum Technology Pioneer, a CNBC Disruptor 50, and one of The World's 10 Most Innovative Companies in Finance by Fast Company. We're conveniently located in downtown San Francisco, California.
About the Team
The Application Security Team plays a key role in protecting all software developed at Lending Club. This core team of application security engineers works closely with and in support of a large team of security focused software engineers all of which work to ensure Lending Club builds and maintains secure software for its customers and partners. As the Senior Application Security Engineer, you will focus on finding and fixing vulnerabilities, promoting good security practices, and solving classes of security problems through engineering solutions for both front and back end software. In addition, this team integrates tooling and automation, expert review, and training throughout the Software Development Lifecycle (SDLC) to ensure security is prioritized at each step to identify potential vulnerabilities and design flaws.
The ideal individual contains a blend of application development experience and application security experience. You can get your hands dirty to solve problems directly in the code and execute swiftly on complex problems. In addition, you can help build security solutions that scale and move at the speed of commerce—for example automated testing and reporting on risk. Lending Club is an agile tech company, and Application Security will work without constraints to both address risk and enable innovation.
The Sr Application Security Engineer reports to the Director, Application Security and partners with the broader Information Security Program within the Technology organization of Lending Club.
- Become an expert in the Lending Club software stack to understand points of weakness and opportunities for application security solutions.
- Engineer and maintain application security tools and services to ensure quality within Lending Club's SDLC.
- Enable automated security testing at scale to measure vulnerability density across Lending Club applications.
- Collaborate with internal partners on addressing systemic security issues.
- Participate in security reviews to ensure timely evaluation per risk based approaches.
- Evangelize security within the development organization through awareness proliferation activities such as mentoring, engineer onboarding training, Security Champ collaboration, and development and procurement of security related events such as Capture the Flag competitions and Red Team activities.
- Manage vulnerability discovery and remediation efforts from sources like static, dynamic, and crowd-sourced web application testing technologies and report on their success.
- Maintain an active membership and participation in the greater AppSec community.
- Assist with management of a Responsible Disclosure Program and Bug Bounty Program.
- Assist in the evaluation, selection, onboarding and management of AppSec vendors and consultants.
- Commit to and develop AppSec testing / unit testing requirements for security features and functions.
- 5+ years in the field of software security.
- 5+ years software engineering experience (Java focus).
- Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
- Knowledgeable regarding browser security controls (CSP, XFO, HSTS, etc.), OWASP Top 10, and authentication infrastructure (SAML, OAUTH).
- Knowledgeable regarding back end security topics such as secret management and service authentication.
- Comfortable dealing with ambiguity and conflicting priorities.
- Strong ethics and understanding of ethics in information security.
- Good project management skills.
- Superb communication skills.
- B.S. Computer Science or similar combination of education and experience.
- Ability to write complex software in multiple languages.
- Experience leading secure software development classes.
- Written your own security tools.
- Presentation experience.
- Experience using JIRA.
Why Join Us?
We offer all the important stuff like competitive salaries, equity, 100% paid medical and dental, and because we've been around longer we also have stuff like great food, game rooms, a super convenient location in downtown SF and a 401K match. More importantly, we're the clear market leader, which gives us awesome momentum. As Forbes put it, "While not often thought of as a "sharing economy" company, given the massive size of the financial industry Lending Club could end up being one of the most disruptive–and largest–companies in this sector." We think one of our own employees put it best: "Many companies talk about reshaping an industry, but Lending Club is one of the few that is actually achieving this lofty goal. Growth comes in monthly leaps that just seem to keep accelerating, leading to ever-larger opportunities. There is an intriguing focus on how to get more efficient and do bigger things. Working here is definitely a chance to be a part of something special."
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Meet Some of Lending Club's Employees
Senior Supervisor, Member Support
Tania makes sure borrowers have a great experience with Lending Club. She’s constantly looking ahead to ensure her team is fully staffed and ready to meet every borrower’s needs.
Back to top