Sr Application Security Engineer
Lending Club (NYSE: LC) opened in 2007 with one simple mission: create a more efficient, transparent and customer-friendly alternative to the traditional banking system that offers creditworthy borrowers lower interest rates and investors better returns. Today, we're the world's largest online credit marketplace, and we're radically changing the way lending operates. We're proud of the recognition we've received, including being named a World Economic Forum Technology Pioneer, a CNBC Disruptor 50, and one of The World's 10 Most Innovative Companies in Finance by Fast Company. We're conveniently located in downtown San Francisco, California.
About the Team
The Application Security Team plays a key role in protecting all software developed at Lending Club. This core team of application security engineers works closely with and in support of a large team of security focused software engineers all of which work to ensure Lending Club builds and maintains secure software for its customers and partners. As the Senior Application Security Engineer, you will focus on finding and fixing vulnerabilities, promoting good security practices, and solving classes of security problems through engineering solutions, for both front and back end software. In addition, this team integrates tooling and automation, expert review and training throughout the Software Development Lifecycle to ensure security is prioritized at each step to identify potential issues.
The ideal individual contains a blend of application development experience and application security experience. You can get your hands dirty to solve problems directly in the code and execute swiftly on complex problems. In addition, the ideal candidate can help build security solutions that scale and move at the speed of commerce—for example automated testing and reporting on risk. Lending Club is an agile, technology-driven company, and Application Security must push the envelope to both address risk and enable innovation.
The Sr. Application Security Engineer reports to the Application Security Director and is a key role in the broader Information Security Program within the Technology organization of Lending Club.
- Become an expert in the Lending Club software stack to understand points of weakness and opportunities for application security solutions.
- Contribute to and improve our internal Software Security Development Lifecycle.
- Enable automated security testing at scale to measure vulnerability and report on risk across Lending Club applications.
- Collaborate with internal stakeholders on addressing systemic security issues.
- Participate in security reviews to ensure timely evaluation per risk based approaches.
- Maintain application security tools and services to ensure quality within Lending Club's Software Security Development Lifecycle.
- Evangelize security within the development organization through awareness proliferation activities such as mentoring, engineer onboarding training, Security Champ collaboration, and development and procurement of application security related events such as CTF competitions and Red Team activities.
- Manage vulnerability discovery and remediation efforts from sources like static, dynamic, and crowd-sourced web application testing technologies and report on their success.
- Maintain an active membership and participation in the greater AppSec community.
- Assist with management of a Responsible Disclosure Program and Bug Bounty Program.
- Assist in the evaluation, selection, onboarding and management of AppSec vendors and consultants.
- Contribute to and develop AppSec testing / unit testing requirements for security features and functions.
- 5+ years in the field of software security.
- 5+ years software engineering experience.
- Software engineering experience with Java web applications.
- Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
- Knowledgeable regarding browser security controls (CSP, XFO, HSTS, etc.), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH).
- Knowledgeable regarding back end security topics such as secret management and service authentication.
- Comfortable dealing with ambiguity and conflicting priorities.
- Strong ethics and understanding of ethics in information security.
- Good project management skills.
- Excellent communication skills.
- B.S. Computer Science or similar combination of education and experience.
- Ability to write complex software in multiple languages.
- Experience leading secure software development classes.
- Written your own security tools.
- Presentation experience.
- Skills in using JIRA.
Why Join Us?
We offer all the important stuff like competitive salaries, equity, 100% paid medical and dental, and because we've been around longer we also have stuff like great food, game rooms, a super convenient location in downtown SF and a 401K match. More importantly, we're the clear market leader, which gives us awesome momentum. As Forbes put it, "While not often thought of as a "sharing economy" company, given the massive size of the financial industry Lending Club could end up being one of the most disruptive–and largest–companies in this sector." We think one of our own employees put it best: "Many companies talk about reshaping an industry, but Lending Club is one of the few that is actually achieving this lofty goal. Growth comes in monthly leaps that just seem to keep accelerating, leading to ever-larger opportunities. There is an intriguing focus on how to get more efficient and do bigger things. Working here is definitely a chance to be a part of something special."
Meet Some of Lending Club's Employees
Senior Supervisor, Member Support
Tania makes sure borrowers have a great experience with Lending Club. She’s constantly looking ahead to ensure her team is fully staffed and ready to meet every borrower’s needs.
Back to top