Sr Application Security Engineer

About Us

Lending Club (NYSE: LC) opened in 2007 with one simple mission: create a more efficient, transparent and customer-friendly alternative to the traditional banking system that offers creditworthy borrowers lower interest rates and investors better returns. Today, we’re the world’s largest online credit marketplace, and we’re radically changing the way lending operates. We’re proud of the recognition we’ve received, including being named a World Economic Forum Technology Pioneer, a CNBC Disruptor 50, and one of The World’s 10 Most Innovative Companies in Finance by Fast Company. We’re conveniently located in downtown San Francisco, California.

About the Team

The Application Security Team plays a key role in protecting all software developed at Lending Club. This core team of application security engineers works closely with and in support of a large team of security focused software engineers all of which work to ensure Lending Club builds and maintains secure software for its customers and partners. As the Senior Application Security Engineer, you will focus on finding and fixing vulnerabilities, promoting good security practices, and solving classes of security problems through engineering solutions, for both front and back end software. In addition this team integrates tooling and automation, expert review and training throughout the Software Development Lifecycle to ensure security is prioritized at each step to identify potential issues.

The ideal individual contains a blend of application development experience and application security experience. You can get your hands dirty to solve problems directly in the code and execute swiftly on complex problems. In addition, the ideal candidate can help build security solutions that scale and move at the speed of commerce—for example automated testing and reporting on risk. Lending Club is an Agile, technology-driven company, and Application Security must push the envelope to both address risk and enable innovation.

The Senior Application Security Engineer reports to the Application Security Manager and is a key role in the broader Information Security Program within the Technology organization of Lending Club.

Responsibilities

  • Become an expert in the Lending Club software stack to understand points of weakness and opportunities for application security solutions.
  • Contribute to and improve our internal Software Security Development Lifecycle.
  • Enable automated security testing at scale to measure vulnerability and report on risk across Lending Club applications.
  • Collaborate with internal stakeholders on addressing systemic security issues.
  • Participate in security reviews to ensure timely evaluation per risk based approaches.
  • Maintain application security tools and services to ensure quality within Lending Club’s Software Security Development Lifecycle.
  • Evangelize security within the development organization through awareness proliferation activities such as mentoring, engineer onboarding training, Security Champ collaboration, and development and procurement of application security related events such as CTF competitions and Red Team activities.
  • Manage vulnerability discovery and remediation efforts from sources like static, dynamic, and crowd-sourced web application testing technologies and report on their success.
  • Maintain an active membership and participation in the greater AppSec community.
  • Assist with management of a Responsible Disclosure Program and Bug Bounty Program.
  • Assist in the evaluation, selection, onboarding and management of AppSec vendors and consultants.
  • Contribute to and develop AppSec testing / unit testing requirements for security features and functions.

Qualifications

  • 5+ years in the field of software security.
  • 5+ years software engineering experience.
  • Software engineering experience with Java web applications.
  • Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
  • Knowledgeable regarding browser security controls (CSP, XFO, HSTS, etc.), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH).
  • Knowledgeable regarding back end security topics such as secret management and service authentication.
  • Comfortable dealing with ambiguity and conflicting priorities.
  • Strong ethics and understanding of ethics in information security.
  • Good project management skills.
  • Excellent communication skills.
  • B.S. Computer Science or similar combination of education and experience.

Bonus

  • Ability to write complex software in multiple languages.
  • Experience leading secure software development classes.
  • Written your own security tools.
  • Presentation experience.
  • Skills in using JIRA.

Why Join Us?

We offer all the important stuff like competitive salaries, equity, 100% paid medical and dental benefits, a 401K match, great food, game rooms, and a convenient location in downtown SF. More importantly, we’re the clear market leader, which gives us awesome momentum. As one of our employees put it: “Many companies talk about reshaping an industry, but Lending Club is one of the few that is actually achieving this lofty goal. Working here is definitely a chance to be a part of something special.”

#LI-VQ1


Back to top