Application Security Engineer
LendKey is solving a complex challenge - to improve lives with lending made simple - by helping financial institutions compete in the digital age and provide a delightful customer experience, while providing borrowers with the simple, transparent, digital borrowing experience they have come to expect and desire. LendKey works with hundreds of credit unions and banks to conduct their education finance and home improvement loan programs.
This position will specialize in the field of application security and will work extensively with various teams of developers to secure LendKey applications already in the cloud. The candidate will also work to ensure secure development practices and will have the opportunity to evaluate new processes and shape the security policies of the development process and environment. The ideal candidate will be an outgoing and sociable individual with a thorough analytical mind.
What you'll do:
- Analyze, review, or audit ruby and python code for security issues and work with development teams to remediate findings
- Perform security assessments (including some ethical hacking) against in-house developed applications and authorized third parties.
- Performing security testing and evaluations as directed
- Participation in information security incident response activities
- Participation in development teams' sprint planning
- Administration and support of application security analysis tools
- Administration and monitoring of database activity monitoring tools
- Work with development teams to evangelize secure coding practices and to identify remediation strategies for application security issues
- Contribute to enterprise application architecture projects
- Create and maintain application security tool sets used in the development pipeline
What we're looking for:
- Strong desire to work for a mission-based organization that emphasizes the importance of providing exceptional customer service and adherence to our core values: Truthful at all times; Helpful to teammates, clients, and customers; Present, committed & engaged to their teams and work; Driven to be courageous to make an impact; and Diligent & conscientious in executing every element of work.
Knowledge, Skills & Abilities :
- Prior experience in information security, as an analyst, penetration tester, or operator of security systems.
- Bachelor's degree relevant to information technology or equivalent experience.
- A firm grasp of computer and networking security principles and best practices.
- A working knowledge of common information security systems, including Firewalls (both conventional and web application firewalls), software patch distribution, vulnerability discovery and analysis software, security information and event management platforms, application whitelisting software.
- Automation experience using Python or Ruby, plus extensive use of Chef and Docker
- Experience working with regulatory or industry compliance standards.
- Familiarity with the ruby and python programming language.
- Firm grasp of secure programming behaviors and pitfalls.
- Familiarity with leading industry guidelines on secure programming practices from organizations such as OWASP and SANS
- Experience with AWS, Azure or Google Cloud
- Strong team player, willing to work with a team of professionals to accomplish goals
- Thoroughness and attention to detail in work product and accompanying documentation
- Strong analytical and problem solving skills
- Exceptional customer service skills
- GWEB, CSSLP, CASS or similar certification
Meet Some of LendKey's Employees
Jessica leads customers through the origination process, helping them start with a loan application and supporting them all the way through to disbursement.
Back to top