Job Directory Application Security Engineer

Application Security Engineer
San Francisco, CA

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About

Job Description

Current Employees/Contractors of LendingClub: Please apply via your internal Workday AccountLendingClub (NYSE: LC) was founded in 2007 under the belief that a technology and data-driven marketplace can improve the way people access and invest in credit, creating value for both sides. Since then, we've helped millions of Americans take control of their debt, pursue their dreams, and invest in their future - all in a fair, transparent, and affordable way. Today we're the world's largest online credit marketplace, facilitating billions of dollars in loans annually, and we're leading the governance of a new industry by developing ethical, responsible ways to bring greater value and better opportunities to our members. Everyone deserves a better financial future and our team is committed to making that a reality.

About the Role

The Security Engineering Team plays a key role in protecting all software and systems at LendingClub. This core team of security engineers works closely with and in support of a large team of security focused software engineers all of which work to ensure LendingClub builds and maintains secure software for its customers and partners. As the Application Security Engineer, you will be consulting and performing security assessments on key projects, promoting good security practices, and solving classes of security problems through engineering solutions, for both front and back end software. In addition, this team integrates tooling and automation, performs expert review and training throughout the Software Development Lifecycle (SDLC) to ensure security is prioritized at each step to identify potential vulnerabilities and design flaws.

The ideal individual contains a blend of application development experience and application security experience. You can get your hands dirty to solve problems directly in the code and execute swiftly on complex problems. In addition, the ideal candidate can help build security solutions that scale and move at the speed of commerce-for example automated testing and reporting on risk. LendingClub is an Agile, technology-driven company, and application security must push the envelope to both address risk and enable innovation.

The Application Security Engineer reports to the Security Engineering Director and partners with the broader Information Security Program within the technology organization of LendingClub.

What You'll Do

* Become an expert in the LendingClub software stack to understand points of weakness and opportunities for application security solutions
* Contribute to and improve our internal Software Security Development Lifecycle
* Enable automated security testing at scale to measure vulnerability and report on risk across LendingClub applications
* Collaborate with internal stakeholders on addressing systemic security issues
* Participate in security reviews to ensure timely evaluation per risk-based approaches
* Evangelize security within the development organization
* Maintain application security tools and services to ensure quality within LendingClub's Software Security Development Lifecycle
* Participate in LendingClub CTF and Red Team activities

About You

* Software engineering experience with Java web application
* Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
* Knowledgeable regarding browser security controls (CSP, XFO, HSTS, etc.), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH)
* Knowledgeable regarding backend security topics such as secret management and service authentication
* Comfortable dealing with ambiguity and conflicting priorities
* Strong ethics and understanding of ethics in information security
* Good project management skills
* Excellent communication skills
* B.S. Computer Science or similar combination of education and experience
* 3+ years in the field of software security

Bonus:

* Ability to write complex software in multiple languages
* Experience leading secure software development classes
* Written your own security tools
* Presentation experience
* Skills in using JIRA

LendingClub is an equal opportunity employer and dedicated to diversity and inclusion in the workplace. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender identity, sexual orientation, age, marital status, pregnancy status, veteran status, or disability status. We believe that a variety of perspectives will make our teams and business stronger as we work together to transform the traditional banking system.

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.