About
Job Description
Current Employees/Contractors of Lending Club: Please apply via your internal Workday AccountLendingClub (NYSE: LC) was founded in 2007 under the belief that a technology and data-driven marketplace can improve the way people access and invest in credit, creating value for both sides. Since then, we've helped millions of Americans take control of their debt, pursue their dreams, and invest in their future - all in a fair, transparent, and affordable way. Today we're the world's largest online credit marketplace, facilitating billions of dollars in loans annually, and we're leading the governance of a new industry by developing ethical, responsible ways to bring greater value and better opportunities to our members. Everyone deserves a better financial future and our team is committed to making that a reality.
About the Role
The Security Engineer - Penetration Tester plays a key role in supporting LendingClub's security mission by ensuring our products and platform adhere to our rigorous security standards. This role works closely with Engineering, DevOps and Technical Operations to help transform the organization and support LendingClub's foundational shift towards greater use of highly secure microservices and cloud-based infrastructure.
As a senior member of the team, your focus will be building and maintaining relationships with different business units, influencing and injecting secure ideas into the roadmap, promoting best security practices, solving world-class security challenges, and pushing your engineering knowledge and expertise while continuously penetration testing our compute ecosystem.
What You'll Do
* You will become an expert in the Lending Club software stack and inject security best practices.
* Perform internal and external security assessments and penetration tests
* Perform web application assessments utilizing white, grey and black box testing approaches.
* Perform mobile application security assessments.
* Utilize network mapping, host enumeration and scanning tools when necessary.
* Utilize manual testing techniques including the ability to customize test scripts and processes in addition to automated testing.
* Complete project work accurately and within deadlines as required.
* Complete analysis and draw comprehensive conclusions of overall system risk, making recommendations for remediation strategy.
* Integrate security risk information into risk tracking system and coordinate with internal colleagues to follow up on vulnerability remediation.
* Develop and maintain effective working relationships with clients and other team members.
About You
* Gain and maintain a working knowledge of the LendingClub platform.
* Continually review and enhance existing knowledge of threat analysis and investigations of common product sets and technologies.
* Participate in providing mentoring support and guidance to team members to help grow skills and capabilities.
* Be passionate about information security and conduct research on current security topics.
* You will support PKI and Cryptography practices
* You will collaborate with internal stakeholders on addressing systemic security issues.
* You will participate in security reviews to ensure timely evaluation per risk-based approaches.
* You will develop new, innovative solutions to support the organization and the architectural roadmap.
Requirements
* Minimum 5+ years experience in security testing/engineering.
* Infrastructure security architecture and design experience with large scale customer facing production operations in a dynamic, fast paced environment.
* In-depth knowledge of AWS and other public and private cloud infrastructure is recommended.
* Ability to understand, measure and communicate risks associated to the business.
* Advanced knowledge of the following:
* Networking protocols such as TCP/IP, SSH, TLS, etc.
* Authentication protocols such as OAuth, SAML, RADIUS, etc.
* Encryption Standards and practical implementations such as PKI, TLS.
* Secure password storage techniques and standards.
* Knowledge on load balancers, network device authentication, firewalls, network segregation, VPNs, SIEM would be a plus.
* Understanding of GLBA, SOX, Financial is a plus.
* BS in Computer Science or similar combination of education and experience.
#LI-LH1
LendingClub is an equal opportunity employer and dedicated to diversity and inclusion in the workplace. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender identity, sexual orientation, age, marital status, pregnancy status, veteran status, or disability status. We believe that a variety of perspectives will make our teams and business stronger as we work together to transform the traditional banking system.