LendingClub (NYSE: LC) was founded in 2007 under the belief that a technology and data-driven marketplace can improve the way people access and invest in credit, creating value for both sides. Since then, we've helped millions of Americans take control of their debt, pursue their dreams, and invest in their future – all in a fair, transparent, and affordable way. Today we’re the world’s largest online credit marketplace, facilitating billions of dollars in loans annually, and we’re leading the governance of a new industry by developing ethical, responsible ways to bring greater value and better opportunities to our members. Everyone deserves a better financial future and our team is committed to making that a reality.
About the Role
The Application Security Engineering Team plays a key role in protecting all software and systems at LendingClub. This core team of security engineers works closely with and in support of a large team of security focused software engineers all of which work to ensure LendingClub builds and maintains secure software for its customers and partners. As the Principal Application Security Engineer, you will be consulting and performing security assessments onto and reviewing key projects, promoting good security practices, and solving classes of security problems through engineering solutions, for both front and back end software. In addition, this team integrates tooling and automation, performs expert review and training throughout the Software Development Lifecycle (SDLC) to ensure security is prioritized at each step to identify potential vulnerabilities and design flaws.
The ideal individual will be able to conduct comprehensive security assessments including evaluating the proposed design and technologies used as well as hands-on and in-depth penetration testing on various platforms to identify system deficiencies.
You should also have a blend of application development experience and application security experience as well as strong communication and consulting skills. You can get your hands dirty to solve problems directly in the code and execute swiftly on complex problems. In addition, you can help build security solutions that scale and move at the speed of commerce—for example automated testing and reporting on risk. LendingClub is an Agile, tech company, and Security Engineering will work without constraints to both address risk and enable innovation.
The Principal Security Engineer reports to the Security Engineering Director and partners with the broader Information Security Program within the Technology organization of LendingClub.
What You'll Do
- Become an expert in the Lending Club software stack to understand points of weakness and opportunities for application security solutions.
- Engineer and maintain application security tools and services to ensure quality within LendingClub’s SDLC.
- Perform comprehensive security assessments and penetration tests on systems and technology stacks.
- Enable automated security testing at scale to measure vulnerability density across LendingClub applications.
- Collaborate with internal partners on addressing systemic security issues.
- Participate in security reviews to ensure timely evaluation per risk- based approaches.
- Evangelize security within the development organization through awareness proliferation activities such as mentoring, engineer onboarding training, Security Champ collaboration, and development and procurement of security related events such as Capture the Flag competitions and Red Team activities.
- Manage vulnerability discovery and remediation efforts from sources like static, dynamic, and crowd-sourced web application testing technologies and report on their success.
- Maintain an active membership and participation in the greater AppSec community.
- Assist in the evaluation, selection, onboarding and management of AppSec vendors and consultants.
- Commit to and develop AppSec testing / unit testing requirements for security features and functions.
- 7+ years in the field of software security.
- 7+ years software engineering experience.
- Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
- Experience conducting security assessments and penetration tests
- Knowledgeable regarding browser security controls (CSP, XFO, HSTS, etc.), OWASP Top 10, and authentication infrastructure (SAML, OAUTH).
- Knowledgeable regarding back end security topics such as secret management and service authentication.
- Strong ethics and understanding of ethics in information security.
- Good project management skills.
- Superb communication skills.
- B.S. Computer Science or similar combination of education and experience.
- Ability to write complex software in multiple languages.
- Experience leading secure software development classes.
- Written your own security tools.
- Presentation experience.
- Good written communication skills and ability to document testing results.
- Experience using JIRA.
LendingClub is an equal opportunity employer and dedicated to diversity and inclusion in the workplace. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender identity, sexual orientation, age, marital status, pregnancy status, veteran status, or disability status. We believe that a variety of perspectives will make our teams and business stronger as we work together to transform the traditional banking system.