The Security Engineering Team plays a key role in protecting all software and systems at LendingClub. This core team of security engineers works closely with and in support of a large team of security focused software engineers all of which work to ensure LendingClub builds and maintains secure software for its customers and partners. As the Application Security Engineer, you will be consulting and performing security assessments on key projects, promoting good security practices, and solving classes of security problems through engineering solutions, for both front and back end software. In addition, this team integrates tooling and automation, performs expert review and training throughout the Software Development Lifecycle (SDLC) to ensure security is prioritized at each step to identify potential vulnerabilities and design flaws.
The ideal individual contains a blend of application development experience and application security experience. You can get your hands dirty to solve problems directly in the code and execute swiftly on complex problems. In addition, the ideal candidate can help build security solutions that scale and move at the speed of commerce—for example automated testing and reporting on risk. LendingClub is an Agile, technology-driven company, and application security must push the envelope to both address risk and enable innovation.
The Application Security Engineer reports to the Security Engineering Director and partners with the broader Information Security Program within the technology organization of LendingClub.
What You'll Do
- Become an expert in the LendingClub software stack to understand points of weakness and opportunities for application security solutions
- Contribute to and improve our internal Software Security Development Lifecycle
- Enable automated security testing at scale to measure vulnerability and report on risk across LendingClub applications
- Collaborate with internal stakeholders on addressing systemic security issues
- Participate in security reviews to ensure timely evaluation per risk-based approaches
- Evangelize security within the development organization
- Maintain application security tools and services to ensure quality within LendingClub’s Software Security Development Lifecycle
- Participate in LendingClub CTF and Red Team activities
- Software engineering experience with Java web application
- Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
- Knowledgeable regarding browser security controls (CSP, XFO, HSTS, etc.), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH)
- Knowledgeable regarding backend security topics such as secret management and service authentication
- Comfortable dealing with ambiguity and conflicting priorities
- Strong ethics and understanding of ethics in information security
- Good project management skills
- Excellent communication skills
- B.S. Computer Science or similar combination of education and experience
- 3+ years in the field of software security
- Ability to write complex software in multiple languages
- Experience leading secure software development classes
- Written your own security tools
- Presentation experience
- Skills in using JIRA
LendingClub is an equal opportunity employer and dedicated to diversity and inclusion in the workplace. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender identity, sexual orientation, age, marital status, pregnancy status, veteran status, or disability status. We believe that a variety of perspectives will make our teams and business stronger as we work together to transform the traditional banking system.