Application Security Engineer

About Lendable Lendable is on a mission to make consumer finance amazing: faster, cheaper and friendlier. We're building one of the world's leading fintech companies and are off to a strong start:

One of the UK's newest unicorns with a team of just over 400 people Among the fastest-growing tech companies in the UK Profitable since 2017 Backed by top investors including Balderton Capital and Goldman Sachs Loved by customers with the best reviews in the market (4.9 across 10,000s of reviews on Trustpilot) So far, we've rebuilt the Big Three consumer finance products from scratch: loans, credit cards and car finance. We get money into our customers' hands in minutes instead of days.

We're growing fast, and there's a lot more to do: we're going after the two biggest Western markets (UK and US) where trillions worth of financial products are held by big banks with dated systems and painful processes.

Join us if you want to Take ownership across a broad remit. You are trusted to make decisions that drive a material impact on the direction and success of Lendable from day 1. Work in small teams of exceptional people, who are relentlessly resourceful to solve problems and find smarter solutions than the status quo. Build the best technology in-house, using new data sources, machine learning and AI to make machines do the heavy lifting. About the role We're looking for a cyber security analyst working under the supervision of the Head of Information Security, guiding the Engineering and Product Teams to improve their products from a security perspective.

The Information Security team supports both our internal departments and our external stakeholders. Your role will therefore cover Application Security right across the business.

Your main focus will be to help and guide the engineering teams to enhance their Secure Software Development Lifecycle (OWASP best practices, secure by design, security testing, vulnerability management, threat modelling, security tooling).

You'll be helping with audits (specifically ISO/IEC 27001 certification and SOC2), risk management, security Incident management; but your main focus will be to help and guide the engineering teams to enhance the Secure Software Development Lifecycle (OWASP best practices, security by design, security testing, vulnerability management).

There's a lot to do, you'll be given the chance to put your mark on Lendable's Secure Software Development Lifecycle, to formalise the product security review process while drawing from our past experience. You'll be given the opportunity to shape our security tooling and extend our development portal to integrate all security related data into a single platform.

Tech stack PHP 8 Symfony 6 & 7 Kotlin AWS MySQL PostgreSQL RabbitMQ Docker Kubernetes React React Native TypeScript MobX Redux SASS Github Actions and ArgoCD Behat PHPUnit Jest Selenium Maestro and Detox Python FastAPI uvicorn Streamlit SQLAlchemy What you'll be doing and impact on objectives Advise the delivery and operations teams on security best practices (e.g., NSCS, NIST, OWASP, etc.); Improving the definition of non-functional Security requirements and championing these in the Engineering Teams; Guiding the Security Assessment of internally developed applications, helping the teams update risk reports, recommending remediating/mitigating controls, advising and working with the engineering teams to implement solutions; Providing Application Security Consultancy to engineering teams: assisting them to analyse the business impact of security risks to their applications, providing security input to requirements specification, architecture and design. Championing the application security life cycle process, policy, guidelines and standards and providing security implementation guidance; Assisting teams to design and implement Authentication, Role-based Access Control, Data Encryption, Digital Signatures, Auditing/Logging, Secure Coding and Regulatory Compliance; Working with the product teams to gain better understanding of their risk profile using state of the art tools; Integrating security tooling into the SDLC to help the engineering teams improve their security profile; Development of Threat Modeling and Risk Assessment frameworks; Assure operation of a toolchain running source code analysis and vulnerability scanning; Automating repeating tasks to drive efficiency within the security team. Supporting the Security Operations Center while investigating and helping with resolutions in the remediation phase. What we're looking for We're working in a fast-paced environment and we would like to hear from you if you are someone who can work independently. 3+ years of experience in Application Security in an equivalent role. You have worked with application development teams on improving their software development lifecycle. You have a proven and strong depth of expertise in cyber and information security. Ideally with hands-on experience in web and mobile security for critical 24/7 applications. You built dashboards to communicate the state of security and you were involved in reporting. You have knowledge of secure coding and can guide others how to avoid writing vulnerable code. Leading in spotting security issues during peer review of PRs. You have basic software engineering knowledge, enough to work on InfoSec tooling from time to time and to understand the challenges software engineers face. You have a solid understanding of common operating systems, especially Linux. You have an equally solid understanding of networks, protocols and data formats, the sort often exposed by applications and thus needing enough knowledge to meaningfully assess. You have a solid understanding of authentication and authorization protocols and services. You have a wide knowledge of security practices, technologies, and conventions. You have a strong desire to learn, improve and challenge the status quo. Our engineering teams push their own technological initiatives with emerging technology stacks, and you will be helping them to improve their security practices. Interview process A quick phone call with one of the team A short technical exercise to complete in your own time Onsite or Video Interview Discuss the exercise you completed Discuss your past experience Explore how your career aspirations align with the responsibilities and opportunities of this position Meet the team you'll work with daily Life at Lendable (check out our Glassdoor page) The opportunity to scale up one of the world's most successful fintech companies.

Best-in-class compensation, including equity.

You can work from home every Monday and Friday if you wish - on the other days we all come together IRL to be together, build and exchange ideas.

Our in-house chef prepares fresh, healthy lunches in the office every Tuesday-Thursday.

We care for our Lendies' well-being both physically and mentally, so we offer coverage when it comes to private health insurance.

We're an equal opportunity employer and are looking to make Lendable the most inclusive and open workspace in London.

Check out our blog!

#J-18808-Ljbffr