Return to jobs
Join Lendable as they are looking for a Application Security Engineer
Overview
Salary
No salary declared 😔
Location
Telephone House
Expires
Expires at anytime
About Lendable
Lendable is on a mission to make consumer finance amazing: faster, cheaper and friendlier.
We’re building one of the world’s leading fintech companies and are off to a strong start:
- One of the UK’s newest unicorns with a team of just over 250 people
- Among the top 10 fastest-growing tech companies in the UK
Profitable since 2017- Backed by top investors including Balderton Capital and Goldman Sachs
Loved by customers with the best reviews in the market (4.8/5 across 10,000s of reviews)
So far, we’ve rebuilt the Big Three consumer finance products from scratch: loans, credit cards and car finance. We get money into our customers’ hands in minutes instead of days.
We’re growing fast, and there’s a lot more to do: we’re going after the two biggest Western markets (UK and US) where trillions worth of these are held by big banks with dated systems and painful processes.
Join us if you want to
Take ownership across a broad remit. You are trusted to make decisions that drive a material impact on the direction and success of Lendable from day 1- Work in small teams of exceptional people, who are relentlessly resourceful to solve problems and find smarter solutions than the status quo
- Build the best technology in-house, using new data sources, machine learning and AI to make machines do the heavy lifting
An exciting role with a huge scope
This is an opportunity to join as the 2nd member of the InfoSec Team to help scale up one of the world’s most successful fintech companies and help build the security function from the ground up.
The InfoSec function supports both our internal departments and our external stakeholders. Your role will therefore cover Application Security right across the business. You’ll be helping with audit management (specifically ISO27001 certification and SOC2 reporting cycle), InfoSec risk management, and Security Incident management; assist in establishing the ISMS, but your main focus will be to help and guide the engineering teams to enhance the Secure Software Development Lifecycle (OWASP best practices, security by design, security testing, vulnerability management).
This is a high-profile role, working closely with the Head of Information Security, Engineering and Product Teams, and will be integral in shaping the future of Lendable’s consumer Finance applications.
What you’ll be doing day to day
Assist with the design and delivery of the secure-by-design product security framework within the product/software development lifecycle.
Work with key stakeholders in engineering to implement, improve and maintain secure development standards. (OWASP ASVS)
Own and drive engagement with our engineering teams while ensuring continuous security posture improvements across the product landscape
Perform architectural design reviews and Implement threat modelling exercises of Lendable’s web/API/mobile solutions and advise on security best practices.
Assist with the improvement of the Secure Development Lifecycle, enhancing security checks in Lendable’s continuous delivery pipeline, and more generally “shifting left”.
Implement and review controls to protect data and systems.
Development of metrics and reporting on the state of application security initiatives, and the performance of development teams against the secure-by-design program.
Assist with defining developer secure coding practices and ensure that developers, product and QA/test teams are trained with the appropriate level of security knowledge to perform their daily activities.
Improving and supporting application security tool deployments including code analysis testing, code scanning, container and runtime testing tools and helping with integrating where applicable into CI/CD pipelines.
Utilize a combination of SAST, DAST and IAST tooling at defined stages of the SDLC to identify security vulnerabilities and plan remediations.
Supporting the incident response process whenever security expertise is needed.
Lead with scoping and management of periodic regulatory pen tests and vulnerability scanning activities.
We’d love to hear from you if you have the following, but first please note
At Lendable we believe in developing potential, so we’re not necessarily looking for 'the perfect candidate' with gold medals and superpowers. If you can’t tick every single box below but you are passionate about security and have the drive to make a change, please do apply. We want to hear from you.
3+ years of experience in Application Security or equivalent role.
You have a proven and strong depth of expertise in cyber and information security. Ideally with hands-on experience in web and mobile security for critical 24/7 applications.
You built dashboards to communicate the state of security and you were involved in reporting.
You have knowledge of secure coding and can guide others on how to avoid writing vulnerable code. Leading in spotting security issues during peer review of PRs.
You are able to perform security testing with (Burp proxy, OWASP ZAP, nmap, Web/Network Scanners, Static code analysers, SonarQube etc.).
You have basic software engineering knowledge, enough to work on InfoSec tooling from time to time and to understand the challenges software engineers face.
You have a solid understanding of common operating systems, especially Linux.
You have an equally solid understanding of networks, protocols and data formats, the sort often exposed by applications and thus need enough knowledge to meaningfully assess.
You have a solid understanding of authentication and authorization protocols and services.
You have a wide knowledge of security practices, technologies, and conventions.
You have a strong desire to learn, improve and challenge the status quo. Our engineering teams push their own technological initiatives with emerging technology stacks, and you will be helping them to improve their security practices.
Experience with maintenance of an established ISMS and retention of security accreditations such as ISO 27001/2, SOC1 and SOC2, PCI-DSS, ISF, and NIST as a technologist.
You practised security in a DevSecOps environment and have knowledge of agile methodologies (e.g., sprints, Kanban).
Experience in using AWS is essential for this position.
Skills, Bonus points if you have any of these
Experience of the risks faced by financial services and credit card businesses.
Experience with SAST products and vulnerability scanning tools.
Experience with Linux containers, and container orchestration tools (ideally Kubernetes).
Experience in building dashboards and in security reporting.
Basic programming skills in PHP, Java, Python, or another language common in InfoSec tooling. However, anyone who has some software engineering skills and is willing to pick up languages as they go is fine!
Interview process
A quick phone call with one of the team
A short Take-home technical assignment to complete in your own time
Face-to-face interview with the Head of Security and a member of the engineering team
A short call with our CTO
Life at Lendable (also check out our Glassdoor page)
- The opportunity to scale up one of the world’s most successful fintech companies.
Best-in-class compensation including equity.- You can work from home every Monday and Friday if you wish - on the other days, we all come together IRL to be together, build and exchange ideas.
Our in-house chef prepares fresh, healthy lunches in the office every Tuesday-Thursday.- We care for our Lendies’ well-being both physically and mentally, so we offer the highest coverage when it comes to private health insurance.
- We organise an annual trip with the whole company, to celebrate our milestones and reflect on our achievements.
- We're an equal-opportunity employer and are looking to make Lendable the most inclusive and open workspace in London.
