Application Security Engineer

at  Lendable

ABOUT LENDABLE

Lendable is on a mission to make consumer finance amazing: faster, cheaper and friendlier.

We’re building one of the world’s leading fintech companies and are off to a strong start:
One of the UK’s newest unicorns with a team of just over 400 people
Among the fastest-growing tech companies in the UK
Profitable since 2017
Backed by top investors including Balderton Capital and Goldman Sachs
Loved by customers with the best reviews in the market (4.9 across 10,000s of reviews on Trustpilot)
So far, we’ve rebuilt the Big Three consumer finance products from scratch: loans, credit cards and car finance. We get money into our customers’ hands in minutes instead of days.
We’re growing fast, and there’s a lot more to do: we’re going after the two biggest Western markets (UK and US) where trillions worth of financial products are held by big banks with dated systems and painful processes.

JOIN US IF YOU WANT TO

Take ownership across a broad remit. You are trusted to make decisions that drive a material impact on the direction and success of Lendable from day 1
Work in small teams of exceptional people, who are relentlessly resourceful to solve problems and find smarter solutions than the status quo
Build the best technology in-house, using new data sources, machine learning and AI to make machines do the heavy lifting
About the role
We’re looking for a cyber security analyst working under the supervision of the Head of Information Security, guiding the Engineering and Product Teams to improve their products from a security perspective.
The Information Security team supports both our internal departments and our external stakeholders. Your role will therefore cover Application Security right across the business.
Your main focus will be to help and guide the engineering teams to enhance their Secure Software Development Lifecycle (OWASP best practices, secure by design, security testing, vulnerability management, threat modelling, security tooling).
You’ll be helping with audits (specifically ISO/IEC 27001 certification and SOC2), risk management, security Incident management; but your main focus will be to help and guide the engineerings teams to enhance the Secure Software Development Lifecycle (OWASP best practices, security by design, security testing, vulnerability management).
There’s a lot to do, you’ll be given the chance to put your mark on Lendable’s Secure Software Development Lifecycle, to formalise the product security review process while drawing from our past experience. You’ll be given the opportunity to shape our security tooling and extend our development portal to integrate all security related data into a single platform.

• Advise the delivery and operations teams on security best practices (e.g., NSCS, NIST, OWASP, etc.);
• Improving the definition of non-functional Security requirements and championing these in the Engineering Teams
• Guiding the Security Assessment of internally develop applications, helping the teams updating risk reports, recommending remediating/mitigating controls, advising and working with the engineering teams to implement solutions;
• Providing Application Security Consultancy to engineering teams: assisting them to analyse the business impact of security risks to their applications, providing security input to requirements specification, architecture and design.
• Championing the application security life cycle process, policy, guidelines and standards and providing security implementation guidance;
• Assisting teams to design and implement Authentication, Role-based Access Control, Data Encryption, Digital Signatures, Auditing/Logging, Secure Coding and Regulatory Compliance;
• Working with the product teams to gain better understanding of their risk profile using state of the art tools; Integrating security tooling into the SDLC to help the engineering teams to improve their security profile;
• Development of Threat Modeling and Risk Assessment frameworks;
• Assure operation of a toolchain running source code analysis and vulnerability scanning;
• Automating repeating tasks to drive efficiency within the security team.
• Supporting the Security Operations Center while investigating and helping with resolutions in the remediation phase.