LendableLendable

Application Security Engineer

Added 12 hours ago

About Lendable

Lendable is on a mission to build the world's best technology to help people get credit and save money. We're building one of the world’s leading fintech companies and are off to a strong start:

  • One of the UK’s newest unicorns with a team of just over 700 people

  • Among the fastest-growing tech companies in the UK

  • Profitable since 2017

  • Backed by top investors including Balderton Capital and Goldman Sachs

  • Loved by customers with the best reviews in the market (4.9 across 10,000s of reviews on Trustpilot)

So far, we’ve rebuilt the Big Three consumer finance products from scratch: loans, credit cards and car finance. We get money into our customers’ hands in minutes instead of days.

We’re growing fast, and there’s a lot more to do: we’re going after the two biggest Western markets (UK and US) where trillions worth of financial products are held by big banks with dated systems and painful processes.

Join us if you want to

  1. Take ownership across a broad remit. You are trusted to make decisions that drive a material impact on the direction and success of Lendable from day 1

  2. Work in small teams of exceptional people, who are relentlessly resourceful to solve problems and find smarter solutions than the status quo

  3. Build the best technology in-house, using new data sources, machine learning and AI to make machines do the heavy lifting

About the role

As our Cyber Security Engineer, you will be the bridge between Security and Engineering. You aren't here to block deployments; you’re here to ensure our code is resilient by design. You will empower our developers to ship fast without breaking the trust of our customers or regulators.

Tech Stack

Backend

  • Kotlin 1.7.20

  • AWS

  • GraphQL (it would be nice if you were familiar with this but it’s not a deal breaker)

  • Postgres

  • RabbitMQ

  • Docker

  • Kubernetes

Frontend

  • React & React Native, TypeScript, MobX, Redux, Stylus and SASS

Other

  • We build our Kotlin projects using Gradle and GitHub Actions, deploying to production as soon as we finish a feature

  • We use JUnit Jupiter, Kotest and TestContainers for automated testing

What you'll be doing

  • Secure the Pipeline: Integrate and automate SAST, DAST, and SCA tooling directly into our CI/CD pipelines to catch vulnerabilities before they reach production.

  • Harden the Product: Act as a Subject Matter Expert (SME) assisting engineers with the remediation of security vulnerabilities and bugs.

  • Safeguard AI: Design and implement security guardrails for AI-assisted development and LLM integrations, ensuring data privacy and preventing prompt injection or model leakage.

  • Threat Modelling: Partner with Product and Engineering teams to conduct threat modelling sessions for new features before they are built.

  • Security Architecture: Act as a consultant for infrastructure and application design, ensuring our AWS/GCP Kubernetes environments remain hardened.

  • Security Culture: Cultivate a Secure Development guild to level up our developers' secure coding skills.

What we’re looking for

  • Pragmatism: You understand the difference between partnering with Engineering and security being a blocker of progress.

  • Communication: You can translate a complex vulnerability into a business risk for a Product Manager and a technical fix for an Engineer.

  • AppSec Subject Matter Expertise: You have a strong understanding of critical security risks in applications, are able to identify them in code, and provide recommendations of how to remediate.

  • Cloud Native: Strong experience securing AWS/GCP environments and containerised workloads.

  • AI ready: You understand the unique risks of AI and have experience securing AI-driven workflows.

Interview process

  • Intro call with Talent Team

  • Technical Interview

  • Final rounds:

    • Interview with our Head of Infosec

    • Culture Interview with our VP of Technology

Life at Lendable

  • Winning team: the opportunity to scale up one of the world’s most successful fintech companies

  • Flexible working: flexible approach tailored to each role. Hybrid roles require three days in-office weekly; fully remote roles include regular opportunities for in-person connection through socials and off-sites

  • Socials & connection: opportunities and events to come together, socialise, and get to know each other beyond the office walls

  • Health coverage: support for your physical and mental wellbeing, including private health cover

  • Retirement & savings: long-term financial wellbeing through retirement savings plans

  • Employee referral programme: earn a competitive bonus when you refer successful new team members

  • Office meals & snacks: enjoy a fully stocked kitchen, plus complimentary lunches prepared by in-house chefs on in-office days at select locations

  • Sustainable commuting: cycle-to-work and electric vehicle salary sacrifice schemes available in select locations

Please note: The availability and details of specific benefits vary by location and role. For more information, please speak to your Talent Partner.

Check out our blog!