Application Security Engineer

**About Lendable**

------------------

Lendable is on a mission to build the world's best technology to help people get credit and save money.We're building one of the world’s leading fintech companies and are off to a strong start:

• One of the UK’s newest unicorns with a team of just over 700 people
• Among the **fastest-growing tech** companies in the UK
• Profitable since **2017**
• Backed by top investors including **Balderton Capital** and **Goldman Sachs**
• **Loved by customers** with the best reviews in the market (4.9 across 10,000s of reviews on Trustpilot)

So far, we’ve rebuilt the Big Three consumer finance products from scratch: **loans, credit cards and car finance**. We get money into our customers’ hands in minutes instead of days.

We’re growing fast, and there’s a lot more to do: we’re going after the two biggest Western markets (UK and US) where trillions worth of financial products are held by big banks **with dated systems and painful processes.**

**Join us if you want to**

--------------------------

• **Take ownership** across a broad remit. You are trusted to make decisions that drive a material impact on the direction and success of Lendable from day 1
• **Work in small teams of exceptional people,** who are relentlessly resourceful to solve problems and find smarter solutions than the status quo
• **Build the best technology in-house**, using new data sources, machine learning and AI to make machines do the heavy lifting

**About the role**

------------------

As our Cyber Security Engineer, you will be the bridge between Security and Engineering. You aren't here to block deployments; you’re here to ensure our code is resilient by design. You will empower our developers to ship fast without breaking the trust of our customers or regulators.

**Tech Stack**

--------------

*Backend*

• Kotlin 1.7.20

* AWS

• GraphQL (it would be nice if you were familiar with this but it’s not a deal breaker)
• Postgres
• RabbitMQ
• Docker
• Kubernetes

*Frontend*

• React & React Native, TypeScript, MobX, Redux, Stylus and SASS

*Other*

• We build our Kotlin projects using Gradle and GitHub Actions, deploying to production as soon as we finish a feature
• We use JUnit Jupiter, Kotest and TestContainers for automated testing

**What you'll be doing**

------------------------

• **Secure the Pipeline:** Integrate and automate SAST, DAST, and SCA tooling directly into our CI/CD pipelines to catch vulnerabilities before they reach production.
• **Harden the Product**: Act as a Subject Matter Expert (SME) assisting engineers with the remediation of security vulnerabilities and bugs.
• **Safeguard AI:** Design and implement security guardrails for AI-assisted development and LLM integrations, ensuring data privacy and preventing prompt injection or model leakage.
• **Threat Modelling:** Partner with Product and Engineering teams to conduct threat modelling sessions for new features before they are built.
• **Security Architecture:** Act as a consultant for infrastructure and application design, ensuring our AWS/GCP Kubernetes environments remain hardened.
• **Security Culture:** Cultivate a Secure Development guild to level up our developers' secure coding skills.

**What we’re looking for**

--------------------------

• **Pragmatism:** You understand the difference between partnering with Engineering and security being a blocker of progress.
• **Communication:** You can translate a complex vulnerability into a business risk for a Product Manager and a technical fix for an Engineer.
• **AppSec Subject Matter Expertise:** You have a strong understanding of critical security risks in applications, are able to identify them in code, and provide recommendations of how to remediate.
• **Cloud Native:** Strong experience securing AWS/GCP environments and containerised workloads.
• **AI ready:** You understand the unique risks of AI and have experience securing AI-driven workflows.

**Interview process**

---------------------

• Intro call with Talent Team
• Technical Interview
• Final rounds:

+ Interview with our Head of Infosec

+ Culture Interview with our VP of Technology

**Life at Lendable**

--------------------

• **Winning team:** the opportunity to scale up one of the world’s most successful fintech companies
• **Flexible working:** flexible approach tailored to each role. Hybrid roles require three days in-office weekly; fully remote roles include regular opportunities for in-person connection through socials and off-sites
• **Socials & connection:** opportunities and events to come together, socialise, and get to know each other beyond the office walls
• **Health coverage:** support for your physical and mental wellbeing, including private health cover
• **Retirement & savings:** long-term financial wellbeing through retirement savings plans
• **Employee referral programme:** earn a competitive bonus when you refer successful new team members
• **Office meals & snacks:** enjoy a fully stocked kitchen, plus complimentary lunches prepared by in-house chefs on in-office days at select locations
• **Sustainable commuting:** cycle-to-work and electric vehicle salary sacrifice schemes available in select locations

***Please note:*** *The availability and details of specific benefits vary by location and role. For more information, please speak to your Talent Partner.*

Check out our blog!