Application Security Engineer

At Lendbuzz, we believe financial opportunity should be more personalized and fair. We develop innovative technologies that provide underserved and overlooked borrowers with better access to credit. From our employees to our dealers, partners, and borrowers, we’ve built a company and a culture around a resolute belief in the promise and power of diversity. We value independent and critical thinking.

As an Application Security Engineer at Lendbuzz, you will play a pivotal role in safeguarding our products against security threats and vulnerabilities. You will work closely with our development teams to integrate security best practices into the software development lifecycle, conduct thorough security assessments, and implement robust security measures to protect our applications and data.

Key Responsibilities:

• Collaborate with development teams to integrate security controls into the software development lifecycle (SDLC)
• Conduct regular security assessments, including code reviews, vulnerability scans, and penetration testing, to identify and remediate security vulnerabilities in applications
• Design and implement security solutions to protect against common security threats, such as SQL injection, cross-site scripting (XSS), and authentication bypass
• Conduct threat modeling and architecture security review
• Develop and maintain secure coding standards and guidelines for application developers
• Monitor and analyze security incidents and provide timely response and resolution
• Stay current with emerging threats, vulnerabilities, and industry best practices in application security
• Participate in security incident response activities and contribute to post-incident reviews and remediation efforts
• Collaborate with cross-functional teams to ensure security requirements are effectively integrated into product development processes
• Deliver secured development training to developers

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field
• 5 years of experience in application security, with a focus on secure software development practices
• Previous experience in a product company
• Strong understanding of web application security concepts and protocols (e.g., OWASP Top 10, SSL/TLS, OAuth)
• Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, or Nessus
• Proficiency in programming languages such as Ruby, Python, or JavaScript
• Experience with cloud security principles and best practices (e.g., AWS, Azure, GCP)
• Excellent communication skills and ability to effectively communicate security risks and recommendations to technical and non-technical stakeholders