TELECOMMUTE – San Francisco, CA
Information Security Architect
LendingClubCorporation (NYSE: LC) is the parent company ofLendingClubBank, National Association, Member FDIC, and the onlyfull-spectrumfintech marketplace bank. Members can gain access to a broad range of financial products and services through a technology-driven platform, designed to help them pay less when borrowing and earn more when saving. Since 2007, more than 3 million members have joined the Club to help reach their financial goals. We’re leading the governance of a new industry by developing ethical, responsible ways to bring greater value and better opportunities to our members. Everyone deserves a better financial future and our team is committed to making that a reality. Come join us!
About the Role
Lending Club is looking to hire an Information Security Architect to be a part of the Information Security team.
The Information Security Architect is a subject matter expert in cloud, application, and data security. The architect will lead the effort to architect and design security solutions that are resilient to attack, enable change, adhere to industry and regulatory standards, and can enforce security consistently across internally developed, commercial-off-the-shelf and cloud-based applications.
What You’ll Do
Cloud security architecture and strategy.
Architect and design security solutions that enforce security consistently across internally developed, commercial-off-the-shelf and cloud-based applications.
Perform security architecture reviews.
Act as a subject matter expert to interpret the results from vulnerability scans (dynamic testing and static code analysis) and work with developers to remediate the vulnerabilities.
Monitor and triage vulnerabilities reported by vendors and researchers.
Develop and document current state and target security architecture documentation utilizing industry standards combined with threat modeling and risk-based methodologies.
Develop and document security patterns that articulate repeatable, architecturally compliant implementation patterns for applications, cloud services and core security controls e.g. s3, encryption, and identity management.
Conduct penetration testing of internally developed applications.
Evangelize application security and secure development practices.
Evaluate/apply new and emerging security technologies and solutions to keep Lending Club secure.
8+ years of application security architecture/development experience.
Enterprise cloud security architecture experience.
Deep understanding of common security protocols/standards/frameworks: SAML, OpenID, OAuth, Central Authentication Service (CAS), JAAS, and Java crypto API etc.
Extensive work experience with encryption technologies and solutions.
In-depth knowledge of OWASP top 10 vulnerabilities and remediation methods.
Good understanding of database security (Oracle, MySQL, and MS SQL Server)
Experience with penetration testing and tools like Metasploit.
Good understanding of software development process and tools such as Agile/Scrum, Maven, Jenkins and Git.
Familiarity with DevOps and DevSecOps practices, container security and infrastructure as code tools and methodologies e.g. Terraform, GitOps, Zero Touch production, etc.
Knowledge of Security Development Lifecycle and threat modeling.
Experiences with static/dynamic security testing and common tools.
Bachelors Degree in Computer Sc…
Computer Security , Computer & IT
San Francisco, CA