Senior Manager, Application Security

Prosper Marketplace Inc San Francisco , CA 94118

Posted 3 months ago

Who We Are

Prosper is built on a simple idea: connect people who want to borrow money with those that have money to invest. Through Prosper, borrowers get access to fixed and low-rate loans, and investors in those loans can earn solid returns. We work to help build financial well-being for our users, enabling them to invest in each other in a way that is both financially and socially impactful. Since our launch in 2005 as the first peer-to-peer lending marketplace in the US, more than 1 million loans have been provided through the Prosper platform. We've helped people gain access to more than $13 billion in loans for everything from consolidating credit card debt, making home improvements, and even paying for costly medical expenses.

Backed by leading investors like Sequoia Capital, Francisco Partners, Institutional Venture Partners, and Credit Suisse NEXT Fund, our platform is developed and supported with pride in our downtown San Francisco and sunny Phoenix offices.

www.prosper.com

Our Story & Team // Our Blog // Follow us on Twitter: @ProsperLoans

A Few Things to Know About Us

We offer an excellent compensation and benefits plan, including incentive bonuses, stock options, company-paid health, dental, and vision insurance, paid vacation time, 401(k) with employer-match, fitness reimbursement, commuting reimbursement, and more!

What We Need

We are seeking a Senior Manager of Product Security who would the point for the overall application security program. This individual will report to the Head of Information Security and will be a key member of the security team who works cross-functionally to identify, remediate and respond to threats that may arise against our web/mobile/API applications. We are looking for smart, self-driven candidates who want to be part of an innovative FinTech company with a mission to improve financial well-being of its customer.

What You Will Do

  • Enhance/maintain the overall product security program

  • Integrating threat modeling, security tools, standards, and processes into the product lifecycle (PLC)

  • Validate, analyze, and prioritize findings and drive vulnerabilities through to resolution

  • Perform security architecture reviews for major changes to the product

  • Implement/maintain external pen-test and/or bug bounty program

  • Perform black-box penetration testing and code reviews

  • Build secure development standards

  • Mentor and guide product security engineers

  • Create standardize metrics reporting to measure the state of application security programs

  • Train developers and QA personnel on secure coding practices

What You Will Need To Have

  • 5 + years of product security experience (prior development experience preferred)

  • Candidates should be familiar with agile development processes

  • Candidates must be able to explain and test vulnerabilities and weaknesses in the OWASP Top10

  • Experience with deploying solutions to secure APIs

  • Experience with OAuth and OpenID

What's in it for you

In addition to working for a world-class FinTech company and having a lot of fun doing it, Prosper provides an excellent compensation and benefits plan. The plan includes incentive bonuses, stock options, company paid health, dental and vision insurance, paid vacation time, 401k with employer match and even fitness reimbursement and commuting reimbursement benefits.

Prosper is committed to an inclusive and diverse workplace. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law, including the San Francisco Fair Chance Ordinance.


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Sr Application Security Engineer (Cloud Security)

Thisway

Posted 3 days ago

VIEW JOBS 11/16/2018 12:00:00 AM 2019-02-14T00:00 <p>As the Sr. Application Security Engineer (Product / Cloud Security) for GAP, Inc., you will work closely with technical peers across all of GapTech. You will ensure that our platforms and technologies protect all Gap Customer and Employee Data analyzed, captured, processed, and/or stored. The Engineer will also be key to enabling security self-sufficiency across our DevOps organization by helping establish local programs such as the Security Champions, Security University, and Application Security. The Sr. Application Security Engineer (Product / Cloud Security) reports to the Director of Product Security.</p><p> <br> RESPONSIBILITIES:</p> <ul> <li>Architect security solutions for cloud implementation</li> <li>Engage with the Business and DevOps partners using a consultative &amp; partnering approach</li> <li>Establish and maintain the local Security Champions program </li> <li>Assess security risks and help deliver secure solutions via threat modeling, code review and penetration testing</li> <li>Enforce secure development lifecycle</li> <li>Assist with the implementation and execution of the application security program </li> <li>Actively participate in the creation of the Security University curriculum </li> <li>Stay abreast of trends and advances in IT/security solutions and threats</li> <li>Monitor changes in the operating environment that affect information security</li> <li>Present security updates, recommendations and strategic opportunities to local leadership</li> <li>Challenge status quo on security matters</li> <li>Provide advice on a broad range of security items and strategies</li> </ul><p><strong>Requirements</strong></p><ul> <li>Product-centric Cloud security experience (private, hybrid)</li> <li>Experience designing cloud security architecture within OpenStack, AWS, Azure, GCE, or similar environments</li> <li>IaaS or PaaS experience preferred</li> <li>Web application security experience including OWASP Top 10 vulnerabilities, browser security, JavaScript security, and rich web safety</li> <li>Deep understanding of web application attacks including SQLi, XSS, XXE, and other common security issues</li> <li>Experience creating and delivering introductory to advanced training to other engineers on security practices</li> <li>Significant knowledge of TCP/IP, cryptographic protocols and algorithms, operating system internals and operations, and application level protocols</li> <li>Demonstrated programming ability in C, C++, Java, php, JavaScript, python, perl, and other languages</li> <li>Ability to configure, operate, and understand the regular workings of the following: Apache, PHP, SSH, UNIX hosts, TLS, etc.</li> <li>Experience working in a risk based environment including mitigation, planning and implementation</li> <li>Operational flexibility in modifying business and operating practices to adapt to a changing environment</li> <li>Demonstrated ability to innovate and operate outside established methods and procedures</li> <li>Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships</li> <li>Excellent communication and influencing skills </li> <li>Proven success working across organizational and geographic boundaries</li> <li>Preferred Certifications - CISSP, CISA, CISM, CRISC, CGEIT, ISO27001 </li> <li>Bachelor’s in Computer Science, Engineering or related technical field</li> <li>Minimum 5 years experience in an information-security related occupation</li> </ul><p><strong>Benefits</strong></p><p>GAP, Inc. believes in growth and innovation. The digital marketplace has reshaped the storefront and our five brands know no borders. We are committed to sustainability, fair wages and equal pay and believe our business will succeed in a world where everyone has the chance to stand as equals and thrive. </p> <p>We’re looking for risk takers who love to make a difference, believe in the value of hard work and perseverance and most importantly, share our values.</p> Thisway San Francisco CA

Senior Manager, Application Security

Prosper Marketplace Inc