Lead Security Engineer

Los Angeles, CA
Engineering
Full-time
We are seeking an experienced Lead Security Engineer who interfaces with technical and non-technical teams to identity product security risks and develop solutions to eliminate or minimize them. The candidate should have a deep understanding of application security vulnerabilities and mitigation strategies. He or she will drive the creation and maintenance of product security standards, guidelines and procedures along with conducting application penetration testing, performing architecture/design and code reviews, and vulnerability assessments.

In this role you will:

    • Identify, highlight and provide application / API security requirements and recommendations to the engineering and product teams during architecture and design review phase
    • Conduct in-house penetration testing and code review of Prosper applications
    • Provide consultancy to the product development, engineering & operations teams on technical security issues and remediation
    • Take ownership of application vulnerability management process
    • Ensure scan results are analyzed in a timely manner
    • Categorize the vulnerabilities as per the defined process
    • Ensure fixes are applied as per the vulnerability policy
    • Track open issues and follow up with different teams to address them

We are looking for:

    • Bachelor's degree in Computer Science/Information Systems or related field
    • 5+ years of experience as a developer or in application security
    • Knowledge of authentication mechanisms like SAML, OAuth, etc.
    • Knowledge of security flaws and its resolution as listed in sites like OWASP, SANS, etc.
    • Experience in secure application programming, performing code reviews, and penetration testing, web based security testing of mobile applications preferred
    • Knowledge of software design, network architecture, protocols, and standards preferred
    • Security experience in Agile development preferred

Perks and benefits:

    • People – the best part of Zest
    • Robust healthcare plans, matching 401K and unlimited vacation time
    • Dog friendly office with lounge areas, video games and gigantic jigsaw puzzles
    • On-site gym with fitness classes
    • Generous family leave policy (6 month maternity leave/3 month paternity leave)
    • Tuition reimbursement, conference allowance and Zest talks
    • Complimentary massages, manicures, pedicures and more
    • Daily catered lunches from LA’s best restaurants and fully stocked kitchen
    • Company happy hours, social events and outings
About ZestFinance:

ZestFinance, Inc. applies its unique credit-decisioning technology platform — based on data science and machine learning — to help lenders effectively predict credit risk so they can increase revenues, reduce risk and ensure compliance. ZestFinance was founded in 2009 by Douglas Merrill and a team of former Google employees with the mission of making fair and transparent credit available to everyone.

We are committed to diversity in hiring, professional development, and everyday discussion.  Zest is determined to hire crazy smart people who are different from each other to create broad thinking, lots of different ideas, and by extension, the best team possible.