Prosper Marketplaceposted 3 days ago
$189,000 - $211,000/Yr
Full-time - Senior
Hybrid - San Francisco, CA
Credit Intermediation and Related Activities
About the position
We are seeking a Sr. Application Security Engineer to join our security team. In this role, you will be a critical partner to engineering, product, and DevOps teams, helping to identify, assess, and mitigate security risks across the software development lifecycle (SDLC). You will drive security by design, shape our product security standards, and ensure vulnerabilities are identified, tracked, and resolved efficiently. This is a hands-on technical role where you will lead secure architecture/design reviews, code reviews, and penetration testing while collaborating closely with teams to embed security in every phase of product development.
Responsibilities
- Partner with engineering and product teams to define and implement security requirements for applications, APIs, and microservices during design and architecture reviews.
- Conduct in-house penetration testing, secure code reviews, and threat modeling for high-impact features and critical products.
- Lead application vulnerability management, including triaging and driving the remediation of security findings from SAST, DAST, SCA, and penetration tests.
- Consult and advise cross-functional teams (engineering, DevOps, product) on secure coding practices, security architecture, and remediation strategies.
- Establish and maintain application security standards, guidelines, and best practices, aligned with OWASP, NIST, ISO, and industry frameworks.
- Ensure vulnerabilities are classified, prioritized, and remediated according to vulnerability management policies and regulatory requirements.
- Work closely with DevSecOps teams to ensure SAST/DAST/IAST/SCA tools are integrated into CI/CD pipelines and functioning effectively.
- Track and manage security issues to resolution, providing metrics, reports, and dashboards for leadership visibility.
- Stay up-to-date with emerging security threats, vulnerabilities, tools, and methodologies to continuously improve Prosper's security posture.
Requirements
- Bachelor's degree in Computer Science, Information Security, or related field, with 8+ years of relevant experience (or Master's degree with 6+ years).
- Strong hands-on experience in application security, secure coding, and penetration testing.
- Development background with expertise in Java/Python, SQL, JavaScript, HTML and experience reviewing modern application architectures.
- Experience working with modern web application frameworks (e.g., Spring Boot, .NET, J2EE, Rails, REST, SOAP).
- In-depth understanding of web and API security vulnerabilities (e.g., OWASP Top 10, API Top 10, CWE).
- Familiarity with authentication and authorization protocols (e.g., OAuth2, OIDC, SAML).
- Knowledge of application security testing tools (SAST, DAST, SCA, IAST) and methodologies.
- Proven experience working with DevOps/DevSecOps pipelines, integrating security tools and automation.
- Strong understanding of vulnerability management processes and regulatory frameworks (e.g., PCI DSS, GDPR, SOC 2).
Nice-to-haves
- Knowledge of cloud security (AWS, GCP, Azure) and container security (Docker, Kubernetes).
- Security experience in Agile, CI/CD, and fast-paced product development environments.
- Preferred: Industry certifications such as OSCP, CSSLP, GWAPT, CEH, GPEN, CISSP.
- Preferred: Familiarity with mobile application security testing and API security testing tools (e.g., Burp Suite, Postman, ZAP, Insomnia).
- Preferred: Knowledge of network security, infrastructure security, and microservices architecture.
- Preferred: Experience driving secure SDLC initiatives and developer security education.
Benefits
- The opportunity to collaborate with a team of creative, fun, and driven colleagues on products that have an immediate and significant impact on people's lives.
- The opportunity to work in a fast-paced environment with experienced industry leaders.
- Flexible time off, comprehensive health coverage, competitive salary, paid parental leave.
- Wellness benefits including access to mental health resources, virtual HIIT and yoga workouts.
- A bevy of other perks including Udemy access, childcare assistance, pet insurance discounts, legal assistance, and additional discounts.
Hard Skills
Azure Security
1
Burp Suite
1
Docker
1
HTML
1
JavaScript
1
1LhcZFJi v2F8ExPfU5e
0
1hVRz3GsKjLIF Vl0qYWSGMAm68
0
4EoBPZKqQTVhaD MCoKS4EZqHT
0
83nHo2g7P m9vYD5pH2u4
0
8KINVcT S9651fysm
0
DwrtxM8V0q 7AUaqZQsm
0
FYdIDMB d0TV
0
Fm1nMbwOR XtBiTlUo
0
GSTMmNYqs2PI e1EDrowT
0
K5DrE29m EWmhwsqzI
0
OTmFdc
0
OZlpK E2z5Gq61dity
0
Oavd9UkNZDE5 sWyRPHJeE
0
PedgMEBt2uX 0mvIH3kJcubgl
0
PqVyAv Hz5vQdT
0
QSEgrdBTH9z E4r81da3Z5nk
0
QYsl4mr0Scy
0
QfwyKRl RDaBUyx
0
YbWhNREGvys1 l5KErjxO
0
aGLYrEgH03bi rXAa89mYJ73H
0
aNkiJn5 QHUEj
0
aqkvwOM
0
bjdA4fzC5B7Q JAvomCLXcH60
0
cB0zq6FGoZAO e5BOHTdX
0
dBDZPSo il1IvqA
0
eOJv
0
erCtsQV 0gu1JBmcPwrn 7a15wGyh
0
eyWL5PDNkq7tAr 3t7jfyZ
0
h57gtroZy oKxCpOD5HA
0
hDWlQ86cT 5x8VP9pGDkiI
0
hOvVdHrnA X2ekKofvzShtBji
0
hzZ8P U9g0xQ
0
iLe94DksGWtM hDEqU9t05
0
kaN26IbSB9DG w2JgqZD8C
0
kuqy84lTwh QStcyJb4Fd
0
lsEXJF AHazUNckL
0
mYjaUXL8
0
ow8iz zL3IMvtsdq5
0
p3UN4fiw52V1Z0 WGyioFdf9Av
0
pLK Pg7RxdBEUiTj6 1raKDES
0
rcodtqI ci7Gl62dkJMv
0
uRVWK3rMp rDLM2d0i
0
uj6D84t X0Y4xBA
0
wz0FVWb5JsGaR9U C8Qino2Fe
0
yN1Rf42GrO9 HxeA8tViBjfc
0
zEJ9lmk3d ia4YdFS03khm
0
Soft Skills
eYwKa3XO UrFZuvWI
0
A Smarter and Faster Way to Build Your Resume