Sr. Application Security Engineer

We are seeking a Sr. Application Security Engineer to join our security team. In this role, you will be a critical partner to engineering, product, and DevOps teams, helping to identify, assess, and mitigate security risks across the software development lifecycle (SDLC). You will drive security by design, shape our product security standards, and ensure vulnerabilities are identified, tracked, and resolved efficiently.
This is a hands-on technical role where you will lead secure architecture/design reviews, code reviews, and penetration testing while collaborating closely with teams to embed security in every phase of product development.

Problems You Will Solve

• Partner with engineering and product teams to define and implement security requirements for applications, APIs, and microservices during design and architecture reviews.
• Conduct in-house penetration testing, secure code reviews, and threat modeling for high-impact features and critical products.
• Lead application vulnerability management, including triaging and driving the remediation of security findings from SAST, DAST, SCA, and penetration tests.
• Consult and advise cross-functional teams (engineering, DevOps, product) on secure coding practices, security architecture, and remediation strategies.
• Establish and maintain application security standards, guidelines, and best practices, aligned with OWASP, NIST, ISO, and industry frameworks.
• Ensure vulnerabilities are classified, prioritized, and remediated according to vulnerability management policies and regulatory requirements.
• Work closely with DevSecOps teams to ensure SAST/DAST/IAST/SCA tools are integrated into CI/CD pipelines and functioning effectively.
• Track and manage security issues to resolution, providing metrics, reports, and dashboards for leadership visibility.
• Stay up-to-date with emerging security threats, vulnerabilities, tools, and methodologies to continuously improve Prosper’s security posture.

All About You

• Bachelor’s degree in Computer Science, Information Security, or related field, with 8+ years of relevant experience (or Master’s degree with 6+ years).
• Strong hands-on experience in application security, secure coding, and penetration testing.
• Development background with expertise in Java/Python, SQL, JavaScript, HTML and experience reviewing modern application architectures.
• Experience working with modern web application frameworks (e.g., Spring Boot, .NET, J2EE, Rails, REST, SOAP).
• In-depth understanding of web and API security vulnerabilities (e.g., OWASP Top 10, API Top 10, CWE).
• Familiarity with authentication and authorization protocols (e.g., OAuth2, OIDC, SAML).
• Knowledge of application security testing tools (SAST, DAST, SCA, IAST) and methodologies.
• Proven experience working with DevOps/DevSecOps pipelines, integrating security tools and automation.
• Strong understanding of vulnerability management processes and regulatory frameworks (e.g., PCI DSS, GDPR, SOC 2).
• Bonus: Knowledge of cloud security (AWS, GCP, Azure) and container security (Docker, Kubernetes).
• Security experience in Agile, CI/CD, and fast-paced product development environments.
• Preferred: Industry certifications such as OSCP, CSSLP, GWAPT, CEH, GPEN, CISSP.
• Preferred: Familiarity with mobile application security testing and API security testing tools (e.g., Burp Suite, Postman, ZAP, Insomnia).
• Preferred: Knowledge of network security, infrastructure security, and microservices architecture.
• Preferred: Experience driving secure SDLC initiatives and developer security education.

What We Offer

• The opportunity to collaborate with a team of creative, fun, and driven colleagues on products that have an immediate and significant impact on people's lives
• The opportunity to work in a fast-paced environment with experienced industry leaders
• Flexible time off, comprehensive health coverage, competitive salary, paid parental leave
• Wellness benefits including access to mental health resources, virtual HIIT and yoga workouts
• A bevy of other perks including Udemy access, childcare assistance, pet insurance discounts, legal assistance, and additional discounts

#LI-AW1#IND1


About Our Technology TeamWe are growing our Technology team to support our various financial products. The ideal candidate is passionate about learning the Fintech domain and delivering cutting-edge, high-quality solutions to solve business problems. We utilize a progressive, test-driven, Agile development methodology that places a high premium on communication, teamwork, sound design and clean implementation. 
About UsFounded in 2005 as the first peer-to-peer marketplace lending platform in the U.S., Prosper was built on a simple idea: connect people who want to borrow money with those who want to invest. Since inception, Prosper has helped more than 2 million people gain access to affordable credit with over $27 billion in loans originated through its platform. Our mission is to help our customers advance their financial well-being through a variety of products including personal loans, credit, home equity lines of credit (HELOC), and our newest product, HELoan. Our diverse culture rewards accountability and cross functional teamwork because we believe this encourages innovative thinking and helps us deliver on our mission.   We’re on a mission to hire the very best, and we are committed to creating exceptional employee experiences where everyone is respected and has access to equal opportunity. We realize that new ideas can come from everywhere. It is important to us that every hire connects with our vision, mission, and core values. Join a leading fintech company that’s democratizing finance for all!  
Our ValuesDiversity expands opportunitiesCollaboration creates better solutions Curiosity fuels our innovationIntegrity defines all our relationshipsExcellence leads to longevity Simplicity guides our user experience Accountability at all levels drives results
www.prosper.comOur Story & Team  //   Our Blog 
Applicants have rights under Federal Employment Laws.Family & Medical Leave Act (FMLA)Equal Employment Opportunity (EEO)Employee Polygraph Protection Act (EPPA)  
California applicants: please click here to view our California Consumer Privacy Act (“CCPA”) Notice for Applicants, which describes your rights under the CCPA: https://www.prosper.com/plp/legal/privacy-notice-for-applicants/
At Prosper, we're looking for people with passion, integrity, and a hunger to learn. We encourage you to apply even if your experience doesn't precisely match the job description. Your unique skill set and diverse perspective will stand out and set you apart from other candidates. Prosper thrives with people who think outside of the box and aren't afraid to challenge the status quo. We invite you to join us on our mission to advance financial well-being.
Prosper is committed to an inclusive and diverse workplace. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical​​​ condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law, including the San Francisco Fair Chance Ordinance. Prosper will consider for employment qualified applicants who are non-US citizens and will provide green card sponsorship.