Senior Application Security Engineer

Prosper Marketplace
Summary
Join Prosper's security team as a Sr. Application Security Engineer and become a critical partner to engineering, product, and DevOps teams. You will identify, assess, and mitigate security risks across the SDLC, driving security by design and shaping product security standards. This hands-on role involves leading secure architecture/design reviews, code reviews, and penetration testing. You will collaborate closely with teams to embed security in every phase of product development and ensure vulnerabilities are identified, tracked, and resolved efficiently. The position requires a Bachelor’s degree in a related field with 8+ years of experience (or Master’s degree with 6+ years). The salary range is $189,000 - $211,000 annually, plus bonus and generous benefits.
Requirements
- Bachelor’s degree in Computer Science, Information Security, or related field, with 8+ years of relevant experience (or Master’s degree with 6+ years)
- Strong hands-on experience in application security, secure coding, and penetration testing
- Development background with expertise in Java/Python, SQL, JavaScript, HTML and experience reviewing modern application architectures
- Experience working with modern web application frameworks (e.g., Spring Boot, .NET, J2EE, Rails, REST, SOAP)
- In-depth understanding of web and API security vulnerabilities (e.g., OWASP Top 10, API Top 10, CWE)
- Familiarity with authentication and authorization protocols (e.g., OAuth2, OIDC, SAML)
- Knowledge of application security testing tools (SAST, DAST, SCA, IAST) and methodologies
- Proven experience working with DevOps/DevSecOps pipelines, integrating security tools and automation
- Strong understanding of vulnerability management processes and regulatory frameworks (e.g., PCI DSS, GDPR, SOC 2)
Responsibilities
- Partner with engineering and product teams to define and implement security requirements for applications, APIs, and microservices during design and architecture reviews
- Conduct in-house penetration testing, secure code reviews, and threat modeling for high-impact features and critical products
- Lead application vulnerability management, including triaging and driving the remediation of security findings from SAST, DAST, SCA, and penetration tests
- Consult and advise cross-functional teams (engineering, DevOps, product) on secure coding practices, security architecture, and remediation strategies
- Establish and maintain application security standards, guidelines, and best practices, aligned with OWASP, NIST, ISO, and industry frameworks
- Ensure vulnerabilities are classified, prioritized, and remediated according to vulnerability management policies and regulatory requirements
- Work closely with DevSecOps teams to ensure SAST/DAST/IAST/SCA tools are integrated into CI/CD pipelines and functioning effectively
- Track and manage security issues to resolution, providing metrics, reports, and dashboards for leadership visibility
- Stay up-to-date with emerging security threats, vulnerabilities, tools, and methodologies to continuously improve Prosper’s security posture
Preferred Qualifications
- Knowledge of cloud security (AWS, GCP, Azure) and container security (Docker, Kubernetes)
- Security experience in Agile, CI/CD, and fast-paced product development environments
- Industry certifications such as OSCP, CSSLP, GWAPT, CEH, GPEN, CISSP
- Familiarity with mobile application security testing and API security testing tools (e.g., Burp Suite, Postman, ZAP, Insomnia)
- Knowledge of network security, infrastructure security, and microservices architecture
- Experience driving secure SDLC initiatives and developer security education
Benefits
- Flexible time off
- Comprehensive health coverage
- Competitive salary
- Paid parental leave
- Wellness benefits including access to mental health resources, virtual HIIT and yoga workouts
- A bevy of other perks including Udemy access, childcare assistance, pet insurance discounts, legal assistance, and additional discounts