Lendable operates consumer finance products - loans, credit cards, and car finance - in the UK and US markets, processing loan disbursements in minutes where legacy banking infrastructure takes days. Founded in 2014 and profitable since 2017, the company rebuilt these products from scratch around automation, machine learning models for credit decisioning, and daily feature deployments. The threat model here is typical for fintech: fraudulent applications, identity spoofing, account takeover, and the regulatory surface area that comes with handling financial data at scale across two jurisdictions.
The engineering organization, part of a 700-person team split between London and Kent, ships Python and Kotlin codebases with SQL datastores supporting ML pipelines that ingest non-traditional data sources for underwriting. The stack includes native iOS and Android applications. Daily deployment cadence means the attack surface evolves constantly - authentication flows, API endpoints, and third-party integrations change frequently, requiring continuous threat modeling and security automation rather than point-in-time audits.
Security practitioners here would be working directly with product engineers who own features end-to-end, which means embedding controls in CI/CD pipelines, reviewing model training data for poisoning risks, and hardening API gateways that handle PII and financial transactions. The regulatory environment - FCA in the UK, state-level compliance in the US - adds compliance engineering to the scope alongside traditional appsec and infrastructure hardening.