Ironclad
Ironclad is the #1 contract lifecycle management platform for innovative companies.
SaaS • Legal • Contract Management • Legal operations • Legal tech
201 - 500
Staff Application Security Engineer
August 27
🏢 In-office - San Francisco
AWS
Azure
Cloud
Cyber Security
Google Cloud Platform
Grafana
Java
Kubernetes
Prometheus
Python
Ruby
Terraform
TypeScript
WordPress
Ironclad
Ironclad is the #1 contract lifecycle management platform for innovative companies.
SaaS • Legal • Contract Management • Legal operations • Legal tech
201 - 500
Description
• Develop and implement secure coding practices, procedures, and standards for software development teams. • Conduct application security assessments and vulnerability testing to identify and mitigate risks. • Perform security reviews of code changes and ensure that security issues are addressed. • Collaborate with cross-functional teams to remediate software vulnerabilities and implement secure coding practices. • Integrate security review processes into Ironclad’s CI/CD pipeline. • Conduct threat modeling and risk analysis to protect sensitive data. • Provide domain expertise on protective controls including system, network, encryption, and authentication services. • Work closely with members of the SRE, Development, IT, and Security teams to drive impactful changes to Ironclad’s cybersecurity posture. • Work closely with the risk and governance teams to implement compliance and security requirements. • Contribute to secure coding and other cybersecurity training programs. • Stay up-to-date with the latest security trends, vulnerabilities, and attack techniques. • Provide technical leadership and mentorship to other members of the engineering and security teams.
Requirements
• BA/BS/MS in Computer Science or related field or equivalent experience. • 3+ Years of experience working in application security or software development, preferably with SaaS companies or in regulated fields. • In-depth knowledge of application security concepts and practices, including OWASP Top 10 and SANS Top 25. • Experience with SAST and SCA tools such as Snyk, Checkmarx, Veracode, WhiteSource, or Black Duck. • Experience with security testing tools such as Burp Suite, AppScan, and Nessus. • Experience with SOC 2, ISO 27001, NIST, and CIS standards and frameworks. • Experience operating in any cloud provider (AWS, GCP, Azure, Digital Ocean etc.). • Ability to appropriately prioritize and respond to different escalations. • Experience working collaboratively with cross-functional teams. • Strong desire to take ownership of problems. • Comfort working in a rapidly evolving environment and dealing with ambiguity. • Excellent communication, analytical and problem-solving skills. • Team and goal-oriented. • High output, low ego.
Benefits
• Health, dental, and vision insurance • 401k • Wellness reimbursement • Take what you need vacation policy • Generous parental leave for both primary and secondary caregivers
Apply Now
