Leads application security assessments, vulnerability testing, and secure coding practices for a SaaS platform. Requires 3+ years in app sec or software dev, proficiency in TypeScript/JavaScript, security tools like Burp Suite, and cloud experience.
170k – 190k
HybridSecurity Engineering
About the role
Roles & Responsibilities
Develop and implement secure coding practices, procedures, and standards for software development teams.
Conduct application security assessments and vulnerability testing to identify and mitigate risks.
Perform security reviews of code changes and ensure that security issues are addressed.
Collaborate with cross-functional teams to remediate software vulnerabilities and implement secure coding practices.
Integrate security review processes into Ironclad’s CI/CD pipeline.
Conduct threat modeling and risk analysis to protect sensitive data.
Provide domain expertise on protective controls including system, network, encryption, and authentication services.
Work closely with members of the SRE, Development, IT, and Security teams to drive impactful changes to Ironclad’s cybersecurity posture.
Work closely with the risk and governance teams to implement compliance and security requirements.
Contribute to secure coding and other cybersecurity training programs.
Stay up-to-date with the latest security trends, vulnerabilities, and attack techniques.
Provide technical leadership and mentorship to other members of the engineering and security teams.
Key Skills
BA/BS/MS in Computer Science or related field or equivalent experience.
3+ Years of experience working in application security or software development, preferably with SaaS companies or in regulated fields.
In-depth knowledge of application security concepts and practices, including OWASP Top 10 and SANS Top 25.
Experience with security testing tools such as Burp Suite, AppScan, and Nessus.
Strong proficiency in either Typescript or Javascript.
Experience operating in any cloud provider (AWS, GCP, Azure, Digital Ocean etc.).
Ability to appropriately prioritize and respond to different escalations.
Experience working collaboratively with cross-functional teams.
Strong desire to take ownership of problems.
Comfort working in a rapidly evolving environment and dealing with ambiguity.
Excellent communication, analytical and problem-solving skills.
Team and goal-oriented.
High output, low ego.
Nice to Have
AI penetration testing.
Experience with git and software branching and workflow strategies.
Experience working with modern, microservice architectures including in Kubernetes or other containerized environments.
Experience with enterprise observability platforms such as ELK, Datadog, Prometheus, Grafana, etc.
Knowledge of Terraform or other infrastructure-as-code and configuration management solutions.
Experience with SOC 2, ISO 27001, NIST, and CIS standards and frameworks.
Experience with SAST and SCA tools such as Snyk, Checkmarx, Veracode, WhiteSource, or Black Duck.
Compensation
Base Salary Range: $170,000 - $190,000
Skills
Burp SuiteAppscanNessusTypeScriptJavaScriptAWSGCPAzureKubernetesTerraformSnykCheckmarxVeracodeOwasp Top 10CI/CD
Lead cybersecurity strategy, architecture, and RMF execution for complex defense aircraft, mission systems, networks, and infrastructure. Requires 8+ years in cybersecurity for integrated defense platforms, strong RMF/STIG knowledge, and cross-functional integration skills.
170k – 250k
On-site8+ YOESecurity Engineering
Staff IAM Engineer
IroncladSan Francisco, CA
Own security-critical identity and corporate security controls, managing IAM platforms, SSO/MFA integrations, RBAC policies, and endpoint trust for macOS/Windows environments.
170k – 190k
Hybrid4+ YOESecurity Engineering
Staff Risk Analyst
EarninUnited States
Owns full fraud risk management lifecycle including strategy, policy design, cross-functional leadership, and analytics in fintech. Requires 7+ years experience, SQL/Python, fraud platforms, and deep credit card knowledge.
170k – 210k
Remote7+ YOESecurity Engineering
Staff Software Engineer, Security Engineering
OktaBellevue, WA +3
Staff-level engineer designing and building security guardrails for multi-cloud environments, translating security standards into code-driven policies. Requires 8+ years in cloud security with deep expertise in Kubernetes, IAM, and Policy-as-Code.
174k – 239k
Hybrid8+ YOESecurity Engineering
Staff GRC Engineer
ezCaterUnited States
Senior individual contributor leading GRC program maturity, control automation, data security governance, and AI governance for a SaaS food tech platform. Requires 8+ years in security compliance with strong automation and cross-functional influence skills.