Staff Application Security Engineer

Roles & Responsibilities

• Develop and implement secure coding practices, procedures, and standards for software development teams.
• Conduct application security assessments and vulnerability testing to identify and mitigate risks.
• Perform security reviews of code changes and ensure that security issues are addressed.
• Collaborate with cross-functional teams to remediate software vulnerabilities and implement secure coding practices.
• Integrate security review processes into Ironclad’s CI/CD pipeline.
• Conduct threat modeling and risk analysis to protect sensitive data.
• Provide domain expertise on protective controls including system, network, encryption, and authentication services.
• Work closely with members of the SRE, Development, IT, and Security teams to drive impactful changes to Ironclad’s cybersecurity posture.
• Work closely with the risk and governance teams to implement compliance and security requirements.
• Contribute to secure coding and other cybersecurity training programs.
• Stay up-to-date with the latest security trends, vulnerabilities, and attack techniques.
• Provide technical leadership and mentorship to other members of the engineering and security teams.

Key Skills

• BA/BS/MS in Computer Science or related field or equivalent experience.
• 3+ Years of experience working in application security or software development, preferably with SaaS companies or in regulated fields.
• In-depth knowledge of application security concepts and practices, including OWASP Top 10 and SANS Top 25.
• Experience with security testing tools such as Burp Suite, AppScan, and Nessus.
• Strong proficiency in either Typescript or Javascript.
• Experience operating in any cloud provider (AWS, GCP, Azure, Digital Ocean etc.).
• Ability to appropriately prioritize and respond to different escalations.
• Experience working collaboratively with cross-functional teams.
• Strong desire to take ownership of problems.
• Comfort working in a rapidly evolving environment and dealing with ambiguity.
• Excellent communication, analytical and problem-solving skills.
• Team and goal-oriented.
• High output, low ego.

Nice to Have

• AI penetration testing.
• Experience with git and software branching and workflow strategies.
• Experience working with modern, microservice architectures including in Kubernetes or other containerized environments.
• Experience with enterprise observability platforms such as ELK, Datadog, Prometheus, Grafana, etc.
• Knowledge of Terraform or other infrastructure-as-code and configuration management solutions.
• Experience with SOC 2, ISO 27001, NIST, and CIS standards and frameworks.
• Experience with SAST and SCA tools such as Snyk, Checkmarx, Veracode, WhiteSource, or Black Duck.

Compensation

Base Salary Range: $170,000 - $190,000