# Staff Application Security Engineer **Company:** [Ironclad](https://hotfix.jobs/companies/ironclad) **Location:** San Francisco, CA **Salary:** $170K-$190K **Skills:** Burp Suite, Appscan, Nessus, TypeScript, JavaScript, AWS, GCP, Azure, Kubernetes, Terraform, Snyk, Checkmarx, Veracode, Owasp Top 10, CI/CD **Posted:** 2026-04-08 > Leads application security assessments, vulnerability testing, and secure coding practices for a SaaS platform. Requires 3+ years in app sec or software dev, proficiency in TypeScript/JavaScript, security tools like Burp Suite, and cloud experience. ## Job Description ## Roles & Responsibilities - Develop and implement secure coding practices, procedures, and standards for software development teams. - Conduct application security assessments and vulnerability testing to identify and mitigate risks. - Perform security reviews of code changes and ensure that security issues are addressed. - Collaborate with cross-functional teams to remediate software vulnerabilities and implement secure coding practices. - Integrate security review processes into Ironclad’s CI/CD pipeline. - Conduct threat modeling and risk analysis to protect sensitive data. - Provide domain expertise on protective controls including system, network, encryption, and authentication services. - Work closely with members of the SRE, Development, IT, and Security teams to drive impactful changes to Ironclad’s cybersecurity posture. - Work closely with the risk and governance teams to implement compliance and security requirements. - Contribute to secure coding and other cybersecurity training programs. - Stay up-to-date with the latest security trends, vulnerabilities, and attack techniques. - Provide technical leadership and mentorship to other members of the engineering and security teams. ## Key Skills - BA/BS/MS in Computer Science or related field or equivalent experience. - 3+ Years of experience working in application security or software development, preferably with SaaS companies or in regulated fields. - In-depth knowledge of application security concepts and practices, including **OWASP Top 10** and **SANS Top 25**. - Experience with security testing tools such as **Burp Suite**, **AppScan**, and **Nessus**. - Strong proficiency in either **Typescript** or **Javascript**. - Experience operating in any cloud provider (**AWS**, **GCP**, **Azure**, **Digital Ocean** etc.). - Ability to appropriately prioritize and respond to different escalations. - Experience working collaboratively with cross-functional teams. - Strong desire to take ownership of problems. - Comfort working in a rapidly evolving environment and dealing with ambiguity. - Excellent communication, analytical and problem-solving skills. - Team and goal-oriented. - High output, low ego. ## Nice to Have - AI penetration testing. - Experience with **git** and software branching and workflow strategies. - Experience working with modern, microservice architectures including in **Kubernetes** or other containerized environments. - Experience with enterprise observability platforms such as **ELK**, **Datadog**, **Prometheus**, **Grafana**, etc. - Knowledge of **Terraform** or other infrastructure-as-code and configuration management solutions. - Experience with **SOC 2**, **ISO 27001**, **NIST**, and **CIS** standards and frameworks. - Experience with **SAST** and **SCA** tools such as **Snyk**, **Checkmarx**, **Veracode**, **WhiteSource**, or **Black Duck**. ## Compensation **Base Salary Range: $170,000 - $190,000** **Apply:** https://hotfix.jobs/jobs/staff-application-security-engineer-at-ironclad-ff55e746-da79-4e09-8b3c-ffd76fd9911c **Canonical:** https://hotfix.jobs/jobs/staff-application-security-engineer-at-ironclad-ff55e746-da79-4e09-8b3c-ffd76fd9911c