Ironclad

Staff Application Security Engineer

Ironclad$170K — $190K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years in application security or software development, especially in SaaS or regulated environments.
  • Strong proficiency in either Typescript or Javascript.
  • In-depth knowledge of OWASP Top 10 and SANS Top 25.
  • Familiarity with security testing tools like Burp Suite and Nessus.
  • Experience with cloud platforms such as AWS, GCP, or Azure.

Responsibilities

  • Develop secure coding practices and standards for software teams.
  • Conduct security assessments and vulnerability tests to mitigate risks.
  • Review code changes for security issues and ensure remediation.
  • Collaborate with teams to enhance software security and coding practices.
  • Integrate security reviews into CI/CD processes.

Benefits

  • 100% health coverage for employees, 75% for dependents.
  • Market-leading leave policies including gender-neutral parental leave.
  • Paid time off with flexible usage.
  • Monthly stipends for wellbeing and hybrid work expenses.
  • 401(k) plan with employer match and regular team events.
Full Job Description
This is a hybrid role. Office attendance is required at least twice a week on Tuesdays and Thursdays for collaboration and connection. There may be additional in-office days for team or company events.

Ironclad is seeking an experienced Application Security Engineer with a passion for securing modern software platforms and protecting sensitive data. We are looking for someone with strong experience in automated vulnerability scanning and penetration testing to strengthen our application security program. Whether you are better at building software or better at breaking it, we are interested in hearing from you. We welcome security researchers and strong developers, as well as past security engineers.

This role will be responsible for conducting security assessments, identifying and mitigating risks, and implementing security best practices and process improvements across Ironclad's Product, Platform and Engineering teams.

Roles & Responsibilities:
  • Develop and implement secure coding practices, procedures, and standards for software development teams.
  • Conduct application security assessments and vulnerability testing to identify and mitigate risks.
  • Perform security reviews of code changes and ensure that security issues are addressed.
  • Collaborate with cross-functional teams to remediate software vulnerabilities and implement secure coding practices.
  • Integrate security review processes into Ironclad's CI/CD pipeline.
  • Conduct threat modeling and risk analysis to protect sensitive data.
  • Provide domain expertise on protective controls including system, network, encryption, and authentication services.
  • Work closely with members of the SRE, Development, IT, and Security teams to drive impactful changes to Ironclad's cybersecurity posture.
  • Work closely with the risk and governance teams to implement compliance and security requirements.
  • Contribute to secure coding and other cybersecurity training programs.
  • Stay up-to-date with the latest security trends, vulnerabilities, and attack techniques.
  • Provide technical leadership and mentorship to other members of the engineering and security teams.


Key Skills:
  • Strong proficiency in either Typescript or Javascript.
  • 3+ Years of experience working in application security or software development, preferably with SaaS companies or in regulated fields.
  • In-depth knowledge of application security concepts and practices, including OWASP Top 10 and SANS Top 25.
  • Experience with security testing tools such as Burp Suite, AppScan, and Nessus.
  • Experience operating in any cloud provider (AWS, GCP, Azure, Digital Ocean etc.).
  • Ability to appropriately prioritize and respond to different escalations.
  • Experience working collaboratively with cross-functional teams.
  • Strong desire to take ownership of problems.
  • Comfort working in a rapidly evolving environment and dealing with ambiguity.
  • Excellent communication, analytical and problem-solving skills.
  • Team and goal-oriented.
  • High output, low ego.


Nice to Have:
  • AI penetration testing.
  • Experience with git and software branching and workflow strategies.
  • Experience working with modern, microservice architectures including in Kubernetes or other containerized environments.
  • Experience with enterprise observability platforms such as ELK, Datadog, Prometheus, Grafana, etc.
  • Knowledge of Terraform or other infrastructure-as-code and configuration management solutions.
  • Experience with SOC 2, ISO 27001, NIST, and CIS standards and frameworks.
  • Experience with SAST and SCA tools such as Snyk, Checkmarx, Veracode, WhiteSource, or Black Duck.


Base Salary Range: $170,000 - $190,000

The base salary range represents the minimum and maximum of the salary range for this position based at our San Francisco headquarters. The actual base salary offered for this position will depend on numerous factors, including individual proficiency, anticipated performance, and the location of the selected candidate. Our base salary is just one component of Ironclad's competitive total rewards package, which also includes equity awards (a new hire grant, along with opportunities for additional awards throughout your tenure), competitive health and wellness benefits, and a commitment to career growth and development.

US Full-Time Employee Benefits at Ironclad:
  • 100% health coverage for employees (medical, dental, and vision), and 75% coverage for dependents with buy-up plan options available
  • Market-leading leave policies, including gender-neutral parental leave and compassionate leave
  • Family forming support through Maven for you and your partner
  • Paid time off - take the time you need, when you need it
  • Monthly stipends for wellbeing, hybrid work, and (if applicable) cell phone use
  • Mental health support through Modern Health, including therapy, coaching, and digital tools
  • Pre-tax commuter benefits (US Employees)
  • 401(k) plan with Fidelity with employer match (US Employees)
  • Regular team events to connect, recharge, and have fun
  • And most importantly: the opportunity to help build the company you want to work at

**UK Employee-specific benefits are included on our UK job postings

About Ironclad

Ironclad is a legal technology company that provides a contract management platform. The platform helps legal teams manage contracts more efficiently and effectively. Ironclad's products include contract workflow, contract analytics, and contract collaboration. The company was founded in 2014 and is headquartered in San Francisco, California.
Learn more about Ironclad
Size
100 employees
Industry
Founded
2014

Similar Jobs

More Jobs at Ironclad

More Information Technology Jobs

Find similar Staff Application Security Engineer jobs: