• Ironclad is seeking a skilled Application Security Engineer with a passion for securing modern software platforms and protecting sensitive data
• We are looking for someone with strong experience in automated vulnerability scanning and penetration testing to strengthen our application security program
• The ideal candidate will have experience in software development or testing at SaaS companies or in regulated fields
• BA/BS/MS in Computer Science or related field or equivalent experience
• 3+ Years of experience working in application security or software development, preferably with SaaS companies or in regulated fields
• In-depth knowledge of application security concepts and practices, including OWASP Top 10 and SANS Top 25
• Experience with SAST and SCA tools such as Snyk, Checkmarx, Veracode, WhiteSource, or Black Duck
• Experience with security testing tools such as Burp Suite, AppScan, and Nessus
• Experience with SOC 2, ISO 27001, NIST, and CIS standards and frameworks
• Experience operating in any cloud provider (AWS, GCP, Azure, Digital Ocean etc.)
• Ability to appropriately prioritize and respond to different escalations
• Experience working collaboratively with cross-functional teams
• Strong desire to take ownership of problems
• Comfort working in a rapidly evolving environment and dealing with ambiguity
• Excellent communication, analytical and problem-solving skills
• Team and goal-oriented
• High output, low ego

Desirable

• This role will be responsible for conducting security assessments, identifying and mitigating risks, and implementing security best practices and process improvements across Ironclad’s Product, Platform and Engineering teams
• Develop and implement secure coding practices, procedures, and standards for software development teams
• Conduct application security assessments and vulnerability testing to identify and mitigate risks
• Perform security reviews of code changes and ensure that security issues are addressed
• Collaborate with cross-functional teams to remediate software vulnerabilities and implement secure coding practices
• Integrate security review processes into Ironclad’s CI/CD pipeline
• Conduct threat modeling and risk analysis to protect sensitive data
• Provide domain expertise on protective controls including system, network, encryption, and authentication services
• Work closely with members of the SRE, Development, IT, and Security teams to drive impactful changes to Ironclad’s cybersecurity posture
• Work closely with the risk and governance teams to implement compliance and security requirements
• Contribute to secure coding and other cybersecurity training programs
• Stay up-to-date with the latest security trends, vulnerabilities, and attack techniques
• Provide technical leadership and mentorship to other members of the engineering and security teams