Staff Application Security Engineer

Ironclad is the leading AI contracting platform that transforms agreements into assets. Contracts move faster, insights surface instantly, and agents push work forward, all with you in control. Whether you’re buying or selling, Ironclad unifies the entire process on one intelligent platform, providing leaders with the visibility they need to stay one step ahead. That’s why the world’s most transformative organizations, from Rivian to the World Health Organization and the Associated Press, trust Ironclad to accelerate their business.

• →

  Develop and implement secure coding practices, procedures, and standards for software development teams.

• →

  Conduct application security assessments and vulnerability testing to identify and mitigate risks.

• →

  Perform security reviews of code changes and ensure that security issues are addressed.

• →

  Collaborate with cross-functional teams to remediate software vulnerabilities and implement secure coding practices.

• →

  Integrate security review processes into Ironclad’s CI/CD pipeline.

• →

  Conduct threat modeling and risk analysis to protect sensitive data.

• →

  Provide domain expertise on protective controls including system, network, encryption, and authentication services.

• →

  Work closely with members of the SRE, Development, IT, and Security teams to drive impactful changes to Ironclad’s cybersecurity posture.

• →

  Work closely with the risk and governance teams to implement compliance and security requirements.

• →

  Contribute to secure coding and other cybersecurity training programs.

• →

  Stay up-to-date with the latest security trends, vulnerabilities, and attack techniques.

• →

  Provide technical leadership and mentorship to other members of the engineering and security teams.

• BA/BS/MS in Computer Science or related field or equivalent experience.

• 3+ Years of experience working in application security or software development, preferably with SaaS companies or in regulated fields.

• In-depth knowledge of application security concepts and practices, including OWASP Top 10 and SANS Top 25.

• Experience with security testing tools such as Burp Suite, AppScan, and Nessus.

• Strong proficiency in either Typescript or Javascript.

• Experience operating in any cloud provider (AWS, GCP, Azure, Digital Ocean etc.).

• Ability to appropriately prioritize and respond to different escalations.

• Experience working collaboratively with cross-functional teams.

• Strong desire to take ownership of problems.

• Comfort working in a rapidly evolving environment and dealing with ambiguity.

• Excellent communication, analytical and problem-solving skills.

• Team and goal-oriented.

• High output, low ego.

• AI penetration testing.

• Experience with git and software branching and workflow strategies.

• Experience working with modern, microservice architectures including in Kubernetes or other containerized environments.

• Experience with enterprise observability platforms such as ELK, Datadog, Prometheus, Grafana, etc.

• Knowledge of Terraform or other infrastructure-as-code and configuration management solutions.

• Experience with SOC 2, ISO 27001, NIST, and CIS standards and frameworks.

• Experience with SAST and SCA tools such as Snyk, Checkmarx, Veracode, WhiteSource, or Black Duck.

The base salary range represents the minimum and maximum of the salary range for this position based at our San Francisco headquarters. The actual base salary offered for this position will depend on numerous factors, including individual proficiency, anticipated performance, and the location of the selected candidate. Our base salary is just one component of Ironclad’s competitive total rewards package, which also includes equity awards (a new hire grant, along with opportunities for additional awards throughout your tenure), competitive health and wellness benefits, and a commitment to career growth and development.