Develop and implement secure coding practices, procedures, and standards for software development teams.
Conduct application security assessments and vulnerability testing to identify and mitigate risks.
Perform security reviews of code changes and ensure that security issues are addressed.
Collaborate with cross-functional teams to remediate software vulnerabilities and implement secure coding practices.
Integrate security review processes into Ironclad’s CI/CD pipeline.
Conduct threat modeling and risk analysis to protect sensitive data.
Provide domain expertise on protective controls including system, network, encryption, and authentication services.
Work closely with members of the SRE, Development, IT, and Security teams to drive impactful changes to Ironclad’s cybersecurity posture.
Work closely with the risk and governance teams to implement compliance and security requirements.
Contribute to secure coding and other cybersecurity training programs.
Stay up-to-date with the latest security trends, vulnerabilities, and attack techniques.
Provide technical leadership and mentorship to other members of the engineering and security teams.

Requirements

BA/BS/MS in Computer Science or related field or equivalent experience
3+ Years of experience working in application security or software development, preferably with SaaS companies or in regulated fields
In-depth knowledge of application security concepts and practices, including OWASP Top 10 and SANS Top 25
Experience with security testing tools such as Burp Suite, AppScan, and Nessus
Strong proficiency in either Typescript or Javascript
Experience operating in any cloud provider (AWS, GCP, Azure, Digital Ocean etc.)
Ability to appropriately prioritize and respond to different escalations
Experience working collaboratively with cross-functional teams
Strong desire to take ownership of problems
Comfort working in a rapidly evolving environment and dealing with ambiguity
Excellent communication, analytical and problem-solving skills
Team and goal-oriented
High output, low ego
Nice to Have: AI penetration testing
Experience with git and software branching and workflow strategies
Experience working with modern, microservice architectures including in Kubernetes or other containerized environments
Experience with enterprise observability platforms such as ELK, Datadog, Prometheus, Grafana, etc.
Knowledge of Terraform or other infrastructure-as-code and configuration management solutions
Experience with SOC 2, ISO 27001, NIST, and CIS standards and frameworks
Experience with SAST and SCA tools such as Snyk, Checkmarx, Veracode, WhiteSource, or Black Duck

Benefits

100% health coverage for employees (medical, dental, and vision), and 75% coverage for dependents with buy-up plan options available
Market-leading leave policies, including gender-neutral parental leave and compassionate leave
Family forming support through Maven for you and your partner
Paid time off - take the time you need, when you need it
Monthly stipends for wellbeing, hybrid work, and (if applicable) cell phone use
Mental health support through Modern Health, including therapy, coaching, and digital tools
Pre-tax commuter benefits (US Employees)
401(k) plan with Fidelity with employer match (US Employees)
Regular team events to connect, recharge, and have fun
And most importantly: the opportunity to help build the company you want to work at

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

secure coding practicesapplication security assessmentsvulnerability testingthreat modelingrisk analysisTypescriptJavascriptcloud computinginfrastructure-as-codemicroservice architectures

Soft Skills

communicationanalytical skillsproblem-solvingcollaborationownershipadaptabilityteam-orientedgoal-orientedmentorshipleadership

Certifications

BA in Computer ScienceBS in Computer ScienceMS in Computer ScienceSOC 2ISO 27001NISTCIS