Loading...

Staff Application Security Engineer

Ironcladhq

Ironclad is the leading AI contracting platform that transforms agreements into assets. Contracts move faster, insights surface instantly, and agents push work forward, all with you in control. Whether you’re buying or selling, Ironclad unifies the entire process on one intelligent platform, providing leaders with the visibility they need to stay one step ahead. That’s why the world’s most transformative organizations, from Rivian to the World Health Organization and the Associated Press, trust Ironclad to accelerate their business.

We’re consistently recognized as a leader in the industry: a Leader in the Forrester Wave and Gartner Magic Quadrant for Contract Lifecycle Management, a Fortune Great Place to Work, and one of Fast Company’s Most Innovative Workplaces. Ironclad has also been named to Forbes’ AI 50 and Business Insider’s list of Companies to Bet Your Career On. We’re backed by leading investors including Accel, Y Combinator, Sequoia, BOND, and Franklin Templeton. For more information, visit www.ironcladapp.com or follow us on LinkedIn.

This is a hybrid role. Office attendance is required at least twice a week on Tuesdays and Thursdays for collaboration and connection. There may be additional in-office days for team or company events.

Ironclad is seeking an experienced Application Security Engineer with a passion for securing modern software platforms and protecting sensitive data. We are looking for someone with strong experience in automated vulnerability scanning and penetration testing to strengthen our application security program. Whether you are better at building software or better at breaking it, we are interested in hearing from you. We welcome security researchers and strong developers, as well as past security engineers.

This role will be responsible for conducting security assessments, identifying and mitigating risks, and implementing security best practices and process improvements across Ironclad’s Product, Platform and Engineering teams.

Roles & Responsibilities:

  • Develop and implement secure coding practices, procedures, and standards for software development teams.

  • Conduct application security assessments and vulnerability testing to identify and mitigate risks.

  • Perform security reviews of code changes and ensure that security issues are addressed.

  • Collaborate with cross-functional teams to remediate software vulnerabilities and implement secure coding practices.

  • Integrate security review processes into Ironclad’s CI/CD pipeline.

  • Conduct threat modeling and risk analysis to protect sensitive data.

  • Provide domain expertise on protective controls including system, network, encryption, and authentication services.

  • Work closely with members of the SRE, Development, IT, and Security teams to drive impactful changes to Ironclad’s cybersecurity posture.

  • Work closely with the risk and governance teams to implement compliance and security requirements.

  • Contribute to secure coding and other cybersecurity training programs.

  • Stay up-to-date with the latest security trends, vulnerabilities, and attack techniques.

  • Provide technical leadership and mentorship to other members of the engineering and security teams.

Key Skills:

  • Strong proficiency in either Typescript or Javascript.

  • 3+ Years of experience working in application security or software development, preferably with SaaS companies or in regulated fields.

  • In-depth knowledge of application security concepts and practices, including OWASP Top 10 and SANS Top 25.

  • Experience with security testing tools such as Burp Suite, AppScan, and Nessus.

  • Experience operating in any cloud provider (AWS, GCP, Azure, Digital Ocean etc.).

  • Ability to appropriately prioritize and respond to different escalations.

  • Experience working collaboratively with cross-functional teams.

  • Strong desire to take ownership of problems.

  • Comfort working in a rapidly evolving environment and dealing with ambiguity.

  • Excellent communication, analytical and problem-solving skills.

  • Team and goal-oriented.

  • High output, low ego.

Nice to Have:

  • AI penetration testing.

  • Experience with git and software branching and workflow strategies.

  • Experience working with modern, microservice architectures including in Kubernetes or other containerized environments.

  • Experience with enterprise observability platforms such as ELK, Datadog, Prometheus, Grafana, etc.

  • Knowledge of Terraform or other infrastructure-as-code and configuration management solutions.

  • Experience with SOC 2, ISO 27001, NIST, and CIS standards and frameworks.

  • Experience with SAST and SCA tools such as Snyk, Checkmarx, Veracode, WhiteSource, or Black Duck.

Base Salary Range: $170,000 – $190,000

The base salary range represents the minimum and maximum of the salary range for this position based at our San Francisco headquarters. The actual base salary offered for this position will depend on numerous factors, including individual proficiency, anticipated performance, and the location of the selected candidate. Our base salary is just one component of Ironclad’s competitive total rewards package, which also includes equity awards (a new hire grant, along with opportunities for additional awards throughout your tenure), competitive health and wellness benefits, and a commitment to career growth and development.

US Full-Time Employee Benefits at Ironclad:

  • 100% health coverage for employees (medical, dental, and vision), and 75% coverage for dependents with buy-up plan options available

  • Market-leading leave policies, including gender-neutral parental leave and compassionate leave

  • Family forming support through Maven for you and your partner

  • Paid time off – take the time you need, when you need it

  • Monthly stipends for wellbeing, hybrid work, and (if applicable) cell phone use

  • Mental health support through Modern Health, including therapy, coaching, and digital tools

  • Pre-tax commuter benefits (US Employees)

  • 401(k) plan with Fidelity with employer match (US Employees)

  • Regular team events to connect, recharge, and have fun

  • And most importantly: the opportunity to help build the company you want to work at

**UK Employee-specific benefits are included on our UK job postings

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

To apply for this job please visit jobs.ashbyhq.com.

Terms used in this posting

equity
Ownership stake in the company, usually in the form of stock options or RSUs, offered in addition to salary.
hybrid
A work arrangement combining both in-office and remote/at-home work, typically on a set schedule.

Working in San Francisco, California

Weather right now in San Francisco, California: checking… · Local time: · Air quality: · Daylight: · UV index:

San Francisco, officially the City and County of San Francisco, is the fourth-most populous city in California and the 17th-most populous in the United States, with a population of 826,079 in 2025. Among U.S. cities with a population of 200,000 or more, San Francisco is ranked first by per capita income, second by population density, and sixth by aggregate income as of 2024. Some 4.6 million residents live in the city's metropolitan statistical area, which is the 13th-largest in the United States. Around 9.2 million live in the San Jose–San Francisco–Oakland combined statistical area, the fift

California is a U.S. state in the Western United States that lies on the Pacific Coast. It borders Oregon to the north, and Nevada and Arizona to the east; it also shares an international border with the Mexican state of Baja California to the south. With over 39 million residents across an area of 163,696 square miles (423,970 km2), it is the largest U.S. state by population and third-largest by

🇺🇸 Relocation safety for US: Exercise Normal Cautionvia Warnely, CC BY 4.0

National unemployment rate in US: 4.2%via World Bank

Recent seismic activity: 2 earthquakes (M4.5+) within 200km in the last 6 months — largest M5.6 near 11 km N of Redwood Valley, CA. via USGS

  • Elevation 38m (125 ft)

Source: Wikipedia (state)

Job details above are provided by the employer/source. The sections on this page are compiled from public data sources with AI assistance.

Accommodations: if you need a workplace accommodation to apply for or perform this job, see ADA.gov or EEOC.gov for guidance on your rights and how to request one.

Add application deadline to calendar

Keep exploring on Get A Job.ai

Not quite the right fit? Your next opportunity is a click away.

Hiring instead? Post a job and reach candidates searching right now.