Sorry. This page is not yet translated.

Ironclad builds contracts solutions that empower legal teams to do more legal work, less paperwork.

Security Engineer
San Francisco, CA, US
Job Description / Skills Required

Ironclad is the leading digital contracting platform for legal teams. By streamlining contract workflows, from creation and approvals to compliance and insights, Ironclad frees legal advisors to be the strategic advisors they’re meant to be. Ironclad is used by modern General Counsels and their teams at companies like Dropbox, AppDynamics and Fitbit to unlock the power of their contracts data. Ironclad was named one of the 20 Rising Stars as part of the Forbes 2019 Cloud 100 list, the definitive list of the top 100 private cloud companies in the world. The company is backed by investors like Accel, Sequoia, Y Combinator and Emergence Capital.
There are a lot of great things about working here, but by far the greatest benefit is the team. We are a group of motivated, mission-driven people who love learning from each other. Our business team comprises attorneys with experience in big law, tech, and finance, and our technical team comprises designers and engineers from places like Palantir, Salesforce, and MIT. We take pride in doing great work and collaborating well with each other. We work hard, but we also like to have fun.
Ironclad is seeking a curious Security Engineer with a passion for integrating security into a modern Agile & DevOps environment and Identity & Access Governance . We are looking for someone with strong experience in penetration testing and automated vulnerability scanning to bootstrap our Security Operations program and support our rapidly growing workforce. This role will drive security and risk reduction goals with our Product Engineering, Infrastructure & Tools Engineering, and Business stakeholders in technical and process improvements. 
We are looking for a candidate that brings a strong Identity & Access Governance background with focused experience in integrating security into a modern Agile & DevOps environment.

Roles & Responsibilities:

    • Perform Infrastructure and Application Security Testing.
    • Integrate Security Review into CI/CD Pipeline.
    • Contribute to the design, communication and adoption of a Software Development Life Cycle incorporating security architecture principles.
    • Provide domain expertise on protective controls including system, network, encryption, and authentication services.
    • Strong collaboration skills to work with a range of stakeholders from engineers and to corporate business stakeholders.
    • Comfort working in a rapidly evolving environment and dealing with ambiguity.
    • Strong desire to take ownership of problems and act on them independently.
    • scripting and visualization skills to pragmatically measure and tell the Identity security story.
    • Desire to stay up to date on trends, advancements, and threats facing the Identity and Access industry.
    • Technical architecture and leadership in developing strategies related to identity lifecycle management, authorization policy-shaping, and adaptive authentication patterns.
    • Work closely with members of the SRE, Development, IT, and Information Security teams to drive impactful changes to the company’s network defense posture.
    • Work closely with the compliance and governance teams to implement compliance and security requirements.
    • Work with the infrastructure and product teams to ensure that they have secure-by-default systems.
    • Provide domain expertise on protective controls including system, network, encryption, and authentication services.

Key Skills:

    • BA/BS/MS in Computer Science or Related field or equivalent experience is a plus.
    • 3+ Years of experience working in a commercial environment doing Security Testing.
    • Strong proficiency in scripting and any programming languages ( Bash, Python, Ruby etc ).
    • Experience Operating in Any Cloud Provider like ( AWS, GCP, Azure, Digital Ocean etc).
    • Experience with SSAE 16 / SOC 2, ISO 27001 & NIST.
    • Experience with Open Web Application Security Project (OWASP) is a plus.
    • Ability to appropriately prioritize and respond to different escalations.
    • Good written and verbal communication skills.
    • Ability to use a wide variety of open source technologies and tools.
    • Team and goal-oriented.
    • High output; low ego
    • Experience and desire to work cross functionally.

Nice to Have:

    • Knowledge of Git & Github
    • Knowledge of Terraform and Chef/Puppet/Ansible
    • Experience with enterprise logging/monitoring solutions ( ELK, Datadog, Sumologic, etc)
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.