Security Engineer

San Francisco, CA /
Engineering, Product & Design – Engineering /
Ironclad is the #1 contract lifecycle management platform for innovative companies. L’Oréal, Staples, Mastercard, and other leading innovators use Ironclad to collaborate and negotiate on contracts, accelerate contracting while maintaining compliance, and turn contracts into critical carriers of operational business intelligence. It’s the only platform flexible enough to handle every type of contract workflow, whether a sales agreement, an HR agreement or a complex NDA. The company was named one of the 20 Rising Stars on the Forbes 2019 Cloud 100 list, and is backed by leading investors like Accel, Y Combinator, Sequoia, and Bond. For more information, visit or follow us on LinkedIn and Twitter.

There are a lot of great things about working here, but by far the greatest benefit is the team. We are a group of motivated, mission-driven people who love learning from each other. Our business team comprises attorneys with experience in big law, tech, and finance, and our technical team comprises designers and engineers from places like Palantir, Salesforce, and MIT. We take pride in doing great work and collaborating well with each other. We work hard, but we also like to have fun.

Ironclad is seeking a curious Security Engineer with a passion for integrating security into a modern Agile & DevOps environment and Identity & Access Governance . We are looking for someone with strong experience in penetration testing and automated vulnerability scanning to bootstrap our Security Operations program and support our rapidly growing workforce. This role will drive security and risk reduction goals with our Product Engineering, Infrastructure & Tools Engineering, and Business stakeholders in technical and process improvements. 

Roles & Responsibilities:

    • Perform Infrastructure and Application Security Testing.
    • Integrate Security Review into CI/CD Pipeline.
    • Contribute to the design, communication and adoption of a Software Development Life Cycle incorporating security architecture principles.
    • Provide domain expertise on protective controls including system, network, encryption, and authentication services.
    • Strong collaboration skills to work with a range of stakeholders from engineers and to corporate business stakeholders.
    • Comfort working in a rapidly evolving environment and dealing with ambiguity.
    • Strong desire to take ownership of problems and act on them independently.
    • scripting and visualization skills to pragmatically measure and tell the Identity security story.
    • Desire to stay up to date on trends, advancements, and threats facing the Identity and Access industry.
    • Technical architecture and leadership in developing strategies related to identity lifecycle management, authorization policy-shaping, and adaptive authentication patterns.
    • Work closely with members of the SRE, Development, IT, and Information Security teams to drive impactful changes to the company’s network defense posture.
    • Work closely with the compliance and governance teams to implement compliance and security requirements.
    • Work with the infrastructure and product teams to ensure that they have secure-by-default systems.
    • Provide domain expertise on protective controls including system, network, encryption, and authentication services.

Key Skills:

    • BA/BS/MS in Computer Science or Related field or equivalent experience is a plus.
    • 3+ Years of experience working in a commercial environment doing Security Testing.
    • Strong proficiency in scripting and any programming languages ( Bash, Python, Ruby etc ).
    • Experience Operating in Any Cloud Provider like ( AWS, GCP, Azure, Digital Ocean etc).
    • Experience with SSAE 16 / SOC 2, ISO 27001 & NIST.
    • Experience with Open Web Application Security Project (OWASP) is a plus.
    • Ability to appropriately prioritize and respond to different escalations.
    • Good written and verbal communication skills.
    • Ability to use a wide variety of open source technologies and tools.
    • Team and goal-oriented.
    • High output; low ego
    • Experience and desire to work cross functionally.

Nice to Have:

    • Knowledge of Git & Github
    • Knowledge of Terraform and Chef/Puppet/Ansible
    • Experience with enterprise logging/monitoring solutions ( ELK, Datadog, Sumologic, etc)
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.