Senior Product Security Engineer
Software Engineering, Product
Remote · United States · Canada · San Francisco, CA, USA
Posted on Saturday, January 20, 2024
Our mission is to change the way business deals get done. In an industry plagued by inefficient and ineffective contract management systems, we provide a solution that accelerates, scales, and protects the business, enabling contract professionals to become their company’s superhero.
We create cutting-edge AI technology that makes contracts searchable and simplifies deal-making processes to supercharge business while helping to reduce costs and manage risk. We automate manual work, facilitate collaboration, and streamline operations so businesses can make better decisions.
By reimagining legal documents, we take the stress out of contract management, empowering brilliant people to do their best work while fueling exponential growth.
We are seeking a building-focused Security Engineer to join Evisort’s growing security team and help drive securing our code base, infrastructure, and systems from a clean slate as the company (and security organization) scales. This is an exciting opportunity to join a company that takes security seriously from the start, rather than the usual state of cleaning up years of technical debt with a skeleton crew. You will touch all areas of security at Evisort, with plenty of opportunities to learn new aspects of security and to lead areas where you have experience or interest.
What you’ll do:
- Own core pieces of our security program based on your skill set and interest
- Find, manage, and fix vulnerabilities in the product, coordinating with development teams on their remediation, and building tooling to prevent them from reappearing or being created in the first place
- Design and build application frameworks and services to improve the security of a cloud, container-based microservice application stack
- Collaborate with dev teams and other stakeholders as their dedicated Security Partner, including threat modeling, security design, implementation, and process building
- Roll out and manage cloud infrastructure security initiatives
- Expand our logging, alerting, and detection automation, and respond to potential incidents
- Help manage corporate security initiatives in collaboration with other teams, including SSO, MDM,EDR and network security
- Drive compliance initiatives that add real security value
Skills / Qualifications:
- The right candidate for this role will definitely have:
- Experience with finding, triaging, and fixing web application vulnerabilities, covering at least the OWASP Top 10, is required
- The ability to quickly pick up new technologies and finding problems in unfamiliar systems or code bases
- The ability to communicate security concerns effectively to technical and non technical stakeholders via written and verbal mediums
- A proficiency for automating as much as possible, and a desire to solve problems once
- A passion for security and building resilient systems
- Experience with one or more of the following is preferred:
- Experience with securing microservice architectures based around public cloud services, containers, Docker, and Kubernetes.
- Familiarity with managing public clouds (AWS, Azure, GCP) using infrastructure–as-code (Terraform) and automation (Ansible, Puppet, Chef, etc) preferred.
- Knowledge of cloud security best practices is a plus
- Experience building out a Secure Software Development Life Cycle (SSDLC), including integrating automated security testing, SAST, DAST, SCA, fuzzing, and variant analysis within a CI/CD pipeline
- Experience with SIEM tooling preferred.
- Experience with log management and alert automation is a plus
Evisort is an E-verify employer. Your eligibility to work in the United States will be verified through the E-verify system if you apply and are selected for a position in the United States.