Security Engineer
Posted on 4/4/2024
Evisort

51-200 employees

AI-powered contract management platform
Company Overview
Evisort's mission is to change the way business deals get done. Evisort creates cutting-edge AI technology that makes contracts searchable and simplifies deal-making processes to supercharge business while helping to reduce costs and manage risk.
AI & Machine Learning
Financial Services
B2B

Company Stage

Series C

Total Funding

$155.6M

Founded

2016

Headquarters

San Francisco, California

Growth & Insights
Headcount

6 month growth

-7%

1 year growth

-26%

2 year growth

15%
Locations
Minneapolis, MN, USA
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
Kubernetes
Microsoft Azure
Python
JavaScript
Node.js
Java
TypeScript
AWS
Terraform
Ansible
Google Cloud Platform
CategoriesNew
IT & Security
Cybersecurity
Network Administration
Requirements
  • 3+ years of experience in secure software development
  • Computer science degree or similar preferred
  • Proficiency with Python, Javascript, TypeScript, Node.js, or JVM preferred
  • Experience building and securing backend Node.js + TypeScript services is ideal
  • Experience with finding, triaging, and fixing web application vulnerabilities, covering at least the OWASP Top 10, is required
  • The ability to quickly pick up new technologies and finding problems in unfamiliar systems or code bases
  • The ability to communicate security concerns effectively to technical and non-technical stakeholders via written and verbal mediums
  • A proficiency for automating as much as possible, and a desire to solve problems once
  • A passion for security and building resilient systems
  • Experience with securing microservice architectures based around public cloud services, containers, Docker, and Kubernetes
  • Familiarity with managing public clouds (AWS, Azure, GCP) using infrastructure–as-code (Terraform) and automation (Ansible, Puppet, Chef, etc) preferred
  • Knowledge of cloud security best practices is a plus
  • Experience building out a Secure Software Development Life Cycle (SSDLC), including integrating automated security testing, SAST, DAST, SCA, fuzzing, and variant analysis within a CI/CD pipeline
  • Experience with SIEM tooling preferred
  • Experience with log management and alert automation is a plus
Responsibilities
  • Own core pieces of our security program based on your skill set and interest
  • Find, manage, and fix vulnerabilities in the product, coordinating with development teams on their remediation, and building tooling to prevent them from reappearing or being created in the first place
  • Design and build application frameworks and services to improve the security of a cloud, container-based microservice application stack
  • Collaborate with dev teams and other stakeholders as their dedicated Security Partner, including threat modeling, security design, implementation, and process building
  • Roll out and manage cloud infrastructure security initiatives
  • Expand our logging, alerting, and detection automation, and respond to potential incidents
  • Help manage corporate security initiatives in collaboration with other teams, including SSO, MDM, EDR, and network security
  • Drive compliance initiatives that add real security value