Security Engineer

Posted on 9/8/2023

INACTIVE

201-500 employees

AI-powered contract management platform

Company Overview

Evisort's mission is to change the way business deals get done. Evisort creates cutting-edge AI technology that makes contracts searchable and simplifies deal-making processes to supercharge business while helping to reduce costs and manage risk.

AI & Machine Learning

Financial Services

B2B

Company Stage

Series C

Total Funding

$155.6M

Founded

2016

Headquarters

San Francisco, California

Growth & Insights

Headcount

6 month growth

↓ -7%

1 year growth

↓ -22%

2 year growth

↑ 47%

Locations

San Francisco, CA, USA • Remote in USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

Node.js

AWS

Docker

Google Cloud Platform

JavaScript

Java

Microsoft Azure

Puppet

Terraform

Kubernetes

Python

TypeScript

Ansible

Chef

CategoriesNew

DevOps & Infrastructure

Software Engineering

Requirements

The right candidate for this role will definitely have:
3+ years of experience in secure software development. Computer science degree or similar preferred. Proficiency with Python, Javascript, TypeScript, Node.js, or JVM preferred. Experience building and securing backend Node.js + TypeScript services is ideal
Experience with finding, triaging, and fixing web application vulnerabilities, covering at least the OWASP Top 10, is required
The ability to quickly pick up new technologies and finding problems in unfamiliar systems or code bases
The ability to communicate security concerns effectively to technical and non technical stakeholders via written and verbal mediums
A proficiency for automating as much as possible, and a desire to solve problems once
A passion for security and building resilient systems
Experience with one or more of the following is preferred:
Experience with securing microservice architectures based around public cloud services, containers, Docker, and Kubernetes
Familiarity with managing public clouds (AWS, Azure, GCP) using infrastructure-as-code (Terraform) and automation (Ansible, Puppet, Chef, etc) preferred
Experience building out a Secure Software Development Life Cycle (SSDLC), including integrating automated security testing, SAST, DAST, SCA, fuzzing, and variant analysis within a CI/CD pipeline
Experience with SIEM tooling preferred

Responsibilities

Own core pieces of our security program based on your skill set and interest
Find, manage, and fix vulnerabilities in the product, coordinating with development teams on their remediation, and building tooling to prevent them from reappearing or being created in the first place
Design and build application frameworks and services to improve the security of a cloud, container-based microservice application stack
Collaborate with dev teams and other stakeholders as their dedicated Security Partner, including threat modeling, security design, implementation, and process building
Roll out and manage cloud infrastructure security initiatives
Expand our logging, alerting, and detection automation, and respond to potential incidents
Help manage corporate security initiatives in collaboration with other teams, including SSO, MDM,EDR and network security
Drive compliance initiatives that add real security value

Desired Qualifications

Knowledge of cloud security best practices is a plus
Experience with log management and alert automation is a plus

Our mission is to change the way business deals get done. In an industry plagued by inefficient and ineffective contract management systems, we provide a solution that accelerates, scales, and protects the business, enabling contract professionals to become their company’s superhero.

We create cutting-edge AI technology that makes contracts searchable and simplifies deal-making processes to supercharge business while helping to reduce costs and manage risk. We automate manual work, facilitate collaboration, and streamline operations so businesses can make better decisions.

By reimagining legal documents, we take the stress out of contract management, empowering brilliant people to do their best work while fueling exponential growth.

The Role:

We are seeking a building-focused Security Engineer to join Evisort’s growing security team and help drive securing our code base, infrastructure, and systems from a clean slate as the company (and security organization) scales. This is an exciting opportunity to join a company that takes security seriously from the start, rather than the usual state of cleaning up years of technical debt with a skeleton crew. You will touch all areas of security at Evisort, with plenty of opportunities to learn new aspects of security and to lead areas where you have experience or interest.

What you’ll do:

Own core pieces of our security program based on your skill set and interest
Find, manage, and fix vulnerabilities in the product, coordinating with development teams on their remediation, and building tooling to prevent them from reappearing or being created in the first place
Design and build application frameworks and services to improve the security of a cloud, container-based microservice application stack
Collaborate with dev teams and other stakeholders as their dedicated Security Partner, including threat modeling, security design, implementation, and process building
Roll out and manage cloud infrastructure security initiatives
Expand our logging, alerting, and detection automation, and respond to potential incidents
Help manage corporate security initiatives in collaboration with other teams, including SSO, MDM,EDR and network security
Drive compliance initiatives that add real security value

Skills / Qualifications:

The right candidate for this role will definitely have:
3+ years of experience in secure software development. Computer science degree or similar preferred. Proficiency with Python, Javascript, TypeScript, Node.js, or JVM preferred. Experience building and securing backend Node.js + TypeScript services is ideal
Experience with finding, triaging, and fixing web application vulnerabilities, covering at least the OWASP Top 10, is required
The ability to quickly pick up new technologies and finding problems in unfamiliar systems or code bases
The ability to communicate security concerns effectively to technical and non technical stakeholders via written and verbal mediums
A proficiency for automating as much as possible, and a desire to solve problems once
A passion for security and building resilient systems
Experience with one or more of the following is preferred:
Experience with securing microservice architectures based around public cloud services, containers, Docker, and Kubernetes.
Familiarity with managing public clouds (AWS, Azure, GCP) using infrastructure–as-code (Terraform) and automation (Ansible, Puppet, Chef, etc) preferred.
Knowledge of cloud security best practices is a plus
Experience building out a Secure Software Development Life Cycle (SSDLC), including integrating automated security testing, SAST, DAST, SCA, fuzzing, and variant analysis within a CI/CD pipeline
Experience with SIEM tooling preferred.
Experience with log management and alert automation is a plus

Evisort is an E-verify employer. Your eligibility to work in the United States will be verified through the E-verify system if you apply and are selected for a position in the United States.