Senior Application Security Developer

Clio


8 months ago

06/17/2019 10:21:23

Job type: Full-time

Hiring from: Vancouver or Calgary

Category: Software Development


We are currently seeking a Senior Application Security Developer to join our Information Security team.  Are you someone who’s always probing and asking why, someone who enjoys finding smarter and more efficient solutions to problems and helping teams level-up their security practices? If you have a strong operations background with a passion for security and experience in cloud-first environments, then we want to talk to you.

Founded in Vancouver, Canada in 2008, Clio is transforming the practice of law, for good. Whether it's our industry-leading cloud-based practice management platform, our ground-breaking Legal Trends Report or our ever-popular Clio Cloud Conference, Clio is at the forefront of advancing the legal sphere.

With the help of the cloud, we make lawyers’ lives simpler and help them better organize and manage their legal practices. As one of Canada’s fastest-growing companies with international reach, we employ over 250 individuals with a rapidly growing customer base spanning 90 countries. Clio has been recognized as one of CIX’s Top 20 Most Influential Technology Companies, one of Canada’s Top Small & Medium Employers, and has one of Canada’s 10 Most Admired Corporate Cultures. Additionally, for the last two years, we have been recognized on Deloitte's Fast50 Fast500 lists.


What you'll be doing:

  • Mentoring and sharing best security practices;

  • Develop and implement tools to help developers avoid security flaws;

  • Build partnerships with developments teams and provide expertise in security best practices;

  • Contribute to driving security awareness and knowledge amongst the product organization;

  • Provide detailed guidance and support to teams in vulnerability remediation;

  • Identify and implement tools for automated application scanning, static analysis and related tools;

  • Perform penetration testing;

  • Perform reactive incident response when a security event occurs;

  • Perform proactive research to detect new attack vectors;

  • Elevate and educate our security culture within Clio, contributing to our cultural values of “No doors, only windows” and “Live a learning mindset”.

Who you are:

  • A curious person who is willing to ask many questions;

  • Someone who loves learning new things and developing creative security solutions for a fast growing, continuous integration environment;

  • 5+ years experience in some combination of the following disciplines: web application security, cloud security, infrastructure security, penetration testing, secure software development, security tools development, architecture review and threat modelling;

  • Experience with AWS, Ruby on Rails, Python, Javascript and other modern open source languages and tools.

 

Why would you want to work here:

We offer a great compensation package, 3 weeks vacation, a fun work environment, a great benefits plan, and an opportunity to be part of a great growth story with unlimited potential. We are looking for owl-drawers and team builders—people who work hard and play for keeps. We hire the brightest, most driven people in tech, and boast alumni from Google, Salesforce, Facebook, Amazon and LinkedIn on our team. Come and join them!

Location:

We are preferably looking for someone to be in our world-class office in Vancouver or Calgary. We are also open to remote options in similar time zones. 

Need more reasons? Here are some things that make us awesome:

  • The chance to do work that matters on a product that truly changes lives. This is the place for driven people who want to make their mark.

  • The freedom to choose your own path (and change it) to build a meaningful career that works for you.

  • Excellent health and dental coverage, vacation time, parental leave options and education spending

  • An RRSP matching program

  • Regular games nights and team outings with the best coworkers you’ll ever work with

We believe that ensuring diversity and inclusion will produce a better place to work and a better product. We encourage all candidates to apply.

Please mention that you come from Remotive when applying for this job.

Help us maintain Remotive! If this link is broken, please just click to report dead link!

similar jobs

  • Bold Penguin (Eastern Time +/- 2 hours)
    4 days ago

    We didn’t create Bold Penguin because commercial insurance is broken. It isn’t. But as the world has gotten more connected and digitized, commercial insurance lags behind—creating a fragmented landscape where businesses, agents, and insurance companies struggle to interact in a smooth and easy way. That’s why we’ve built a highly efficient exchange that cuts the friction out of commercial insurance by connecting everyone to the right quote in record time.

    Powering the world of insurance is no small feat, so we’ve brought on a team that's not only incredibly talented but also passionate about our potential to upgrade the entire industry. As more and more companies big and small depend on our technology to operate in the commercial insurance space, we’ll need the best talent all around to support our growth. That’s why we’re looking at you (yes, you!) to make a bold move and join our adventure.

    Your  Role

    As a Cloud & Site Reliability Engineer, you will be a subject matter expert in building highly reliable, highly scalable features and infrastructure. You’ll use DevOps principles to ensure that Bold Penguin’s software systems are always available and ready to scale to meet growing demands. 

    Click here to learn more about DevOps on the glacier

    What You’ll Do

    • Ensure the reliability, performance, and availability of our platform by working as part of a cross-functional product team
    • Participate in agile ceremonies such as iteration planning, retrospective, and daily standups
    • Be part of the shared on-call rotation and proactively research possible issues affected the availability of our platform
    • Understand and clearly articulate tradeoffs in architecture decisions with regards to cost, security, operational efficiencies, performance, and availability
    • Build and maintain infrastructure with executable code (IaC) and automated delivery pipelines
    • Be passionate about Cloud/DevOps/SRE concepts such as Immutable Infrastructure, Cattle vs Pets, Infrastructure as Code, Delivery Pipelines

    Skills & Qualifications

    • Deep, hands-on expertise with AWS Cloudformation and other Infrastructure as Code tools
    • Experience with Amazon Web Services; specifically EC2, ECS, ELB, CodePipeline, RDS, Redshift, S3, IAM, and Lambda
    • Ability to articulate Cloud & DevOps concepts to a variety of technical & non-technical team members
    • Bonus points for expertise in implementing security & compliance frameworks such as SOC/2, NIST 800-53, and NIST 800-171 especially in Amazon Web Services
    • Bonus points for AWS Certifications 
    • Bonus points for familiarity with microservices architectures, Ruby on Rails and/or ETL tools such as Fivetran.
    • Experience working at technology companies and startups desirable
    • 2-4 years + of working remote, full time, and/or with full time co-located teams across different time zones.

    BONUS POINTS

    • Full-stack expertise in multiple tiers of modern web applications (e.g. front end, back end, infrastructure, etc.)
    • Open-source contributions and/or speaking experience.
    • Previous work experience in insurance and/or experience with policy rating very desirable.
    • You love Penguins! ;P

    TRAVEL TO THE "GLACIER" (please read)

    • We are firm proponents of "seeing eye to eye by meeting face to face". As such, our remote team travels in once a quarter for a full day of collaboration, goal setting, team building, etc.  Are you able to make this work?  In addition to this we also ask that, if hired, you are able to make the first week onsite for onboarding/training. 

    PENGUIN PERKS

    • For a healthy colony.
      • Our plan covers 50% of your Medical Premiums – Health - HRA, Dental, Vision, and Life Insurance, as well as Short & Long Term Disability (Trust us, the benefits are great!
    • Penguins plan for the future.
      • 401k Match program, up to 4%! 
    • Parental Leave
      • 16 weeks of parental leave (your kids need you there!)
    • Need a vacation?
      • Unlimited PTO - Please take a vacation - you need it and we applaud it and in fact we require you take 10 days off!
    • Hungry? Thirsty?
      • We offer free snacks and drinks, as well as catered lunch every Monday (even to our remote employees...nomb nomb nomb)
    • Penguins need to learn!
      • We support your professional growth. Certifications, training, memberships, and conferences are actively encouraged—and often covered.
    • Penguins are social creatures and love to play!
      • We have frequent happy hours, company events, and outings. What kind of company would we be if we didn't have some fun!?!? 
    • Penguins give back.
      • We offer volunteer opportunities every month!  There is no better feeling than giving back =)
    • Don’t want to move to Columbus?
      • We offer up to 100% remote engineers!
      • You must be OK visiting the office for a day or two every quarter - we are all about that camaraderie! 

    Penguins believe in inclusion. That’s why we’re proud to be an equal opportunity employer that considers all qualified applicants regardless of race, color, religion, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, beak size, or inability to fly.

  • Imperfect Foods (US only)
    1 week ago

    At Imperfect we are all about groceries on a mission. Since 2015, our services have saved over 100M lbs of food, 1.2B gallons of water, and 110M lbs CO2, donating 4M lbs of food along the way. Our software engineering team builds the ecommerce platform and internal tooling that makes this all possible. The team collaborates closely to develop features, solutions, and systems that enhance and transform user experience. We’re a remote-first team, with members scattered throughout the US. This role will report to the Devops Director, and can be remotely located within US.

    Responsibilities:

    • Manage all cloud-based infrastructure, including performance and cost optimization
    • Ensure application and infrastructure observability
    • Build internal tooling to reduce friction points in the software development lifecycle
    • Establish and maintain test suites, collaborating with broader team to execute
    • Advocate for code quality and automated approaches to ensuring that quality
    • Share on-call rotation and be an escalation point to the business and engineering
    • Actively contribute to team and company standards
    • Ensure the reliability of systems essential to Imperfect customers and internal users
    • Keep up-to-date with the latest technology developments in your area(s) of expertise

    About You:

    • A pragmatic, customer-centric approach to problem-solving
    • A sincere commitment to crafting maintainable, dependable systems
    • The willingness and ability to contribute to a team culture of quality
    • Passionate about our mission to eliminate food waste and create a better food system for all
  • 1 week ago
    Articulate is looking for a Security Engineer to join our team. 

    We’re makers. We build delightful systems and tools that empower our engineering teams to move quickly, safely, and reliably. Join us in building secure e-learning for millions of learners across Rise.com and Articulate 360.

    We need a special person who thrives in an environment of freedom. You might be our person if you can work largely self-directed from home and have hands-on experience securing cloud platforms.

    Responsibilities:
    • Build and improve on our intrusion detection monitoring to help us get deeper and more actionable threat insight.
    • Improve our security posture across our products, AWS infrastructure, and Kubernetes.
    • Make recommendations on security best practices and be on the lookout for things we should be doing better.
    • Remediate known vulnerabilities using tools like Twistlock, GitHub, and various AWS security services.
    • Work with your team to implement changes for compliance purposes (SOC 2, FedRAMP, ISO 27001).
    • Contribute to building a healthy culture of shared security responsibility across engineering and the larger organization.
    Qualifications:
    • You have a growth mindset and a deep passion for continuous learning. 
    • You’ve built or overseen IDS and/or DLP implementation at a previous job and can make informed recommendations to our team based on our needs.
    • You have a solid understanding of the AWS security tool landscape and have the know-how to use these tools to address security needs.
    • You’re a doer. You’re in your element when writing code or building systems to deal with security concerns.
    • You’re proficient in one or more programming or scripting languages. We use Bash, Ruby, Go, and JavaScript heavily at Articulate. 
    • You’re skilled in the art of troubleshooting systems. You can grasp both the problem at hand and the historical context of it. You also make smart decisions about how to move forward on a problem and make the system better and more reliable for your team. 
    About Articulate

    Articulate is a highly successful, fully remote software company that’s changing the way the world learns. Our award-winning e-learning tools are used by 98,000+ organizations across the globe to create engaging online and mobile courses. Our customers include 93 of the Fortune 100 and 19 of the top 20 U.S. universities. And our online community of 800,000+ members is the largest, fastest-growing community in the industry.
     
    We empower employees to thrive by fostering a culture of autonomy, productivity, and respect. We’re all free to exercise our crafts the best way we know how to reach our goals as individuals and teams. Each and every one of us is focused on producing results that directly impact the company’s success. And we all strive to do what’s right by people, both internally and externally, instead of taking the shortest route to the highest profits.
     
    We honor people’s humanity in all of our disparate experiences and social locations, accepting each person as an individual with a story worth listening to and honoring. We believe that honoring everyone’s humanity means being committed to equity and justice. We welcome different voices and viewpoints and do not discriminate on the basis of race, religion, color, national origin, ancestry, physical and/or mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, transgender status, age, sexual orientation, and military or veteran status, or any other basis protected by law. We are an equal opportunity employer and invite applicants to voluntarily disclose their race and gender on our application form to help us create a diverse company. This voluntarily disclosed information will not be shared with any hiring manager and will be kept in confidence by the Articulate human resources department and executives who are not hiring for this position.

Remotive can help!

Not sure how to apply properly to this job? Watch our live webinar « 3 Mistakes to Avoid When Looking For A Remote Startup Job (And What To Do Instead) ».

Interested to chat with Remote workers? Join our community!