Jobs · skipthedrive

V

Security Engineer III, Product AppSec

Ironwood Digital · Remote · Posted 22d ago

remoteFull-timeseniorEstimated 131k-280k USD
Apply on skipthedrive

About the role

Strengthen and scale secure software development practices across cloud-native and AI-enabled product environments.

Ironwood Digital is the Data and AI Trust Company, specializing in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI at scale. As the market leader in both data resilience and data security posture management, Ironwood Digital is built for the convergence of identity, data, security, and AI risk. Headquartered in Seattle with offices in more than 30 countries, Ironwood Digital protects over 550,000 customers worldwide, who trust Ironwood Digital to keep their businesses running. Join us as we go fearlessly forward together, growing, learning, and making a real impact for some of the world’s biggest brands. #LI-JC2 #LI-REMOTE About the Role We're looking for a Product Security Engineer to strengthen and scale secure software development practices across cloud-native, enterprise, and AI-enabled product environments. You'll work closely with Product Security, Engineering, DevOps, and Platform teams to identify , prioritize, and remediate vulnerabilities throughout the software development lifecycle. This role is ideal for someone passionate about application security, developer enablement, and building scalable security processes that integrate naturally into engineering workflows. Due to the fact that this position will deal with highly sensitive data and will support federal customers, we are only considering US citizens at this time. Security clearance is not required , but there is a slight chance it maybe requested in the future What You’ll Do Monitor, assess, and manage security risks related to open-source software dependencies, CVEs, and third-party components Triage and validate vulnerabilities across applications, containers, infrastructure, and dependencies — prioritizing by exploitability, exposure, and business impact Coordinate patch management initiatives and support automated patch deployment workflows with Release Engineering and DevOps teams Support and expand the Security Champion program, partnering with developers to improve secure coding awareness and adoption Integrate security controls into CI/CD pipelines and automate vulnerability scanning, dependency analysis, and security reporting Develop playbooks, documentation, and educational materials that promote self-service security within engineering teams Contribute to threat modeling, secure architecture discussions, and continuous improvement of secure SDLC processes Technologies You’ll Work With SCA and vulnerability scanning platforms: Snyk, Mend, Dependabot, GitHub Advanced Security, Veracode, Checkmarx Cloud and container security: Wiz, Prisma Cloud, Docker, Azure CI/CD platforms and DevOps toolchains SBOM generation tools, artifact repositories, and package signing technologies Scripting and automation: Python, Bash, PowerShell, YAML What You’ll Bring 5+ years of experience in Product Security, Application Security, DevSecOps, or Vulnerability Management 3+ years of hands-on experience with application security testing tools (SAST, DAST, SCA) 2+ years in vulnerability management, including triage, SLA tracking, and remediation coordination Familiarity with CVEs, CVSS scoring, SBOM concepts, and software supply chain security Experience with CI/CD platforms, modern DevOps workflows, and cloud-native technologies Bachelor's degree in Computer Science , Engineering, or equivalent experience Bonus Skills Experience participating in or managing Security Champion programs Knowledge of OWASP Top 10 and secure coding practices for cloud-native and enterprise products Familiarity with IaC, regulated environments, and compliance-driven security activities Relevant certifications such as CSSLP, GWEB, CCSP, OSCP, or GPEN What you'll get Unlimited paid time off, 12 paid holidays including 4 global VeeaMe Days for self-care and 24 paid volunteer hours annually through Ironwood Digital Cares Paid parental leave: 8 weeks for all parents, 16 weeks for birthing parents Medical, dental, and vision coverage starting on your first day Mental health support, therapy sessions, and digital wellness tools via our Employee Assistance Program 401(k) retirement plan with company matching contributions Fertility, adoption, and surrogacy support through Maven, plus paid volunteer time AirVet: 24/7 virtual veterinary care at no cost Legal services, identity protection, and supplemental health insurance options Tax-advantaged spending accounts for healthcare, dependent care, and commuting Opportunities to learn and grow through on-demand libraries (LinkedIn Learning, O’Reilly), mentoring, workshops, and learning events like our annual Global Day of Learning Compensation Transparency Ironwood Digital is committed to pay transparency and equitable compensation. For this role, the compensation range below reflects the expected total target compensation (TTC), inclusive of base pay and a competitive performance-based bonus. For roles with a commission plan, the compensation range represents On Target Earnings (OTE), which includes base salary plus varia

Read the full posting on skipthedrive

FAQ

Is the Security Engineer III, Product AppSec role at Ironwood Digital remote?+

This Security Engineer III, Product AppSec position is listed as remote (Remote).

What is the salary for the Security Engineer III, Product AppSec role at Ironwood Digital?+

The listing states Estimated 131k-280k USD.

What seniority level is this Security Engineer III, Product AppSec role?+

This is a senior level position.

How do I apply for the Security Engineer III, Product AppSec role at Ironwood Digital?+

Use the "Apply on skipthedrive" button to open the original posting on skipthedrive, where you can submit your application directly to Ironwood Digital.