Senior Application Security Engineer
M&T BankSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Legal TechnologyIndustries
Requirements
- Experience in Application Security, with a strong focus on offensive security and penetration testing
- Hands-on expertise identifying and exploiting complex vulnerabilities (e.g., SSRF, Deserialization, logic bypasses)
- Proven ability to lead and conduct formal threat modeling sessions
- Strong proficiency in at least one major programming language (e.g., Python, .NET, JavaScript)
- Experience securing applications in modern cloud environments (AWS, Azure, or GCP)
- Expertise with common application security tools and platforms (e.g., Burp Suite, SAST, SCA)
- Experience with log aggregation and SIEM technologies
- Ability to identify malicious behaviour and emerging threats via log analysis
Responsibilities
- Write, review, debug, and implement tools to help developers avoid security flaws
- Build partnerships with development teams and advise on security best practices
- Contribute to collective developer education by driving security awareness and knowledge amongst the product organization
- Provide detailed guidance and support to teams in vulnerability remediation, and develop frameworks, guidelines, and systematic fixes for recurring vulnerabilities
- Resolve issues, navigate ambiguity, and maintain positive working relationships with researchers in our Bug Bounty program
- Identify and implement tools for automated application scanning, static analysis and related tools
- Perform penetration testing, and offensive campaigns against internal assets
- Perform reactive incident response and forensics when a security event occurs
- Perform proactive research to detect new attack vectors
- Elevate and educate our security culture within Clio, contributing to our cultural values
Skills
Key technologies and capabilities for this role
Questions & Answers
Common questions about this position
Is this role remote or office-based?
This role can be performed from one of our Canadian offices, remotely across Canada, or a combination of both, with some exceptions possibly applying.
What skills are required for the Senior Application Security Engineer position?
Required skills include experience in Application Security with a focus on offensive security and penetration testing, hands-on expertise identifying and exploiting complex vulnerabilities like SSRF and Deserialization, proven ability to lead threat modeling sessions, strong proficiency in at least one major programming language such as Python, .NET, or JavaScript, and experience securing applications in modern cloud environments like AWS, Azure, or GCP.
What is the salary or compensation for this role?
This information is not specified in the job description.
What does the Application Security team do at Clio?
The team emulates real-world adversaries to proactively discover, exploit, and help remediate critical security vulnerabilities across applications, provides an adversarial perspective, challenges defenses, and partners with development teams to eliminate flaws.
What makes a strong candidate for this Senior Application Security Engineer role?
Strong candidates have hands-on offensive security experience, expertise with complex vulnerabilities and threat modeling, proficiency in programming and cloud environments, plus bonus for certifications like OSCP, community involvement, or experience with Ruby on Rails, Kubernetes, and ELK.
Clio
Legal practice management software provider
About Clio
Clio provides legal practice management software that helps law firms operate more efficiently. Its two main products, Clio Grow and Clio Manage, serve different purposes: Clio Grow enhances the client intake process and engagement, while Clio Manage allows firms to organize tasks, manage cases, handle documents, and process payments in one platform. Clio caters to a diverse clientele, from solo practitioners to large firms, and operates on a subscription model, charging users monthly or annually for access to its software. The goal of Clio is to improve the efficiency of legal practices and reduce administrative burdens, ultimately supporting their growth.
Burnaby, CanadaHeadquarters
2008Year Founded
$1,279.9MTotal Funding
SERIES_FCompany Stage
LegalIndustries
1,001-5,000Employees
Benefits
Company equity
401k
Parental leave options and stipend
Flexible paid time off
Stipend to support WFH
Various wellness benefitsand programs
Risks
Emerging AI-driven legal tech startups could challenge Clio's market share.
Staying private may limit Clio's access to public market capital.
Significant investment in AI and expansion may strain Clio's resources.
Differentiation
Clio offers a comprehensive suite for law firm management, including client intake and payments.
Clio's products, Clio Grow and Clio Manage, streamline operations for legal professionals.
Clio's cloud-based platform supports solo practitioners and large law firms alike.
Upsides
Clio raised $900M in 2024, marking the largest Canadian software funding round.
Clio plans to enhance AI capabilities and expand into international markets.
Clio's subscription model generates $200M in annual recurring revenue.
Related Jobs
RemoteRemoteSenior Software Engineer, Secure Agents
CohereSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSoftware Engineer, Security
Render$193,000 - $265,000/year
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSecurity Engineer, Product Security
Chainlink LabsSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteDeveloper Advocate
ElevenLabsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Architect
EarnestSalary not specified
- Full Time
- Expert & Leadership (9+ years)