Senior Application Security Engineer (Remote, India)

This is a remote position. We are a global team that leverages the latest technology to communicate with our colleagues across the globe. There may be times in which this role would be required to travel to a local office for in person collaborations with your team.
Being an Application Security Engineer at iManage Means…
You will join this team of application security engineers that will guide the global engineering teams on security considerations as well as improve application security at iManage. We operate on a Zero-Trust approach, so you will play an integral role in the continued maintenance of our Zero-Trust architecture for enhanced security. Our focus is ensuring that our developers are shipping secure code and we want your help to do it. You are passionate about technology and willing to work on any security issues including threat modeling, architecture review, dynamic code review, static code reviews, and security training.

Here is what one of our leaders, Application Security Director (Jeff LaFrate), has to say about the role: “You will work on an enterprise application security team supporting continual improvement while leveraging a wide range of industry best practices. You will work both independently and collaboratively with a global team of engineers to deliver quality, hardened, industry leading enterprise solutions. Your contributions will be noticed, impactful and rewarding.”

• Reducing risk in iManage custom applications by enhancing, utilizing and embedding SDLC best practices.
• Engaging with product teams and developers to conduct security reviews, define security requirements, triage vulnerabilities and provide remediation guidance.
• Fostering collaboration with engineers to understand actual risk and remediation expectations.
• Evangelizing security best practices with effective verbal and written communication skills.
• Striving to consistently learn and improve as well as sharing knowledge with colleagues.

• A bachelor’s degree or higher in computer science or related field.
• 5+ years of relevant work experience.
• Proven experience with assessing risk and providing remediation guidance for vulnerabilities detected in one or more of the following perspectives:
  • SAST, SCA, DAST, container, IaC scanning, platform scanning and manual pen testing
• Knowledge of best practices, metrics and mechanisms to improve security testing methodologies within a SDLC.
• Proven experience and understanding of multi-tier web application architecture patterns.
• Experience with software development practices, tooling and technologies.
• Curiosity and a desire to improve customer experience, reduce risk, improve methods and prepare for new threats.
• Ability and desire to communicate with colleagues to strategize and implement continual improvement.
• In-depth understanding of “OWASP Top 10” risks like injection, XSS, CSRF, etc.
• Understanding of data classification and data security control implementations.
• Experience with common cloud security controls and best practices.

• Join a supportive, experienced team with an inclusive, encouraging, and vibrant culture.
• Have flexible work hours that allow me to balance my ‘me time’ with my work commitments.
• Collaborate in a modern open plan workspace, with a gaming area, free snacks, drinks and regular social events.
• Focus on impactful work, solving complex, real challenges utilizing the latest technologies and protocols.
• Own my career path with our internal development framework. Ask us more about this!
• Join an innovative, industry leading SaaS company that is continuing to grow & scale!

• Providing a market competitive salary that is applied through a consistent process, equitable for all our employees, and regularly reviewed based on industry data.
• Creating an inclusive environment where I can help shape the culture not just by fitting in, but by adding to it.
• Rewarding me with an annual performance-based bonus.
• Providing enhanced parental leave (20 weeks for primary and 10 weeks for secondary caregiver at 100% pay)
• Offering comprehensive Health/Accidental /Life Insurance.
• Encouraging me to take time off for myself with 21 paid leaves, 9 casual and sick, multiple all company wellness days, close to 10-12 Indian Holidays, and for other life events.