Senior Application Security Engineer

Join to apply for the Senior Application Security Engineer role at Clio Clio is a global leader that is transforming the legal experience by bettering the lives of legal professionals and increasing access to justice. Summary We are seeking a Senior Application Security Engineer to join our rapidly growing Security team. The Application Security team emulates real‑world adversaries to proactively discover, exploit, and help remediate critical security vulnerabilities across our applications. We partner with development teams to eliminate flaws before they can be abused. Day in the Life Write, review, debug, and implement tools to help developers avoid security flaws; Build partnerships with development teams and advise on security best practices; Contribute to collective developer education by driving security awareness and knowledge among the product organization; Provide detailed guidance and support to teams in vulnerability remediation and develop frameworks, guidelines, and systematic fixes for recurring vulnerabilities; Resolve issues, navigate ambiguity, and maintain positive working relationships with researchers in our Bug Bounty program; Identify and implement tools for automated application scanning, static analysis, and related tools; Perform penetration testing and offensive campaigns against internal assets; Perform reactive incident response and forensics when a security event occurs; Perform proactive research to detect new attack vectors; Elevate and educate our security culture within Clio, contributing to our cultural values. Qualifications Experience in Application Security with a strong focus on offensive security and penetration testing; Hands‑on expertise identifying and exploiting complex vulnerabilities (e.g., SSRF, deserialization, logic bypasses); Proven ability to lead and conduct formal threat modeling sessions; Strong proficiency in at least one major programming language (e.g., Python, .NET, JavaScript); Experience securing applications in modern cloud environments (AWS, Azure, or GCP); Expertise with common application security tools and platforms (e.g., Burp Suite, SAST, SCA); Experience with log aggregation and SIEM technologies; Ability to identify malicious behavior and emerging threats via log analysis. Bonus Points Security certifications such as OSCP or OSWE; Active participation in the security community (presenting at conferences, contributing to open‑source tools); Experience with Ruby on Rails, Puppet, Kubernetes, Terraform, ELK (Elastic, Logstash, Kibana); Strong AWS security experience on EC2 and managed services; Infrastructure security (WAF, ACLs, authentication, device hardening). Compensation and Benefits Competitive, equitable salary with top‑tier health, dental, and vision insurance; Hybrid work environment; local Clio team members (Vancouver, Calgary, Toronto, and Dublin) expected to be in office minimum 2 days per week on Anchor Days; Flexible time off policy with an encouraged 20 days off per year; $2,000 annual counseling benefit; RRSP matching and RESP contribution; Clioversary recognition program with special acknowledgement at 3, 5, 7, and 10 years. The full salary range for this role is $146,200 to $172,000 to $197,800 CAD. Salary bands may differ by location and currency. Benefit offerings may differ depending on the employee’s location. Diversity, Inclusion, Belonging and Equity (DIBE) & Accessibility We are dedicated to diversity, equity and inclusion. We build an environment where team members feel included, valued, and enabled to do their best work, wherever they choose to work from. We encourage candidates from all backgrounds to apply. Clio provides accessibility accommodations during the recruitment process. If you require accommodations, please let us know and we will work with you to meet your needs. Equal Employment Opportunity Clio is an equal employment opportunity employer. We are committed to building an inclusive workforce. Qualified applicants from all backgrounds are encouraged to apply. #J-18808-Ljbffr