Filevine is forging the future of legal work with cloud-based workflow tools. We have a reputation for intuitive, streamlined technology that helps professionals manage their organization and serve their clients better. We’re also known for our team of extraordinary and passionate professionals who love working together to help organizations thrive. Our success has catapulted Filevine to the forefront of our field—we are ranked as one of the most innovative and fastest-growing technology companies in the country by both Deloitte and Inc.
Our Mission
Filevine is building the seamless intersection between legal and business by creating a world- class platform to help professionals scale.
Department Statement:
The Information Security team ensures security engineering efforts are effective and aligned with industry standards and best practices.
Job Summary:
Filevine is looking for a Application Security Engineer to join our Information Security team to ensure that our platform, applications, and infrastructure are compliant and secured at the highest levels, thus protecting, and enhancing customer trust. If you are bright, hardworking, ambitious and enjoy taking ownership for security and compliance, we want to talk to you. This is an exciting opportunity to join a world-class team.
Responsibilities
- Review code for security vulnerabilities and assist in remediation.
- Maintain accurate library dependency trees and correlate with CVE information.
- Support penetration testing efforts in the company, including coordinating customer-initiated penetration tests and remediation efforts.
- Provide primary support for private bug bounty or public bug bounty efforts and facilitate remediation with appropriate development teams.
- Investigate claims of application security incidents.
- Provide vulnerability remediation efforts and lead the vulnerability management program for the security team.
- Identify end of support (EoS) and vulnerable libraries and code components which need to be prioritized for remediation and lead efforts of documenting and scoping necessary work.
- Develop company-wide best practices for product and platform security.
- Research security enhancements and make recommendations to management.
- Stay up-to-date on application security trends and development standards.
Qualifications
- 4+ years combined in information technology/security with emphasis on application security.
- A BS/MS degree in a technical field such as information security or computer science can be considered as supplementary experience.
- Experience with scripting and development languages (e.g., JavaScript, Python, C++)
- Automation skills are required.
- Strong history in advising and executing red-teaming exercises and alerting the SOC for appropriate incident response.
- High degree of familiarity with web application security best practices and implementing secure enterprise web applications.
- Significant experience with SIEM and logging technologies.
- Knowledgeable with Threat Hunting practices.
- Experience with SDLC processes and creating code scanning automations and run books / play books.
- Experience with SAST scanning tools for code scanning and remediation processes.
- Experience with DAST scanning tools for application testing
- Experience with hardening web services, load balancers and web application endpoints.
- Experience with Configuring WAF solutions and ensuring rules are aligned with the OWASP Top 10 recommendations.
- Experience with AWS, GCP and Azure cloud infrastructure security.
- Working knowledge of security requirements for SOC 2 Type I & II, HIPAA, GDPR, CCPA and CJIS.
- Strong project management experience.
- A strong curiosity, initiative, persistence, and willingness to experiment to provide solutions to diverse technical challenges.
- Strong team player and work ethic are essential.
Preferred Qualifications
- Significant experience with software engineering, incident response and security operations best practice.
- Significant experience with orchestration and observability tools.
- CCIE certification or equivalent experience.
- CISSP certification or equivalent experience.
- OSCP/GPEN/GXPN certification or equivalent experience.
- GSEC certification or equivalent experience.
- CISM certification or equivalent experience.