Senior Application Security Engineer
Clio
Clio is more than just a tech company–we are a global leader that is transforming the legal experience for all by bettering the lives of legal professionals while increasing access to justice.
Summary:
What your team does:
We are currently seeking a Senior Application Security Engineer to join our rapidly growing Security team. The Application Security team is responsible for emulating real-world adversaries to proactively discover, exploit, and help remediate critical security vulnerabilities across our applications. We provide an essential adversarial perspective, challenging our defences and partnering with development teams to eliminate flaws before they can be abused.
This role is for someone who is passionate about building innovative solutions and being exposed to new challenges and technologies while making an impact. This role can be performed from one of our Canadian offices, remotely across Canada, or a combination of both. Some exceptions may apply.
A day in the life might look like:
Write, review, debug, and implement tools to help developers avoid security flaws;
Build partnerships with development teams and advise on security best practices;
Contribute to collective developer education by driving security awareness and knowledge amongst the product organization;
Provide detailed guidance and support to teams in vulnerability remediation, and develop frameworks, guidelines, and systematic fixes for recurring vulnerabilities;
Resolve issues, navigate ambiguity, and maintain positive working relationships with researchers in our Bug Bounty program;
Identify and implement tools for automated application scanning, static analysis and related tools;
Perform penetration testing, and offensive campaigns against internal assets;
Perform reactive incident response and forensics when a security event occurs;
Perform proactive research to detect new attack vectors;
Elevate and educate our security culture within Clio, contributing to our cultural values;
What you may have:
Experience in Application Security, with a strong focus on offensive security and penetration testing
hands-on expertise identifying and exploiting complex vulnerabilities (e.g., SSRF, Deserialization, logic bypasses)
Proven ability to lead and conduct formal threat modeling sessions
Strong proficiency in at least one major programming language (e.g., Python, .NET, JavaScript)
Experience securing applications in modern cloud environments (AWS, Azure, or GCP)
Expertise with common application security tools and platforms (e.g., Burp Suite, SAST, SCA)
Experience with log aggregation and SIEM technologies
Ability to identify malicious behaviour and emerging threats via log analysis
Serious bonus points if you have:
Security certifications such as OSCP or OSWE
Active participation in the security community (e.g., presenting at conferences, contributing to open-source tools).
Experience with Ruby on Rails, Puppet, Kubernetes, Terraform, ELK (Elastic, Logtash and Kibana)
Strong AWS security experience on EC2 and managed services
Infrastructure security (WAF, ACLs, authentication, device hardening)
What you will find here:
Compensation is one of the main components of Clio’s Total Rewards Program. We have developed a series of programs and processes to ensure we are creating fair and competitive pay practices that form the foundation of our human and high-performing culture.
Some highlights of our Total Rewards program include:
Competitive, equitable salary with top-tier health benefits, dental, and vision insurance
Hybrid work environment, with expectation for local Clions (Vancouver, Calgary, Toronto, and Dublin) to be in office minimum 2 days per week on our Anchor Days.
Flexible time off policy, with an encouraged 20 days off per year.
$2000 annual counseling benefit
RRSP matching and RESP contribution
Clioversary recognition program with special acknowledgement at 3, 5, 7, and 10 years
*We aim to hire all candidates between the minimum and the midpoint of the full salary range. We reserve the midpoint to the maximum of the salary band for internal employees who demonstrate sustained high performance and impact at Clio. The final offer amount for this role will be dependent on individual experience and skillset of the candidate. Please note there are a separate set of salary bands for other regions based on local currency.
Diversity, Inclusion, Belonging and Equity (DIBE) & Accessibility
Our team shows up as their authentic selves, and are united by our mission. We are dedicated to diversity, equity and inclusion. We pride ourselves in building and fostering an environment where our teams feel included, valued, and enabled to do the best work of their careers, wherever they choose to log in from. We believe that different perspectives, skills, backgrounds, and experiences result in higher-performing teams and better innovation. We are committed to equal employment and we encourage candidates from all backgrounds to apply.
Clio provides accessibility accommodations during the recruitment process. Should you require any accommodation, please let us know and we will work with you to meet your needs.
Learn more about our culture at clio.com/careers
Disclaimer: We only communicate with candidates through official @clio.com email addresses.
Apply