Application Security Engineer

Application Security Engineer

Job Overview

As PandaDoc continues to scale, we’re expanding our security team and looking for an Application Security Engineer to help shape and strengthen our security foundations. In this role, you’ll take ownership of key security initiatives across our application, working closely with engineering to embed security into every stage of development. You’ll contribute to building a proactive, automation-driven security culture while addressing both current risks and emerging challenges, including AI security.

Responsibilities

• Monitor and test information systems to identify vulnerabilities
• Execute or manage the remediation of identified vulnerabilities
• Respond to security incidents and perform root cause analysis
• Assess and understand PandaDoc’s current security framework and future architecture, providing recommendations for risk reduction
• Design, implement, maintain, and evangelize automated security solutions
• Work closely with engineering teams to implement new security controls
• Analyze and monitor relevant security threats and prevention measures based on industry trends and standards
• Perform cloud services hardening, including reviewing roles and permissions for services and APIs
• Help address emergent threats in AI security as PandaDoc deploys AI in its product and for internal use

Tech Stack

• Service-oriented architecture
• Two main stacks: Java and Python
• Amazon Web Services: EKS, RDS, ElastiCache, etc.
• A combination of AWS native and 3rd party security tools for infrastructure and application security (WAF, CNAPP, SCA/SAST, DAST, AWS GuardDuty, etc.)

About You

• 2+ years of cloud security experience implementing security controls and best practices in AWS, GCP, or Microsoft Azure
• 2+ years of experience with security management tools, including IPS/IDS, WAF, vulnerability scanning, and penetration testing
• Good understanding of Access Control and Identity Access Management principles (SAML 2.0, OAuth, JWT, etc)
• Experience with implementing DevSecOps practices in SSDLC
• Solid interpersonal, written, and verbal communication skills
• Upper-Intermediate English level (B2+)

Company Overview

PandaDoc empowers more than 60,000 growing organizations to thrive by taking the work out of document workflow. PandaDoc provides an all-in-one document workflow automation platform that helps fast scaling teams accelerate the ability to create, manage, and sign digital documents including proposals, quotes, contracts, and more. For more information, please visit https://www.pandadoc.com