Logo for PandaDoc

Application Security Engineer

Role overview

Qualifications

  • 3+ years of experience with application security tools such as SAST/SCA, DAST, WAF, CI/CD security, and penetration testing
  • 2+ years of cloud security experience implementing security controls and best practices in AWS, GCP, or Microsoft Azure
  • Strong background in web application security, including common vulnerability classes (OWASP Top 10, CWE Top 25), attack vectors, and mitigations
  • Good understanding of access control and identity management principles (SAML 2.0, OAuth, OIDC, JWT, etc.)

Responsibilities

  • Review, test, and monitor our applications to identify security weaknesses
  • Manage vulnerabilities from discovery through remediation, working directly with engineering teams to resolve them
  • Respond to infrastructure security alerts and perform hardening, including reviewing roles and permissions across services and APIs
  • Participate in incident response and root cause analysis

About the company

PandaDoc logo

PandaDoc

Computer Software / SaaS

PandaDoc empowers more than 35,000 growing organizations to thrive by taking the work out of document workflow. PandaDoc provides an all-in-one document workflow automation platform that helps fast scaling teams accelerate the ability to create, manage, and sign digital documents including proposals, quotes, contracts, and more. On average, our customers achieve a: - 28% increase in close rate - 18% increase in average sales price - 65% decrease in document creation time PandaDoc is highly rated by its customers year after year on review sites like G2, TrustRadius, Capterra, and Gartner. For more information, including pricing and product features, visit us at www.pandadoc.com.

Company details

Company typeLarge
IndustryComputer Software / SaaS
Company size501 - 1000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

As PandaDoc continues to scale, we’re expanding our security team and looking for an Application Security Engineer to help shape and strengthen our security foundations. In this role, you’ll take ownership of key security initiatives across our application, working closely with engineering to embed security into every stage of development. You’ll contribute to building a proactive, automation-driven security culture while addressing both current risks and emerging challenges, including AI security.

In this role, you will:

  • Review, test, and monitor our applications to identify security weaknesses
  • Manage vulnerabilities from discovery through remediation, working directly with engineering teams to resolve them
  • Respond to infrastructure security alerts and perform hardening, including reviewing roles and permissions across services and APIs
  • Participate in incident response and root cause analysis
  • Analyze and monitor relevant security threats and prevention measures based on industry trends and standards
  • Partner with product, development, and infrastructure teams to embed security requirements into how they build
  • Integrate and operate automated security testing across the development lifecycle, including SAST, DAST, SCA, secrets detection, container, and supply chain security
  • Develop security automation and tooling to scale security across engineering
  • Drive threat modeling and secure-by-design practices across our services
  • Assess our overall security posture and identify risks, providing recommendations to strengthen it
  • Assist in addressing emergent threats in AI security as PandaDoc deploys AI in its product and for internal use

Our stack:

  • Service-oriented architecture
  • Main development stacks: Java/Spring, Python/Django, JavaScript/React
  • Docker, Kubernetes
  • Amazon Web Services: EKS, RDS, S3, ElastiCache, etc.
  • Monitoring stack: Grafana, Loki, Tempo, Mimir
  • Source control & CI/CD: GitHub / GitHub Actions
  • A combination of AWS native and 3rd party security solutions for infrastructure and application security (WAF, CNAPP, SCA/SAST, DAST, IDS/IPS, etc.)

About you:

  • 3+ years of experience with application security tools such as SAST/SCA, DAST, WAF, CI/CD security, and penetration testing
  • 2+ years of cloud security experience implementing security controls and best practices in AWS, GCP, or Microsoft Azure
  • Strong background in web application security, including common vulnerability classes (OWASP Top 10, CWE Top 25), attack vectors, and mitigations
  • Good understanding of access control and identity management principles (SAML 2.0, OAuth, OIDC, JWT, etc.)
  • Practical skills building security automation and tooling with Python, Bash, or equivalent languages
  • Experience implementing DevSecOps practices across the SDLC
  • Familiarity with containerized, Kubernetes-based environments and their security
  • Solid interpersonal, written, and verbal communication skills
  • Upper-Intermediate English level (B2+)

Company Overview: 

PandaDoc empowers more than 60,000 growing organizations to thrive by taking the work out of document workflow. PandaDoc provides an all-in-one document workflow automation platform that helps fast scaling teams accelerate the ability to create, manage, and sign digital documents including proposals, quotes, contracts, and more.  For more information, please visit https://www.pandadoc.com.

Company Culture: 

We're known for our work-life balance, kind co-workers, & creative virtual team-bonding events. And although our Pandas are located across the globe, we stay connected with the help of technology and ensure that everyone on our team feels, well, like a team.

Pandas work best when they're happy. We retain our talent by upholding our values of integrity & transparency, and selling a product that changes the lives of our customers. 

Check out our LinkedIn to learn more.

Benefits:

  • A competitive salary. If you are located in Poland, the salary range is 222000 to 334000 PLN annually.
  • An honest, open culture that emphasizes feedback and promotes professional and personal development
  • An opportunity to work from anywhere β€” our team is distributed worldwide, from Lisbon to Manila, from Florida to California
  • 6 self care days
  • And much more!

PandaDoc is an Equal Opportunity Employer. We are committed to equal treatment of all employees without regard to race, national origin, religion, gender, age, sexual orientation, veteran status, physical or mental disability or other basis protected by law.

EXTERNAL RECRUITERS

Approval Requirement

The use of external recruiters/staffing agencies requires prior approval from our HR Team. The HR Team at PandaDoc requests that external recruiters/staffing agencies not to contact PandaDoc employees directly in an attempt to present candidates. Complying with this request will be a factor in determining future professional relationships with PandaDoc.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
Β·

Security Engineer Related jobs

Other jobs at PandaDoc

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.