LeadApplicationSecurityEngineer

WHY JOIN IVO? Every civilization runs on the same infrastructure: agreements between people who don't fully trust each other. Sumerians pressed them into clay. Romans carved them into stone. We bury them in 80-page PDFs.   The way those agreements are reviewed hasn't changed in four thousand years - a human reads the whole thing and tries not to miss anything. We're building the AI that finally changes that. Ivo is the contract intelligence platform of choice for companies like Uber, Meta, Canva, IBM, and Shopify. We recently raised our Series B and have grown 800% over the last 12 months. THE ROLE We're hiring our first dedicated Lead Application Security Engineer to own the security of the Ivo platform end to end. You'll partner directly with our Head of IT & Security and embed deeply with engineering to harden the product our customers trust with their most sensitive contracts. This is a hands-on senior IC role with broad scope: hunting bugs in our web app and APIs, reviewing security-sensitive code, running our pen test and responsible disclosure programs, threat modeling new features, and shaping how we build secure software at Ivo from the ground up. Our platform handles legally privileged documents for some of the largest companies in the world. The security stakes are real, and so is the impact. RESPONSIBILITIES - Own application security across Ivo's web app, API surface, and the systems behind them. - Find and fix bugs. Hunt for vulnerabilities in our own product through hands-on testing, code review, and offensive-minded experimentation, and partner with engineers to ship the fix. - Lead manual code review for security-sensitive changes: authentication, authorization, multi-tenancy, integrations, and customer data handling. - Run threat modeling with engineering as new features and products are designed, across the full product surface including LLM and agent components. - Manage our pen test program and ad-hoc engagements end to end. Scope work, manage v