Staff Application Security Engineer

Technology United States


About LegalZoom

We're here to make legal help accessible to all. LegalZoom transformed the legal industry with the launch of our online services and groundbreaking technology in 2001. Since then, millions of customers have counted on us to officially start and run businesses, protect brands and intellectual property, and look after loved ones through wills and trusts.

As the industry leader for over 20 years, innovation remains at the center of all we do. We're creative thinkers and problem solvers with a passion for building legal and tax products that make a positive impact on the world, and we're always looking for exceptional people to push us further.

With us, you'll do work that's as rewarding as it is challenging with a team where every voice matters and diversity, equality, and inclusion are truly embraced. Together, we'll continue to democratize the law and make a real difference in the lives of millions.


Since March 2020, our Zoomers have worked remotely and reported an overall better work-life balance with more time for family and personal wellness.

At the end of 2021, LegalZoom made the official commitment to being a remote-first company. Remote-first means that there is no expectation that Zoomers come into an office for a fixed number of days outside of those employees identified as essential onsite workers. While we remain a remote-first culture, our local offices have evolved as collaboration spaces for Zoomers to meet and engage in person.

This position will be (remote).


LegalZoom is looking for a Staff Application Security Engineer to help build and optimize Application Security tools and implement secure development practices. The individual in this role will be part of the Information Security team and work closely with the various Platform and Development teams to model new risk management features and develop security tooling. The candidate should have strong experience with building software in a production cloud environment.


We're looking specifically for engineers who are interested in usable security and will rely on automation where possible. LegalZoom is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.


You will

  • Champion the development and integration of security automation and DevSecOps.
  • Provide matter expertise and advocacy to our engineers and developers, for secure coding practices, and all aspects of application security.
  • Update and improve existing SDLC policies and procedures.
  • Work closely with our development teams to define, implement application security tooling and platform requirements and help us scale the traditional application security model of finding vulnerabilities manually to a fully automated and autonomous system.
  • Recommend and develop security measures to protect information against unauthorized modification or loss and coordinate with development teams or third parties to fix system/application vulnerabilities or deficiencies.
  • Design and integrate SDLC automation services to scale the identification, prioritization and remediation of security findings and bugs across all company apps and microservices.
  • Embed with product teams throughout the company to provide security guidance to application and service owners to remediate and systemically avoid known application security vulnerabilities.
  • Lead application security threat modeling exercises.


You have

  • Deep understanding of secure development technologies, processes, and methodologies and cloud/container deployment strategies and zero-trust architectures.
  • Comprehensive knowledge, experience, and understanding of testing for the OWASP Top 10, and CWE 25, including PoCs, automating attacks, and secure code remediation.
  • Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.
  • Ability to evaluate, deploy, and manage application security tools (e.g DAST, SAST, IAST, RASP, WAF).
  • Familiarity with deployment of application architectures within AWS.
  • Have a formal knowledge of typical application security attack vectors, exploits and mitigations, and be able to translate and classify pen-test and assessment findings into actionable application security bugs for engineering.
  • Strong Fundamentals of Systems and Software Architecture
  • Experience with API security, secure design, threat modeling, pentesting. 
  • 6+ years of experience in dedicated application security and development roles.
  • Previous application security testing experience, including presenting and documenting vulnerabilities, findings, or incidents.
  • Understand and can negotiate tradeoffs between security requirements and usability.
  • Familiarity with Python.


LegalZoom is a remote-first company and the national range for this role is ($160k – 200k). Actual compensation offered will depend on several factors including but not limited to: geographic location, work experience, education, skill level, and/or other business and organizational needs. In addition, an annual bonus, incentive bonus and/or restricted stock units may be provided as part of the compensation package. You will also receive a full range of medical, financial, and other benefits as seen below.

        Medical, Dental, Vision Insurance

        401k, With Matching Contributions

        Paid Time Off

        Health Savings Account (HSA)

        Flexible Spending Account (FSA)

        Short-Term/Long-Term Disability Insurance

        Plus other wellness benefits to include:


        Mental Health

        One Medical

        Wellness reimbursement of up to $250


For onsite roles or roles that require periodic onsite visits, LegalZoom requires all employees to be fully vaccinated for COVID-19 before starting work, unless precluded from doing so by applicable law. The CDC currently defines “fully vaccinated” as two weeks after the second dose for Pfizer and Moderna, and two weeks after the single dose of Johnson & Johnson. LegalZoom will require proof of vaccination before a successful applicant’s first day of work, and will consider requests for exemption from this requirement during the offer phase (1) as a reasonable accommodation for medical reasons or sincerely held religious beliefs where the accommodation would not LegalZoom undue hardship or pose a direct threat to the health and safety of others, or (2) for other reasons under applicable law.


Join us in making a difference as we build our future and help ensure access to professional legal advice to all! LegalZoom is an equal opportunity employer, dedicated to diversity, equality, and inclusion, and provides equal employment opportunities to all employees and applicants for employment.  LegalZoom prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.