Manager, Application Security
Clio
Clio is the global leader in legal AI technology, empowering legal professionals and law firms of every size to work smarter, faster, and more securely.
We are transforming the legal experience for all by bettering the lives of legal professionals while increasing access to justice.
Summary:
We are currently seeking a Software Development Manager to lead our Purple Team within Application Security at Clio. This role is for someone who is passionate about both breaking and building - finding vulnerabilities and then building the systems that prevent them from recurring. This role is available to candidates across Canada, excluding Quebec.
The Purple Team sits at the intersection of offense and defense. We don't just find vulnerabilities - we build the infrastructure to find them at scale, then build the systems that eliminate entire classes of problems. You'll be in the code at least half the time, running attacks, and building defenses against those same attacks. You'll also work closely with product and engineering teams to embed security before features ship. AI is central to this work: we use it to scale our coverage and we treat it as an attack surface that requires its own security discipline.
We'd love to have you apply, even if you don't feel you meet every single requirement in this posting. At Clio we believe anyone can learn security, not just those who have checked off all the requirements.
A day in the life might look like:
Running an attack scenario against a new feature, then pairing with the team to build the fix, and the test that catches it next time.
Reviewing offensive simulation tooling with your team and refining detection coverage.
Meeting with a product manager to understand what's shipping next quarter and where the security risk surface is.
Triaging a bug bounty submission, writing a detection to find all occurrences, and coordinating remediation with the owning team.
Assessing a new AI feature for LLM-specific attack vectors and working with the design team on mitigations.
Working cross-discipline with other departments to harden Clio
What you'll be doing:
Lead, hire, and grow a team of security engineers.
Perform penetration testing, threat modeling, and proactive vulnerability research - spending at least half your time on hands-on technical work.
Build and maintain offensive tooling, attack simulation platforms, and defensive automation so findings become systems, not just reports.
Provide guidance and support to product teams in vulnerability remediation; build relationships so you're consulted before features ship, not after they break.
Assess and test AI-powered features for LLM-specific attack vectors; use AI-enabled tooling to scale your team's coverage.
Lead security incident response and post-incident forensics.
Participate in M&A due diligence to assess product and organizational security posture.
Triage and administer our Bug Bounty program.
Drive security awareness and knowledge across the engineering organization.
Extend security coverage beyond engineering - working with GTM, Finance, and Customer-facing teams to identify and remediate vulnerabilities in the systems and SaaS tools they depend on.
Serious bonus points:
Experienced security leader with a software development background.
Experience working with full-stack developers on web, API, and cloud environments.
Security certifications like OSCP, OSWE, CRTO, or equivalent experience.
Prior experience with Ruby on Rails, Python, and/or Django applications.
Background with AI/LLM security testing or red teaming AI systems.
What you will find here:
Compensation is one of the main components of Clio’s Total Rewards Program. We have developed a series of programs and processes to ensure we are creating fair and competitive pay practices that form the foundation of our human and high-performing culture.
Some highlights of our Total Rewards program include:
Competitive, equitable salary with top-tier health benefits, dental, and vision insurance
Hybrid work environment, with expectation for local Clions (Vancouver, Calgary, Toronto, Dublin and Sydney) to be in office min. twice per week.
Flexible time off policy, with an encouraged 20 days off per year.
$2000 annual counseling benefit
RRSP matching and RESP contribution
Clioversary recognition program with special acknowledgement at 3, 5, 7, and 10 years
*Our salary bands are designed to reflect the range of skills and experience needed for the position and to allow room for growth at Clio. For experienced individuals, we typically hire at or around the midpoint of the band. The top portion of the salary band is reserved for employees who demonstrate sustained high performance and impact at Clio. Those who are new to the role may join below the midpoint and develop their skills over time. The final offer amount for this role will be dependent on geographical region, applicable experience, and skillset of the candidate.
Diversity, Inclusion, Belonging and Equity (DIBE) & Accessibility
Our team shows up as their authentic selves, and are united by our mission. We are dedicated to diversity, equity and inclusion. We pride ourselves in building and fostering an environment where our teams feel included, valued, and enabled to do the best work of their careers, wherever they choose to log in from. We believe that different perspectives, skills, backgrounds, and experiences result in higher-performing teams and better innovation. We are committed to equal employment and we encourage candidates from all backgrounds to apply.
Clio provides accessibility accommodations during the recruitment process. Should you require any accommodation, please let us know and we will work with you to meet your needs.
Learn more about our culture at clio.com/careers
We're a Human and High Performing AI company, meaning we use artificial intelligence to improve all of our operations. In recruitment, AI helps us streamline the process for greater efficiency. However, we've built our systems to ensure that a human always reviews AI-generated output, and we never make automated hiring decisions.
Disclaimer: We only communicate with candidates through official @clio.com email addresses.