Facebook pixel

Senior Security Engineer
Appsec, Pentest, Bug Bounty, Threat Model, Risk Assessment
Confirmed live in the last 24 hours
Experience Level
Desired Skills
  • 5+ years of relevant work experience in application security
  • 3+ years experience as a software developer with at least one of Ruby, Golang, or equivalent
  • Strong Threat Modeling experience on enterprise Saas solutions using common frameworks such as STRIDE or PASTA
  • Bachelor's or Master's degree in computer science or equivalent experience
  • Strong software development skills in languages such as Ruby, Go, Java, or Python
  • Strong understanding of Web-related technologies (e.g. HTTP, SOAP, REST, TCP / IP, Message Queuing)
  • Comprehension of encryption technologies (e.g. TLS, HMAC, RSA, AES, PKI)
  • Knowledge of identity and access management solutions (e.g. SAML, OIDC, JWT, and SSO)
  • Knowledge of OAuth 2, client-server authentication, server-server authentication
  • Excellent ability to discover and demonstrate flaws such as SQL injection, XSS, and CSRF
  • Experience with implementing and using SAST, DAST or IAST tools
  • Experience with AWS security solutions, WAF, IDS, vulnerability scanners, etc
  • Experience and knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc
  • Experience advising and leading product teams on how to address a broad set of security and privacy challenges
  • At least 1 information security professional certification (e.g. CLSSP, CISSP, CISA, GSSP, GSEC, etc.)
  • Outstanding interpersonal and communication skills; ability to communicate information successfully internally and externally and to drive multi-functional alignment and action
  • Code samples, papers, presentations, vulnerability disclosure reports (or anything else that demonstrates your competence)
  • Drive security into design and development by performing application security reviews, architecture and design reviews, and threat modeling, including code reviews for new and existing Workato products
  • Assess risks to our customers across a wide range of product and technology areas, including backend infrastructure, key management, third-party integrations, authentication, and privacy
  • Work with Engineering and Product Management to ensure the product's security is prioritized appropriately against business, operational, and usability requirements
  • Partner and collaborate with development teams to support application vulnerability remediation efforts
  • Monitor our exposure to, and assess the impact of new security threats, vulnerabilities and risks
  • Support Workato's bug bounty program
  • Research new security trends and continually improve our internal processes, procedures, and tools, implementing new approaches to address the changing threat landscape within our SDLC and Runtime environments
  • Promote security awareness by developing and delivering security training
  • Coordinate external penetration tests and other offensive testing as needed
  • Facilitate Red Teaming exercises to assess organizations' response capabilities and security measures
  • Obtain deep knowledge of Workato's products and how they operate to facilitate stronger collaboration with internal teams
  • Mentor others as you gain knowledge and experience
  • Participate in SIRT on-call rotations

501-1,000 employees

Cloud integration software company
Company Overview
Workato's mission is to enable companies to tap into the growth mindset and transform their organization with Workato. Wrokato is moved by innovation — a passion to create the best possible way and the drive to continue to make it better.
  • Flexible working arrangements
  • EAP
  • Health insurance
  • Stock options
  • Professional development
  • PTO
  • Company events & recreation time
Company Core Values
  • Prioritize customers
  • Win together
  • Act now
  • Think ahead
  • Better each other
  • Go offbeat
  • Have fun