Staff Software Security Engineer

Posted on 3/30/2023

Locations

Austin, TX, USA • Remote in USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

AWS

Docker

Google Cloud Platform

JavaScript

Jenkins

Git

Management

React.js

REST APIs

Rust

Kubernetes

Python

PowerPoint/Keynote/Slides

Word/Pages/Docs

CircleCI

Requirements

Bachelor's degree in Computer Science, Engineering or related field or equivalent experience
You must have hands-on coding experience building, deploying and operating solutions. This is a hands-on role building security solutions
Demonstrated technical leadership with ability to communicate to Junior/Senior engineers and fluidly as with the rest of the business. Ability to build solutions is an important ability to communicate and influence
Demonstrated experience in Product and Application Security domains
Minimum of 7 years technical professional experience in a security or software engineering discipline as a development engineer
3+ years of experience in threat modeling and security architecture
3+ years working in a cloud environment (AWS, GCP)
2+ years working with container orchestration services (k8's, Docker, service mesh). You must be comfortable building and deploying full-stack containerized web services
Ability to work with engineering focused teams to promote safe development practices (e.g. Security Champion)
Experience with CI/CD tools such as CircleCI, Jenkins, Github Actions
Demonstrated experience in at least one programming language such as Python, Go, JavaScript, or Rust
OWASP Top 10 and common application exploits, and techniques should be second nature
Experience with vulnerability management and DevSecOps (SAST, DAST, IAST)
Experience with identity and entitlements management
Experience in k8s environments: intrusion detection, mTLS, OPA, istio service mesh, envoy proxy
SIEM/SOAR: building detections, response, and automating workflows
Engaging with bug bounty programs
Exposure to security and compliance, and privacy frameworks such as GDPR, CCPA, ISO27001, NIST CSF
Demonstrated experience working with web concepts and frameworks. (React, JSX, SPAs, DOM)
Flexible paid time off for full-time employees
Medical, dental, and vision insurance
401(k) with company matching contribution
Flexible remote work support where applicable
Professional development budget
Wellness allowance
Vacation stipend
Learning opportunities through Udemy
Financial planning support
Parental leave

Responsibilities

Collaborate - We are a small team of software security engineers supporting the Workrise Enterprise. You will collaborate and contribute to technical solutions across product, engineering, and SRE, operations and IT. You will help accelerate the vision that security is a partner and enabler helping to bring secure solutions to market faster. You find a path towards scaling security acumen through a Security Champions program
Build - You will be building security solutions to strengthen both our SDLC and application environments. This is a hands-on builder role that will support engineering teams in a micro services environment. You will be both advising and building solutions from API security, secrets management and cryptography, identity management, and service-to-service communication protocols in a service mesh environment
Secure - You will lend a hand in running red teams, providing direction and scope for bug bounty programs, and assisting in threat modeling exercises. You will help accelerate teams not only to build secure solutions up front, but also help improve existing legacy systems product security maturity. You will work with our detection team to build robust detection and response to identify application vulnerabilities and intrusions
Regular, on-time attendance
Ability to travel 10% of the time
Ability to communicate effectively
Ability to use office equipment such as a computer, copier and telephone
Ability to use office computer programs such as e-mail, Google Docs, Microsoft Word, PowerPoint and Excel
Constantly remaining in a stationary position, often standing or sitting for prolonged periods
On call rotation participation

Desired Qualifications

Demonstrated experience within the security community on open source projects, bug bounty submissions, or similar contributions. points for open-source collaboration and community presentations
Opportunity to earn , commission, and/or equity

Workrise is the network that powers the energy industry. By making it easier, faster, and safer to do business in energy, we are accelerating the pace of growth and innovation, and empowering the industry to do more - both for society and for the planet - than ever before.

We are hiring a StaffSoftware Security Engineer with depth in experience in Product and Application Security.You will work with a team of highly skilled software security engineers to help build security tools and embed security practices and solutions into our product and engineering teams. While this is a strong technical leadership and influential role, you will also have current hands-on experience building, deploying and operating custom product security solutions. This role will be exempt and will report to the Director of Security Engineering.

What you’ll be doing:

Collaborate - We are a small team of software security engineers supporting the Workrise Enterprise. You will collaborate and contribute to technical solutions across product, engineering, and SRE, operations and IT. You will help accelerate the vision that security is a partner and enabler helping to bring secure solutions to market faster. You find a path towards scaling security acumen through a Security Champions program. .
Build - You will be building security solutions to strengthen both our SDLC and application environments. This is a hands-on builder role that will support engineering teams in a micro services environment. You will be both advising and building solutions from API security, secrets management and cryptography, identity management, and service-to-service communication protocols in a service mesh environment.
Secure - You will lend a hand in running red teams, providing direction and scope for bug bounty programs, and assisting in threat modeling exercises. You will help accelerate teams not only to build secure solutions up front, but also help improve existing legacy systems product security maturity. You will work with our detection team to build robust detection and response to identify application vulnerabilities and intrusions.

Experience and Education Requirements:

Bachelor’s degree in Computer Science, Engineering or related field or equivalent experience
You must have hands-on coding experience building, deploying and operating solutions. This is a hands-on role building security solutions
Demonstrated technical leadership with ability to communicate to Junior/Senior engineers and fluidly as with the rest of the business. Ability to build solutions is an important ability to communicate and influence
Demonstrated experience in Product and Application Security domains
Minimum of 7 years technical professional experience in a security or software engineering discipline as a development engineer
3+ years of experience in threat modeling and security architecture
3+ years working in a cloud environment (AWS, GCP)
2+ years working with container orchestration services (k8’s, Docker, service mesh). You must be comfortable building and deploying full-stack containerized web services
Demonstrated experience within the security community on open source projects, bug bounty submissions, or similar contributions. Bonus points for open-source collaboration and community presentations
Ability to work with engineering focused teams to promote safe development practices (e.g. Security Champion)
Experience with CI/CD tools such as CircleCI, Jenkins, Github Actions
Demonstrated experience in at least one programming language such as Python, Go, JavaScript, or Rust
OWASP Top 10 and common application exploits, and techniques should be second nature

Additional experience preferred, but not required:

Experience with vulnerability management and DevSecOps (SAST, DAST, IAST)
Experience with identity and entitlements management
Experience in k8s environments: intrusion detection, mTLS, OPA, istio service mesh, envoy proxy
SIEM/SOAR: building detections, response, and automating workflows
Engaging with bug bounty programs
Exposure to security and compliance, and privacy frameworks such as GDPR, CCPA, ISO27001, NIST CSF
Demonstrated experience working with web concepts and frameworks. (React, JSX, SPAs, DOM)

Essential Job Functions:

Regular, on-time attendance
Ability to travel 10% of the time
Ability to communicate effectively
Ability to use office equipment such as a computer, copier and telephone
Ability to use office computer programs such as e-mail, Google Docs, Microsoft Word, PowerPoint and Excel
Constantly remaining in a stationary position, often standing or sitting for prolonged periods
On call rotation participation

More than a job:

Workrise is uniquely positioned to make an impact on the energy transition, which is arguably the biggest challenge of our generation. Our clients are leading the charge. Through innovation and advancement in technology, we are creating solutions to help the industry do more today and meet the demands of this global challenge tomorrow. This is what we think about every day when we come to work.

We recognize that making an impact matters to you and we believe in providing an environment that fosters your growth. We use data to drive our decisions and improve the experience of the workers and clients we serve. With mutual respect for each other, we continually collaborate to find the best solution.

We support you with:

Talented peers who can help bring out your best & the opportunity to significantly impact the lives of skilled laborers.

For eligible roles:

Flexible paid time off for full-time employees
Medical, dental, and vision insurance
401(k) with company matching contribution
Flexible remote work support where applicable
Professional development budget
Wellness allowance
Vacation stipend
Learning opportunities through Udemy
Financial planning support
Parental leave
Opportunity to earn bonus, commission, and/or equity

Workrise is committed to providing an environment where all people feel belonging, mutual respect, and the freedom to be their authentic selves. We welcome applicants of all gender identity and expression, sexual orientation, neurodiversity, educational background, religion, ethnicity, disability, age, veteran status, and citizenship. We’d love to learn what you can add to our team.

Who we are:

What began as a workforce management platform for Oil & Gas has since grown to serve the biggest companies in energy across both workforce and vendor management, absorbing much of the supply chain complexity these energy companies face and making it easier, faster, and safer to get work done. To date, Workrise has raised over $750M in funding from Founders Fund, Andreessen Horowitz, Bedrock Capital, Brookfield, and Baillie Gifford, along with others, and will continue to use these investments for strategic growth.

We’d love to share more through the interview process and look forward to learning more about your journey.

501-1,000 employees

Website

Energy industry services & labor marketplace

Company Overview

Workrise’s mission is to deliver services and technology that fundamentally change how skilled workers and the businesses they serve get hard work done. The company has created a network to help power the energy industry with vendors to the skilled men and women who execute in the field, Workrise ensures the biggest players in energy have the resources to get their jobs done.

Benefits

Health, dental, & vision insurance
Flexible PTO
401k
Disability & life insurance
Paid parental leave

Company Core Values

Own the mission
Raise the bar
Learn and grow
Find solutions without egos