Principal Application Security Engineer
Posted on 8/25/2023
When I Work

201-500 employees

Shift-based workforce management software for scheduling, time tracking,
Company Overview
When I Work stands out as a market leader in shift-based workforce management software, offering a robust, user-friendly platform that promotes fair scheduling and enhances workplace communication. The company's integrated solutions for employee scheduling, time tracking, and messaging, used by over 200,000 workplaces, streamline operations and foster productive teams. With its focus on an employee-first experience, When I Work not only simplifies scheduling tasks but also empowers employees, making every hour worked more meaningful and valuable.

Company Stage

Later Stage VC

Total Funding





Minneapolis, Minnesota

Growth & Insights

6 month growth


1 year growth


2 year growth

Remote in USA
Experience Level
Desired Skills
Development Operations (DevOps)
IT & Security
  • When I Work is a remote first company. We are open to hiring candidates in the continental US and Ontario, Canada. If an onsite location is important to you in your search, you are welcome to work from our Minneapolis HQ office
  • 5+ years experience in cloud security engineering
  • 10+ years experience in cloud-based software development organizations. May include experience as a software engineer, DevOps engineer, infrastructure engineer, SDET, etc
  • Strong understanding of cloud computing technologies (IaaS, PaaS, SaaS) and Application, Data, Network, and Cloud Architecture
  • Knowledge of security frameworks such as SOC 2, ISO 27001, NIST
  • Experience with vulnerability assessment, penetration testing, and security audit methodologies
  • Software development experience with an ability to review code and make recommendations for secure coding improvements
  • Familiarity with cloud security platforms such as the AWS Well-Architected Framework: Security pillar
  • Self implement and demonstrate technology implementations within testing environments to validate functionality and compatibility
  • Experience selecting and engaging with third-party vendors for automated compliance tooling, penetration testing, and vulnerability scanning
  • Good understanding of mobile technologies with a focus on security, reliability, and scalability
  • Good understanding of strong authentication mechanisms
  • Experience with Data Security Standards, PII, OWASP
  • Hands-on experience with cloud-based enterprise solutions such as AWS Secrets Manager or HashiCorp Vault
  • Experience building documentation and training materials to reinforce application security best practices
  • Great written and verbal communications skills
  • Empathic and collaborative teammate with great interpersonal skills
  • Ability to be productive in a remote environment
  • Experience with SDLC and Infrastructure as Code (IaC)
  • Experience building and scaling serverless technologies
  • AWS Certified Security - Speciality (AWS) Certification or equivalent
  • CCSP/CISSP/CCA or equivalent experience
  • Resume (including months/years of employment for each position)
  • An overview of your existing experience
  • A convincing reason why you'd like to work at When I Work
  • Own all aspects of our security posture, including defense in depth, traceability, secrets handling, least privilege role-based access, automating security controls, code review, and incident response
  • Design, build. and maintain security tools/processes to effectively secure our cloud-based environments
  • Participate in architecture and design reviews with Engineering leads to incorporate effective security standards into product design
  • Audit new and existing authentication models and implementations for correctness, create planning documents or apply updates to improve security
  • As a member of a cross-functional Architecture team, proactively identify opportunities to improve security by researching new technologies and strategies and work with engineering teams to implement them
  • Build a roadmap for continuous improvement in data handling practice, secure-by-design engineering principles, and operational security for both customer-facing and Data platforms
  • Maintain compliance with Data Governance, Risk, and Compliance (GRC) requirements, data privacy laws and regulations, and information security frameworks adopted by When I Work
  • Respond to security incidents and identified vulnerabilities by working alongside internal teams and third-party vendors to identify mitigations, and coordinating scope and priority with leadership
  • Train engineering staff in secure system design and development principles, and participate in design and code reviews to ensure that best practices are followed
  • Be the point of contact for application security related compliance questions from customers. Build out documentation and processes for making customer compliance inquiries scalable and efficient