Principal Application Security Engineer

Posted on 8/25/2023

INACTIVE

201-500 employees

Shift-based workforce management software for scheduling, time tracking,

Company Overview

When I Work stands out as a market leader in shift-based workforce management software, offering a robust, user-friendly platform that promotes fair scheduling and enhances workplace communication. The company's integrated solutions for employee scheduling, time tracking, and messaging, used by over 200,000 workplaces, streamline operations and foster productive teams. With its focus on an employee-first experience, When I Work not only simplifies scheduling tasks but also empowers employees, making every hour worked more meaningful and valuable.

Company Stage

Later Stage VC

Total Funding

$224M

Founded

2010

Headquarters

Minneapolis, Minnesota

Growth & Insights

Headcount

6 month growth

↑ 3%

1 year growth

↓ -7%

2 year growth

↓ -5%

Locations

Remote in USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

AWS

Development Operations (DevOps)

Communications

CategoriesNew

IT & Security

Requirements

When I Work is a remote first company. We are open to hiring candidates in the continental US and Ontario, Canada. If an onsite location is important to you in your search, you are welcome to work from our Minneapolis HQ office
5+ years experience in cloud security engineering
10+ years experience in cloud-based software development organizations. May include experience as a software engineer, DevOps engineer, infrastructure engineer, SDET, etc
Strong understanding of cloud computing technologies (IaaS, PaaS, SaaS) and Application, Data, Network, and Cloud Architecture
Knowledge of security frameworks such as SOC 2, ISO 27001, NIST
Experience with vulnerability assessment, penetration testing, and security audit methodologies
Software development experience with an ability to review code and make recommendations for secure coding improvements
Familiarity with cloud security platforms such as the AWS Well-Architected Framework: Security pillar
Self implement and demonstrate technology implementations within testing environments to validate functionality and compatibility
Experience selecting and engaging with third-party vendors for automated compliance tooling, penetration testing, and vulnerability scanning
Good understanding of mobile technologies with a focus on security, reliability, and scalability
Good understanding of strong authentication mechanisms
Experience with Data Security Standards, PII, OWASP
Hands-on experience with cloud-based enterprise solutions such as AWS Secrets Manager or HashiCorp Vault
Experience building documentation and training materials to reinforce application security best practices
Great written and verbal communications skills
Empathic and collaborative teammate with great interpersonal skills
Ability to be productive in a remote environment
Experience with SDLC and Infrastructure as Code (IaC)
Experience building and scaling serverless technologies
AWS Certified Security - Speciality (AWS) Certification or equivalent
CCSP/CISSP/CCA or equivalent experience
Resume (including months/years of employment for each position)
An overview of your existing experience
A convincing reason why you'd like to work at When I Work

Responsibilities

Own all aspects of our security posture, including defense in depth, traceability, secrets handling, least privilege role-based access, automating security controls, code review, and incident response
Design, build. and maintain security tools/processes to effectively secure our cloud-based environments
Participate in architecture and design reviews with Engineering leads to incorporate effective security standards into product design
Audit new and existing authentication models and implementations for correctness, create planning documents or apply updates to improve security
As a member of a cross-functional Architecture team, proactively identify opportunities to improve security by researching new technologies and strategies and work with engineering teams to implement them
Build a roadmap for continuous improvement in data handling practice, secure-by-design engineering principles, and operational security for both customer-facing and Data platforms
Maintain compliance with Data Governance, Risk, and Compliance (GRC) requirements, data privacy laws and regulations, and information security frameworks adopted by When I Work
Respond to security incidents and identified vulnerabilities by working alongside internal teams and third-party vendors to identify mitigations, and coordinating scope and priority with leadership
Train engineering staff in secure system design and development principles, and participate in design and code reviews to ensure that best practices are followed
Be the point of contact for application security related compliance questions from customers. Build out documentation and processes for making customer compliance inquiries scalable and efficient

*When I Work is a remote first company. We are open to hiring candidates in the continental US and Ontario, Canada. If an onsite location is important to you in your search, you are welcome to work from our Minneapolis HQ office.

Who We Are

We help hourly teams get shift done.

At When I Work, everything we do starts with a mission to make shift work awesome. We deliver on that mission by making every piece of hourly workforce management - scheduling, time tracking, shift trading, team messaging, and more - easy and straightforward for managers and employees alike.

What You’ll Do

As a Principal Application Security Engineer, you will be responsible for securing our cloud-based data and web/mobile applications and maintaining compliance with information security standards. You’ll be hands-on, shaping our security policies and implementing security controls alongside our engineering teams in an Infrastructure-as-Code environment. In this role you will:

Own all aspects of our security posture, including defense in depth, traceability, secrets handling, least privilege role-based access, automating security controls, code review, and incident response
Design, build. and maintain security tools/processes to effectively secure our cloud-based environments
Participate in architecture and design reviews with Engineering leads to incorporate effective security standards into product design
Audit new and existing authentication models and implementations for correctness, create planning documents or apply updates to improve security
As a member of a cross-functional Architecture team, proactively identify opportunities to improve security by researching new technologies and strategies and work with engineering teams to implement them
Build a roadmap for continuous improvement in data handling practice, secure-by-design engineering principles, and operational security for both customer-facing and Data platforms
Maintain compliance with Data Governance, Risk, and Compliance (GRC) requirements, data privacy laws and regulations, and information security frameworks adopted by When I Work
Respond to security incidents and identified vulnerabilities by working alongside internal teams and third-party vendors to identify mitigations, and coordinating scope and priority with leadership
Train engineering staff in secure system design and development principles, and participate in design and code reviews to ensure that best practices are followed
Be the point of contact for application security related compliance questions from customers. Build out documentation and processes for making customer compliance inquiries scalable and efficient.

Who You Are

You have a passion for security and broad experience in cloud-based software organizations. You are a high performer and self-driven, eager for the opportunity to own and lead security best practices. You love solving complex problems at scale, with elegance and simplicity. You’re a strong communicator, ready to collaborate with and advise teams across the organization.

Experience and Skills Needed

5+ years experience in cloud security engineering
10+ years experience in cloud-based software development organizations. May include experience as a software engineer, DevOps engineer, infrastructure engineer, SDET, etc.
Strong understanding of cloud computing technologies (IaaS, PaaS, SaaS) and Application, Data, Network, and Cloud Architecture
Knowledge of security frameworks such as SOC 2, ISO 27001, NIST
Experience with vulnerability assessment, penetration testing, and security audit methodologies
Software development experience with an ability to review code and make recommendations for secure coding improvements
Familiarity with cloud security platforms such as the AWS Well-Architected Framework: Security pillar
Self implement and demonstrate technology implementations within testing environments to validate functionality and compatibility
Experience selecting and engaging with third-party vendors for automated compliance tooling, penetration testing, and vulnerability scanning.
Good understanding of mobile technologies with a focus on security, reliability, and scalability
Good understanding of strong authentication mechanisms
Experience with Data Security Standards, PII, OWASP
Hands-on experience with cloud-based enterprise solutions such as AWS Secrets Manager or HashiCorp Vault.
Experience building documentation and training materials to reinforce application security best practices
Great written and verbal communications skills
Empathic and collaborative teammate with great interpersonal skills
Ability to be productive in a remote environment

What Would Be Awesome To Have

Experience with SDLC and Infrastructure as Code (IaC)
Experience building and scaling serverless technologies
AWS Certified Security - Speciality (AWS) Certification or equivalent
CCSP/CISSP/CCA or equivalent experience

What’s In It For You

Professional development allowance
Paid parental leave
Medical benefits - employee premiums paid 100% by When I Work
Dental benefits- employee premiums paid 100% by When I Work
Paid vacation and holidays
Flexible work environment
401K Match
Remote first culture including home office set-up stipend and ongoing telecommuter stipend
Casual dress code
Dynamic and dedicated team

We believe actions speak louder than words. Every encounter with our people and products should be memorable and helpful. Challenges are exciting, failure is how we learn, and we all have an entrepreneurial spirit. Building an inclusive and equitable workplace isn’t lip service. We invest our time and our money in organizations that are not only working to diversify the current jobscape, but also investing in the future of talent. We’re motivated by a strong, innovative, and passionate work culture and we’re constantly searching for ways to improve and get shift done.

Whether you’re a perfect match or not, if it sounds like a good fit, we encourage you to apply.

The tech industry is notorious for its lack of diverse representation, and we’re aware of the research showing that historically underrepresented groups are less likely to apply to a job if they don’t believe that they meet all of the criteria. Are you hesitant to submit an application because you’re not sure if you check every box? Apply anyway! We would love to hear from you and figure out what you can add to the culture here at When I Work.

We’d love to talk to you! Please submit the following to apply:

Resume (including months/years of employment for each position).
Cover letter including:

an overview of your existing experience
a convincing reason why you’d like to work at When I Work.

*Must already be authorized to work in the United States or Canada on a full-time basis for any employer.