Staff Software Security Engineer

Company: Workrise
Location: Austin
Posted on: January 27, 2023

Job Description:

Workrise delivers tailored workforce and vendor management solutions backed by the most qualified people in the energy industry. We do this reliably at scale, so customers can confidently execute on the projects in front of them, and focus their time and energy on the goals that drive their business forward.
We are hiring a StaffSoftware Security Engineer to help us build out security solutions across our detection & response engineering, identity, security architecture, and application & cloud security. You are as much a builder as you are a leader. You can build on your previous experiences as being a domain expert and help craft a technical strategy that fits the needs of the business. You love mentoring and sharing your knowledge from other engineers and team mates just as much as you enjoy learning from them.
What you'll be doing:

• 
  
• Collaborate: Technical leadership with a small team of 3-4 software security engineers to create well-designed, fit-for purposes, maintainable solutions. You will bring a spirit of collaboration and willingness to work with multiple departments and stakeholders. You should have the mindset that security is a continuous and collaborative process and want to simplify security (paved roads) for your customers
  
• Build: We are a team of builders and seek a balance between build vs buy, cost, and operational efficiency. You may be building out customer security tools, doing response automation, or helping engineering teams to build custom security solutions. You bring an eagerness to find fit-for-purpose solutions, build, deploy and operate
  
• Security Data: Lots of data. Whether it's in detection & response, engineering, DevSecOps, vulnerability management, or incident response, we are a highly evidence-driven culture that leverages data to help us fill in the gaps of our understanding. You will also contribute detection rules to our SIEM as well as set strategy for automating our detection & response pipelinesApplication Security - You will help secure the software development lifecycle. We provide a broad range of services to support our IT & engineering teams from secure design & architecture reviews, vulnerability management, Bug Bounty program management, 3rd party pen testing, dependency management, patching, and SAST scanning. You reach for Burp proxy like it's second nature to inspect for potential vulnerabilities or to reproduce a bug bounty report
  
• Application Security: You will work with leaders in Privacy & Trust, Software Engineering, Product, & Corporate Security to understand the business and build technical strategy and roadmaps that align with the business and operational strategy
  
  Experience and Education Requirements:
  
  • 
    
  • Bachelor's degree in Computer Science, Engineering or related field or equivalent experience
    
  • You must have hands-on coding experience building, deploying and operating solutions. This is a hands-on role building security solutions
    
  • Demonstrated technical leadership with ability to communicate to Junior/Senior engineers and fluidly as with the rest of the business. Ability to build solutions is an important ability to communicate and influence.
    
  • Depth in experience in one or more domains of Application Security, Cloud Security, or Detection & Response Engineering. While you may be working in multiple domains, we're not expecting out-of-the-box unicorns here
    
  • Minimum of 7 years technical professional experience in a security or software engineering discipline as a development engineer
    
  • 3+ years experience building customer applications, tools, and/or data pipelines
    
  • 3+ years of experience in cloud security, architecture, and secure coding practices
    
  • 3+ years working in a cloud environment (AWS, GCP)
    
  • 3+ years working with container orchestration services (k8's, Docker, service mesh)
    
  • Demonstrated experience within the security community on open source projects, bug bounty submissions, or similar contributions.
    
  • Deep knowledge of both loosely and strongly typed languages
    
  • Ability to work with engineering focused teams to promote safe development practices
    
  • Experience with CI/CD tools such as CircleCI, Jenkins, Github webhooks
    
  • Demonstrated experience in at least one programming language such as Python, Go, JavaScript, or Rust
    
  • Experience with the OWASP Top 10 and common application exploits, and techniques
    
  • Experience with vulnerability management and scoring techniques like CVSS, EPSS
    
  • Experience with RBAC and IAM access control techniques
    
  • Exposure to security and compliance, and privacy frameworks such as GDPR, CCPA, ISO27001, NIST CSF
    

Keywords: Workrise, Austin , Staff Software Security Engineer, IT / Software / Systems , Austin, Texas