Security Engineer

The Company:

WorkStep is the leading software provider of workforce retention and hiring solutions for the supply chain industry. We’re a Series B startup (backed by leading investors) who is disrupting the industry and changing the way companies have traditionally hired and retained their frontline supply chain workers.

Our mission is simple: to make the supply chain a better place to work. How? By helping companies within e-commerce, manufacturing, retail, transportation, and logistics make better-fit hires and improve their frontline workforce satisfaction and retention.

The Role:

The key to WorkStep's ability to earn the trust of our users and customers is a security strategy that adapts as we innovate. Our teams move fast with confidence because they know security isn't a last minute consideration, but a foundation for everything we do and build. WorkStep is hiring a security generalist to join the team in building on these principles.

This role collaborates closely with Engineering, Product Management, IT, and Operations to enable rapid evolution while maintaining rigorous, context-appropriate standards for how we protect data and reduce risk across the organization. You'll research and validate security vulnerabilities and propose solutions for remediation or mitigation. Most importantly, you'll invest in scaling our operations by building mechanisms for automatically enforcing best practices and surfacing new vulnerabilities.

Responsibilities:

• Develop, deploy, and monitor modern information security tooling
• Enforce compliance framework controls
• Serve as a security subject matter expert and partner to multiple engineering teams
• Perform risk analysis and provide prioritized remediation recommendations
• Own and drive threat modeling, security design reviews, security architecture best practices, pentesting and bug bounty programs
• Maintain and lead our Incident Response processes
• Participate in code review for high-impact or security-related changes
• Build automation and monitoring systems to enforce security policies and detect threats

Requirements

• 5+ years of experience working as a Security Engineer, Security Operations, Application Security Engineer, or related field
• Familiarity with modern EDR, SOAR, and SIEM systems in cloud environments
• Familiarity with secure SDLC concepts and AppSec tools such as IAST, RASP, SCA, etc
• Proficiency in building CI/CD pipelines
• Experience with IaC tooling
• Experience securing containerized, serverless environments such as Kubernetes
• Working knowledge of CVSS, MITRE ATT&CK, and OWASP

Preferred experience:

• Experience working with Google Cloud infrastructure
• Security certification such as CISSP, CCSP, CISM, GSEC, etc

Benefits

WorkStep is a fully remote company, meaning our team can work from where it suits them—whether that's East Coast or West Coast, in the mountains, or at the beach. We're a collaborative bunch who are focused on helping our customers succeed and deliver results, FAST. But we also know how to have fun and enjoy each other's company. Our benefits include:

• Remote working environment
• Flexible PTO
• Top-notch technology
• Annual team building on-sites (when safe to resume)
• Workspace, wellness, and professional development stipends
• Internet and phone reimbursement
• Competitive company-sponsored health, vision, and dental benefits package
• Opportunity to join a passionate, motivated, and fun team at an early stage to help shape and execute on our mission

If you’re a collaborator who likes a challenge, who doesn’t mind rolling up their sleeves, and wants to join a fast growing company at an early stage, we want to hear from you!

WorkStep is an EEO employer. We do not discriminate against any applicant for employment, or any employee because of race, color, religion, national origin, age, sex, sexual orientation, gender identity, gender, disability, age, or protected veteran status. We are committed to building a safe, inclusive environment for people of all backgrounds.