Staff Software Security Engineer

Workrise delivers tailored workforce and vendor management solutions backed by the most qualified people in the energy industry. We do this reliably at scale, so customers can confidently execute on the projects in front of them, and focus their time and energy on the goals that drive their business forward.

We are hiring a Staff Software Security Engineer to help us build out security solutions across our detection & response engineering, identity, security architecture, and application & cloud security. You are as much a builder as you are a leader. You can build on your previous experiences as being a domain expert and help craft a technical strategy that fits the needs of the business. You love mentoring and sharing your knowledge from other engineers and team mates just as much as you enjoy learning from them.

What you'll be doing:

• Collaborate: Technical leadership with a small team of 3-4 software security engineers to create well-designed, fit-for purposes, maintainable solutions. You will bring a spirit of collaboration and willingness to work with multiple departments and stakeholders. You should have the mindset that security is a continuous and collaborative process and want to simplify security (paved roads) for your customers
• Build: We are a team of builders and seek a balance between build vs buy, cost, and operational efficiency. You may be building out customer security tools, doing response automation, or helping engineering teams to build custom security solutions. You bring an eagerness to find fit-for-purpose solutions, build, deploy and operate
• Security Data: Lots of data. Whether it’s in detection & response, engineering, DevSecOps, vulnerability management, or incident response, we are a highly evidence-driven culture that leverages data to help us fill in the gaps of our understanding. You will also contribute detection rules to our SIEM as well as set strategy for automating our detection & response pipelinesApplication Security - You will help secure the software development lifecycle. We provide a broad range of services to support our IT & engineering teams from secure design & architecture reviews, vulnerability management, Bug Bounty program management, 3rd party pen testing, dependency management, patching, and SAST scanning. You reach for Burp proxy like it’s second nature to inspect for potential vulnerabilities or to reproduce a bug bounty report
• Application Security: You will work with leaders in Privacy & Trust, Software Engineering, Product, & Corporate Security to understand the business and build technical strategy and roadmaps that align with the business and operational strategy

Experience and Education Requirements:

• Bachelor’s degree in Computer Science, Engineering or related field or equivalent experience
• You must have hands-on coding experience building, deploying and operating solutions. This is a hands-on role building security solutions
• Demonstrated technical leadership with ability to communicate to Junior/Senior engineers and fluidly as with the rest of the business. Ability to build solutions is an important ability to communicate and influence.
• Depth in experience in one or more domains of Application Security, Cloud Security, or Detection & Response Engineering. While you may be working in multiple domains, we’re not expecting out-of-the-box unicorns here
• Minimum of 7 years technical professional experience in a security or software engineering discipline as a development engineer
• 3+ years experience building customer applications, tools, and/or data pipelines
• 3+ years of experience in cloud security, architecture, and secure coding practices
• 3+ years working in a cloud environment (AWS, GCP)
• 3+ years working with container orchestration services (k8’s, Docker, service mesh)
• Demonstrated experience within the security community on open source projects, bug bounty submissions, or similar contributions.
• Deep knowledge of both loosely and strongly typed languages
• Ability to work with engineering focused teams to promote safe development practices
• Experience with CI/CD tools such as CircleCI, Jenkins, Github webhooks
• Demonstrated experience  in at least one programming language such as Python, Go, JavaScript, or Rust
• Experience with the OWASP Top 10  and common application exploits, and techniques
• Experience with vulnerability management and scoring techniques like CVSS, EPSS
• Experience with RBAC and IAM access control techniques
• Exposure to security and compliance, and privacy frameworks such as GDPR, CCPA, ISO27001, NIST CSF

More than a job:

At Workrise you can feel good about supporting our mission to serve those who do the hard work. We recognize that making an impact matters to you and we believe in providing an environment that fosters your growth. We use data to drive our decisions and improve the experience of our workers and the clients we serve. With mutual respect for each other, we continually collaborate to find the best solution.

In appreciation for your contributions, we support you with:

• Working alongside talented peers who will bring out the best in you
• The opportunity to significantly impact the growth curve of an already high-growth business
• Benefits for full-time employees, flexible paid time off, 401k with company matching, medical, dental and vision insurance

Workrise is committed to providing an environment where any and all people feel belonging, respected, and free to be their authentic selves. We welcome applicants of all gender identity and expression, sexual orientation, neurodiversity, educational background, religion, ethnicity, disability, age, veteran status, and citizenship. We’d love to learn what you can add to our team.

Who we are:

In 2014, we set out to create a better way to manage and deploy Oil & Gas workers at scale through technology. Over time, we’ve grown to add Renewables in service of the energy industry. 

We’re a Series E startup, backed by industry-leading investors Founders Fund, Bedrock Capital, Andreesen Horowitz, and Baillie Gifford. To date, we’ve placed over 26,000 skilled tradespeople with over 500 businesses and are poised to grow exponentially.

We’d love to share more through the interview process and look forward to learning more about your journey.

To all recruitment agencies: Workrise does not accept agency resumes. Please do not forward resumes to our jobs alias, Workrise employees or any other organization location. Workrise is not responsible for any fees related to unsolicited resumes.