Workato is hiring a

Senior Security Engineer - AppSec (Pentest, Bug Bounty, Threat Model, Risk Assessment)

Remote

About Workato

Workato is the only integration and automation platform that is as simple as it is powerful — and because it’s built to power the largest enterprises, it is quite powerful. 

Simultaneously, it’s a low-code/no-code platform. This empowers any user (dev/non-dev) to painlessly automate workflows across any apps and databases.

We’re proud to be named a leader by both Forrester and Gartner and trusted by 7,000+ of the world's top brands such as Box, Grab, Slack, and more. But what is most exciting is that this is only the beginning. 

Why join us?

Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles. We are driven by innovation and looking for team players who want to actively build our company. 

But, we also believe in balancing productivity with self-care. That’s why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives. 

If this sounds right up your alley, please submit an application. We look forward to getting to know you!

Also, feel free to check out why:

  • Business Insider named us an “enterprise startup to bet your career on”

  • Forbes’ Cloud 100 recognized us as one of the top 100 private cloud companies in the world

  • Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America

  • Quartz ranked us the #1 best company for remote workers

Responsibilities

We are looking for a Sr. Security Engineer. If you’re looking for a real challenge in terms of mission criticality, multi-geographic region deployments, diversity of managed services, and the chance to be a part of an impactful team working with cutting edge cloud technologies and more, then this might be the position for you!

As a Sr. Security Engineer, you will be responsible for:

  • Drive security into design and development by performing application security reviews, architecture and design reviews, and threat modeling, including code reviews for new and existing Workato products

  • Assess risks to our customers across a wide range of product and technology areas, including backend infrastructure, key management, third-party integrations, authentication, and privacy. 

  • Work with Engineering and Product Management to ensure the product's security is prioritized appropriately against business, operational, and usability requirements.

  • Partner and collaborate with development teams to support application vulnerability remediation efforts

  • Monitor our exposure to, and assess the impact of new security threats, vulnerabilities and risks

  • Support Workato’s bug bounty program

  • Research new security trends and continually improve our internal processes, procedures, and tools, implementing new approaches to address the changing threat landscape within our SDLC and Runtime environments

  • Promote security awareness by developing and delivering security training

  • Coordinate external penetration tests and other offensive testing as needed

  • Facilitate Red Teaming exercises to assess organizations' response capabilities and security measures

  • Obtain deep knowledge of Workato’s products and how they operate to facilitate stronger collaboration with internal teams

  • Mentor others as you gain knowledge and experience

  • Participate in SIRT on-call rotations

Requirements

Qualifications / Experience / Technical Skills

  • 5+ years of relevant work experience in application security

  • 3+ years experience as a software developer with at least one of Ruby, Golang, or equivalent

  • Strong Threat Modeling experience on enterprise Saas solutions using common frameworks such as STRIDE or PASTA

  • Bachelor’s or Master’s degree in computer science or equivalent experience

  • Strong software development skills in languages such as Ruby, Go, Java, or Python

  • Strong understanding of Web-related technologies (e.g. HTTP, SOAP, REST, TCP / IP, Message Queuing)

  • Comprehension of encryption technologies (e.g. TLS, HMAC, RSA, AES, PKI)

  • Knowledge of identity and access management solutions (e.g. SAML, OIDC, JWT, and SSO)

  • Knowledge of OAuth 2, client-server authentication, server-server authentication

  • Excellent ability to discover and demonstrate flaws such as SQL injection, XSS, and CSRF

  • Experience with implementing and using SAST, DAST or IAST tools 

  • Experience with AWS security solutions, WAF, IDS, vulnerability scanners, etc.

  • Experience and knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc

  • Experience advising and leading product teams on how to address a broad set of security and privacy challenges

  • At least 1 information security professional certification (e.g. CLSSP, CISSP, CISA, GSSP, GSEC, etc.)

Soft Skills / Personal Characteristics

  • Outstanding interpersonal and communication skills; ability to communicate information successfully internally and externally and to drive multi-functional alignment and action

  • Code samples, papers, presentations, vulnerability disclosure reports (or anything else that demonstrates your competence)

This job is no longer available

Enter your email address below to get notified whenever we find a similar job post.

Unsubscribe at any time.