Security Engineer
Workstream
Workstream is a mission-driven company that believes in building premium, modern software solutions for hourly businesses. There are 2.7 billion hourly workers, who make up 80% of the global workforce, but they've been heavily underserved by technology and deserve better. We help local businesses around you hire, manage, and pay qualified workers.
Our customers include leading brands from multiple sectors, including Burger King, Carl's Jr./Hardee's, IHOP, KFC, and Culvers. At series B, we are quickly expanding our product portfolio. We are backed by legendary VCs and industry experts like Founders Fund, BOND, and Coatue.
WHAT YOU’LL ACHIEVE:
- Provide security guidance to Engineering and Product teams.
- Build threat models and conduct risk assessments for new features and services.
- Perform design and code reviews (lots of them!).
- Identify, triage, resolve, and manage security vulnerabilities identified in Workstream products.
- Build libraries and tools to make software built and deployed at Workstream secure by default.
- Make security an integral part of our CI/CD pipeline.
- Perform internal penetration tests and participate in red team exercises.
WHAT YOU’LL NEED TO BE SUCCESSFUL:
- 4+ years of security experience.
- 4+ years of software development experience.
- Strong understanding of Web application security, including hands-on exploitation skills coupled with defensive skills.
- Familiarity with secure development practices and security testing techniques (SAST, DAST, fuzzing, etc.).
- Familiarity with infrastructure and systems security domains.
- Familiarity with web application security defense techniques and technologies (WAF, RASP, sanitization/validation, etc.
- Familiarity with microservices architectures, platforms, and 12-factor design
- Familiarity with relevant technologies (listed below)
- Strong understanding of Ruby on Rails or NodeJS. Knowledge of mobile development, such as Flutter and React Native will be nice to have.
- Modest ability to build tools and automation in Python or other languages.
- Ability to explain complex security issues and their impact to diverse audiences.
- Be a fast learner and have experience partnering with cross-functional teams.
- BA/BS in Computer Science or similar technical degree or equivalent experience.
RELEVANT TECHNOLOGIES:
Must have:
- Web:
- Frameworks: Ruby on Rails, NodeJS, ReactJS.
- Web protocol standards (REST, RPC, SOAP)
- Infrastructure:
- Container and container infrastructure (e.g. Docker, container, k8s)
- Cloud technology (e.g. AWS, Azure)
- Unix/Linux
Nice to have:
-
- Flutter, React Native.
- Modest competency in common scripting and automation languages (Python, Ruby, Golang, etc.)
What We Offer:
- A mission-driven and value-based company dedicated to empower deskless workers and local businesses
- An early employee opportunity at a Series B hyper-growth startup; work with the founding team and industry veterans to accelerate your career
- Competitive salary and equity
- Learning/development stipend
- Unlimited PTO
- Hybrid Office/WFH schedule
Additional Information
Workstream provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
We are committed to the full inclusion of all qualified individuals.