Security Engineer

• Provide security guidance to Engineering and Product teams.
• Build threat models and conduct risk assessments for new features and services.
• Perform design and code reviews (lots of them!).
• Identify, triage, resolve, and manage security vulnerabilities identified in Workstream products.
• Build libraries and tools to make software built and deployed at Workstream secure by default.
• Make security an integral part of our CI/CD pipeline.
• Perform internal penetration tests and participate in blue team exercises.

• 4+ years of security experience.
• 4+ years of software development experience.
• Strong understanding of Web application security, including hands-on exploitation skills coupled with defensive skills.
• Familiarity with secure development practices and security testing techniques (SAST, DAST, fuzzing, etc.).
• Familiarity with infrastructure and systems security domains.
• Familiarity with web application security defense techniques and technologies (WAF, RASP, sanitization/validation, etc.
• Familiarity with microservices architectures, platforms, and 12-factor design
• Familiarity with relevant technologies (listed below)
• Strong understanding of Ruby on Rails or NodeJS. Knowledge of mobile development, such as Flutter and React Native will be nice to have.
• Modest ability to build tools and automation in Python or other languages.
• Ability to explain complex security issues and their impact to diverse audiences.
• Be a fast learner and have experience partnering with cross-functional teams.
• BA/BS in Computer Science or similar technical degree or equivalent experience.

Must have: 

• Web: 
  Frameworks: Ruby on Rails, NodeJS, ReactJS.
  Web protocol standards (REST, RPC, SOAP)
• Infrastructure:
  Container and container infrastructure (e.g. Docker, container, k8s)
  Cloud technology (e.g. AWS, Azure) Unix/Linux
• Nice to have: 
  Flutter, React Native. 
  Modest competency in common scripting and automation languages (Python, Ruby, Golang, etc.)