Listing Description

As the leading workforce management solution for the skilled trades, Workrise makes it easier for skilled laborers to find work, and for companies to find in-demand workers. Workrise currently operates in wind, solar, construction, oil and gas, and defense industries. We’re growing, and we’d love to learn what you can add to our team!

Workrise is hiring a Senior Software Security Engineer with a focus on developing security focused applications and services that will be responsible for the unified view into all security functions. Our ideal candidate for this role will be someone who has experience and deep understanding of modern cloud application environments, full stack development, the role of application security in the SDLC, and a keen sense of risk and threat assessment. This role involves building a full stack holistic view into core security functions, intelligence streams, and both internal and external data sources. Requires deep understanding of modern software development practices, external threats, and security workflows. 

Why Join us? Our Security Engineering team at Workrise is helping to build a modern and  scalable platform for the future of the skilled labor workforce. You will be owning a large portion of the security technical practices that focuses on providing a unified view into all security functions.

What you'll be doing:

• Partnering and collaborating with our engineering organization to foster modern security practices and culture.


• Automating data sources both internal and external that enables data collection into a unified backend.


• Creating a frontend that standardizes security workflows and functions that can provide a holistic view into threats and risks. 


• Creating libraries to support the needs of Engineering, Privacy and Trust, and Research.


• Contributing to open source projects, and help to review open source contributions from Workrise engineering

What you should have:

• Bachelor’s degree in Computer Science, Engineering or related field or equivalent experience. 


• Minimum of 4 years technical professional experience in a security or software engineering discipline.


• Builder mindset: You know when to build custom solutions, leverage commercial or open source solutions and can wire them together as needed.


• Demonstrated experience  in at least one programming language such as Python, Java, Go, JavaScript, or Rust. We are a heavy python and SQL shop.


• Deep knowledge of both loosely and strongly typed languages.


• 3+ years of experience in cloud security, architecture, and secure coding practices.


• 3+ years working in a cloud environment (AWS, GCP, or Azure).


• 3+ years working with container orchestration services (ECS, K8’s, Cloud Run).


• Demonstrated experience within the security community on open source projects, bug bounty submissions, or similar contributions.


• Demonstrated experience delivering tools as part of an AppSec/DevSecOps program or in building a SIEM/SOAR solution.


• Ability to work with engineering focused teams to promote safe development practices.


• Experience with CI/CD tools such as CircleCI, Jenkins, Github webhooks.


• Solid understanding of CVSS, CVE, CWE.


• Experience with threat modeling frameworks such as STRIDE, OWASP Top 10, MITRE ATT&CK.


• Experience with identity management practices (IAM, RBAC).


• Exposure to security and compliance, and privacy frameworks such as GDPR, CCPA, ISO27001, NIST CSF.


• Nice to have: We are a very data driven organization. Any experiences with data pipelines, data warehouses, analytics, data visualization and/or BI analytics tools is a plus.