Staff Security Engineer, Security Operations
As the leading workforce management solution for the skilled trades, Workrise makes it easier for skilled laborers to find work, and for companies to find in-demand workers. Workrise currently operates in wind, solar, construction, oil and gas, and defense industries. We’re growing, and we’d love to learn what you can add to our team!
Workrise is hiring a Security Engineer with a focus on security operations that will be responsible for automating the security functions for our distributed environments. Our ideal candidate for this role will be someone who has experience working in multiple cloud environments, collecting telemetry from an engineering function, and building internal data sources that support the needs of the security backend. This role maintains the integrity of our cloud environments by leveraging infrastructure as code, automated workflows, and custom services that protect against both internal and external threats.
Why Join us? Our Security Engineering team at Workrise is helping to build a modern and scalable platform for the future of the skilled labor workforce. You will be owning a large portion of the security technical practices that focuses on securing our cloud infrastructure through SAST/DAST analysis tools, secure code practices, threat modeling, and detailed analysis. Ideal candidates will support several product and platform teams.
What you’ll be doing:
- Partnering and collaborating with our engineering organization to foster modern security practices and culture.
- Automate security testing within our continuous integration and delivery pipelines.
- Automate system and service configuration management capabilities by enabling repeatable and standardized playbooks.
- Centralize user identity, audit, and access control services to provide holistic visibility.
- Build tools, services, and data sources to support security infrastructure and research.
- Contributing to open source projects, and help to review open source contributions from Workrise engineering
- Work with 3rd parties, legal, and privacy teams during audits, governance activities, and examinations.
- Secrets management centralization and enforcement.
What you should have:
- Bachelor’s degree in Computer Science, Engineering or related field or equivalent experience
- Minimum of 5 years technical professional experience in a security or software Engineering Discipline
- 2+ years of experience in cloud security, secure application design, bug bounties,, and secure coding practices.
- 2+ years working in a cloud environment (AWS, GCP, or Azure)
- 2+ years working with container orchestration services (ECS, K8’s, Cloud Run)
- 2+ years experience working container orchestration overlay networks such as Isito and facilitating policy frameworks such as Open Policy Agent (OPA).
- Demonstrated experience within the security community on open source projects, bug bounty submissions, or similar contributions
- Experience leveraging SAST/DAST tools
- Experience with virtualization & container security practices
- Experience with CI/CD tools such as CircleCI, Jenkins, Github webhooks
- Solid understanding of CVSS or other threat modeling frameworks
- Conversant in at least one programming language such as Python, Go, JavaScript, or Rust.
- Experience with the OWASP Top 10 and common application exploits, and techniques.
- Experience with RBAC and IAM access control techniques
- Exposure to security and compliance, and privacy frameworks such as GDPR, CCPA, ISO27001, NIST CSF
At Workrise you can feel good about your work and furthering our mission to serve those who do the hard work. We recognize that making an impact matters to you and we believe in providing an environment that fosters that ambition. We welcome you to develop relationships with coworkers by displaying our company values:
- Own the Mission
- Learn and Grow
- Solutions Over Ego
- Raise the Bar
In appreciation for your contributions, we support you with:
- Working alongside talented peers who will bring out the best in you
- The opportunity to significantly impact the growth curve of an already high-growth business
- Benefits for full-time employees, flexible paid time off, 401k with company matching, medical, dental and vision insurance
As a world-class employer, Workrise is committed to providing an environment where any and all people feel belonging, respected, and free to be their authentic selves. We welcome applicants of all gender identity and expression, sexual orientation, educational background, religion, ethnicity, disability, age, veteran status, and citizenship. We’d love to learn what you can add to our team!
Who we are:
In 2014, we set out to create a better way to get work done in the Oil & Gas industry. The goal — to build the most reliable and cost-effective workforce solution, using technology to make it easier to manage and deploy workers at scale. Over time, we’ve grown to serve construction, wind, solar, and defense.
We’re a Series E startup, backed by industry-leading investors Founders Fund, Bedrock Capital, Andreesen Horowitz, Baillie Gifford. To date, we’ve placed over 26,000 skilled tradespeople with over 500 businesses and are poised to grow exponentially over the coming months and years.
We’d love to share more through the interview process!
To all recruitment agencies: Workrise does not accept agency resumes. Please do not forward resumes to our jobs alias, Workrise employees or any other organization location. Workrise is not responsible for any fees related to unsolicited resumes.