WHAT YOU’LL ACHIEVE:
Provide security guidance to Engineering and Product teams.
Build threat models and conduct risk assessments for new features and services.
Perform design and code reviews (lots of them!).
Identify, triage, resolve, and manage security vulnerabilities identified in Workstream products.
Build libraries and tools to make software built and deployed at Workstream secure by default.
Make security an integral part of our CI/CD pipeline.
Perform internal penetration tests and participate in blue team exercises.
WHAT YOU’LL NEED TO BE SUCCESSFUL:
4+ years of security experience.
4+ years of software development experience.
Strong understanding of Web application security, including hands-on exploitation skills coupled with defensive skills.
Familiarity with secure development practices and security testing techniques (SAST, DAST, fuzzing, etc.).
Familiarity with infrastructure and systems security domains.
Familiarity with web application security defense techniques and technologies (WAF, RASP, sanitization/validation, etc.
Familiarity with microservices architectures, platforms, and 12-factor design
Familiarity with relevant technologies (listed below)
Strong understanding of Ruby on Rails or NodeJS. Knowledge of mobile development, such as Flutter and React Native will be nice to have.
Modest ability to build tools and automation in Python or other languages.
Ability to explain complex security issues and their impact to diverse audiences.
Be a fast learner and have experience partnering with cross-functional teams.
BA/BS in Computer Science or similar technical degree or equivalent experience.
RELEVANT TECHNOLOGIES:
Must have:
Web:
Frameworks: Ruby on Rails, NodeJS, ReactJS.
Web protocol standards (REST, RPC, SOAP)
Infrastructure:
Container and container infrastructure (e.g. Docker, container, k8s)
Cloud technology (e.g. AWS, Azure)
Unix/Linux
Nice to have:
Flutter, React Native.
Modest competency in common scripting and automation languages (Python, Ruby, Golang, etc.)
What We Offer:
A mission-driven and value-based company dedicated to empower deskless workers and local businesses
An early employee opportunity at a Series B hyper-growth startup; work with the founding team and industry veterans to accelerate your career
Competitive salary and equity
Learning/development stipend
Unlimited PTO
Hybrid Office/WFH schedule