Workato is the only integration and automation platform that is as simple as it is powerful — and because it's built to power the largest enterprises, it is quite powerful.
Simultaneously, it's a low-code/no-code platform. This empowers any user (dev/non-dev) to painlessly automate workflows across any apps and databases.
We're proud to be named a leader by both Forrester and Gartner and trusted by 7,000+ of the world's top brands such as Box, Grab, Slack, and more. But what is most exciting is that this is only the beginning.
Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles. We are driven by innovation and looking for team players who want to actively build our company.
But, we also believe in balancing productivity with self-care. That's why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives.
If this sounds right up your alley, please submit an application. We look forward to getting to know you!
Also, feel free to check out why:
Business Insider named us an "enterprise startup to bet your career on"
Forbes' Cloud 100 recognized us as one of the top 100 private cloud companies in the world
Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America
Quartz ranked us the #1 best company for remote workers
We are looking for a Sr. Security Engineer. If you're looking for a real challenge in terms of mission criticality, multi-geographic region deployments, diversity of managed services, and the chance to be a part of an impactful team working with cutting edge cloud technologies and more, then this might be the position for you!
As a Sr. Security Engineer, you will be responsible for:
Drive security into design and development by performing application security reviews, architecture and design reviews, and threat modeling, including code reviews for new and existing Workato products
Assess risks to our customers across a wide range of product and technology areas, including backend infrastructure, key management, third-party integrations, authentication, and privacy.
Work with Engineering and Product Management to ensure the product's security is prioritized appropriately against business, operational, and usability requirements.
Partner and collaborate with development teams to support application vulnerability remediation efforts
Monitor our exposure to, and assess the impact of new security threats, vulnerabilities and risks
Support Workato's bug bounty program
Research new security trends and continually improve our internal processes, procedures, and tools, implementing new approaches to address the changing threat landscape within our SDLC and Runtime environments
Promote security awareness by developing and delivering security training
Coordinate external penetration tests and other offensive testing as needed
Facilitate Red Teaming exercises to assess organizations' response capabilities and security measures
Obtain deep knowledge of Workato's products and how they operate to facilitate stronger collaboration with internal teams
Mentor others as you gain knowledge and experience
Participate in SIRT on-call rotations
5+ years of relevant work experience in application security
3+ years experience as a software developer with at least one of Ruby, Golang, or equivalent
Strong Threat Modeling experience on enterprise Saas solutions using common frameworks such as STRIDE or PASTA
Bachelor's or Master's degree in computer science or equivalent experience
Strong software development skills in languages such as Ruby, Go, Java, or Python
Strong understanding of Web-related technologies (e.g. HTTP, SOAP, REST, TCP / IP, Message Queuing)
Comprehension of encryption technologies (e.g. TLS, HMAC, RSA, AES, PKI)
Knowledge of identity and access management solutions (e.g. SAML, OIDC, JWT, and SSO)
Knowledge of OAuth 2, client-server authentication, server-server authentication
Excellent ability to discover and demonstrate flaws such as SQL injection, XSS, and CSRF
Experience with implementing and using SAST, DAST or IAST tools
Experience with AWS security solutions, WAF, IDS, vulnerability scanners, etc.
Experience and knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc
Experience advising and leading product teams on how to address a broad set of security and privacy challenges
At least 1 information security professional certification (e.g. CLSSP, CISSP, CISA, GSSP, GSEC, etc.)
Outstanding interpersonal and communication skills; ability to communicate information successfully internally and externally and to drive multi-functional alignment and action
Code samples, papers, presentations, vulnerability disclosure reports (or anything else that demonstrates your competence)
Our mission is to help companies integrate and automate at least 10X faster than with traditional tools and at a tenth of the cost of ownership.
39 jobsSubscribe to Rise newsletter