Job details

Staff Application Security Engineer

Join our team as a Staff Application Security Engineer at Workiva and play a vital role in safeguarding our applications with high-security standards. As a member of our passionate and dynamic team, you will have the opportunity to analyze and fortify the security of our applications, middle-tier systems, and databases.

In this role, you will take a proactive approach to identify potential vulnerabilities in development practices, ensuring that our applications are secure from the ground up. Your effective communication skills will be crucial as you collaborate with technical and leadership teams to prioritize risk mitigation and address any issues that may arise.

We value strategic thinking and encourage the application of innovative methodologies to stay one step ahead of potential weaknesses in our critical applications and processes. Your expertise in risk assessment will be highly valued as you provide expert recommendations to our business leaders, helping them make informed decisions on development strategies and vulnerability remediation.

What You’ll Do

Perform vulnerability and penetration testing, documenting findings with reproducible steps and remediation methodologies.
Focus on automation to improve testing and remediation efficiency.
Develop, share, and maintain tools and scripts for penetration testing and red team processes.
Collaborate with teammates to enhance skills, foster team excellence, and provide mentorship to junior members.
Conduct validation testing with developers before production, ensuring a continuous cycle of development and application security assessments.
Proactively monitor the security community for emerging threats, adapt tactics for internal testing, and stay updated on public-facing security issues.
Attend and actively represent the security team in application project and product stakeholder meetings to drive secure development.
Define and implement innovative security review processes using dynamic and static code analysis resources.
Ensure compliance with security standards, implementation configurations, and common security frameworks.
Prepare for and manage bug bounty programs.
Document and implement improvements to meet and exceed service-level agreements.
Lead security team meetings to facilitate secure design and actively engage junior team members.
Coordinate information security projects, evaluating and aligning existing security infrastructure with requirements from security leadership and architects, delivering projects within budget and SLAs.
Collaborate with architects, security engineers, the security operations center (SOC), and infrastructure and development team members.
Develop security test plans based on architectural design, identify deficiencies, and enhance security without impacting production.
Identify, prioritize, and coordinate security efficiency improvements, enabling the team to focus on more advanced tasks.
Provide mentorship, technical guidance, and training to junior team members.
Lead threat modeling exercises.

What You'll Need

Education

High School Diploma or equivalent combination of education and experience in a related field.
A relevant bachelor's degree or higher is a plus.

Experience

Minimum of 6 years of experience in cybersecurity with a focus on penetration testing and application assessment. Additional experience in software engineering is a plus.

Skills

Strong understanding of alternative API protocols (e.g., Thrift, Protobuf, and GraphQL).
Strong understanding of event-driven API architectures (e.g. Kafka, SQS, and NATS)
Strong proficiency in vulnerability and penetration testing for web applications, including XSS, SQLI, CSRF, SSRF, XXE, IDOR, etc.
Solid understanding of cryptographic algorithms (AES, SHA, HMAC, RSA, ECC, etc.) and their potential misuse.
Thorough knowledge of cloud platforms (AWS, GCP, Azure, etc.) and vulnerabilities specific to those environments.
Familiarity with various threat modeling frameworks and their application to different situations.
Proficiency in software development using languages like Java, Golang, Python, Dart, React etc.
Strong understanding of network and web protocols.
Excellent communication skills to effectively convey business risks associated with cybersecurity issues to upper management.

How You’ll Be Rewarded:

Salary range in the US:

$120,000.00 - $204,000.00

A discretionary bonus typically paid annually
Restricted Stock Units granted at time of hire
401(k) match and comprehensive employee benefits package

The salary range represents the low and high end of the salary range for this job in the US. Minimums and maximums may vary based on location. The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience and other relevant factors.

Where You’ll Work

Our values drive how we work and who we hire. You will see these values ingrained in how we support our customers, work with team members, build our products and in the work environment we’ve created.

Customer Success: Always delight our customers.
Trust: Rely on each other.
Integrity: Do the right thing, every time.
Collaboration: Share resources and work together.
Innovation: Keep creating solutions and finding better ways.
Inclusion: Support a diverse community where we all belong.
Accountability: Be responsible for your success and failure.

We believe our people are our greatest asset, and our unique culture gives employees the opportunity to make an impact everyday. We give our employees the freedom and resources they need—backed by our culture of collaboration and diverse thought—to continue innovating and breaking new ground. We hire talented people with a wide range of skills and experiences who are eager to tackle some of today’s most challenging problems.

At Workiva, you’ll enjoy:

Fantastic Benefits: With coverage starting day one, choose from competitive health, dental, and vision plans on the largest physician networks available.
Casual Dress: Workiva has a casual work environment, most people wear jeans to the office.
Involvement: Ability to participate in Business Employee Resource Groups (Black, Hispanic, Asian, Women, Rainbow (LGBTQIA+), Veterans, Disabilities), Volunteering, Company wide celebrations, and more
Work-life Balance: We have competitive PTO, VTO and Parental Leave. We encourage employees to spend time enjoying life outside of work.

Learn more about life at Workiva:

https://www.linkedin.com/company/workiva/

Learn more about benefits:

https://www.workiva.com/careers/benefits

Workiva is an Equal Employment Opportunity and Affirmative Action Employer. We believe that great minds think differently. We value diversity of backgrounds, beliefs, and interests, and we recognize diversity as an important source of intellectual thought, varied perspective, and innovation. Employment decisions are made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression genetic information, marital status, citizenship status or any other protected characteristic. We strongly encourage and welcome people from historically marginalized groups to apply.

Workiva is committed to working with and providing reasonable accommodations to applicants with disabilities. To request assistance with the application process, please email

talentacquisition@workiva.com

Workiva supports employees in working where they work best - either from an office or remotely from any location within their country of employment.

#LI-HS1

Workiva Glassdoor Company Review

4.3

Workiva DE&I Review

4.4

CEO of Workiva

Julie Iskow

Approve of CEO

By Workiva

Workiva (NYSE: WK) is a global SaaS and a leading provider of a cloud-based connected and reporting compliance platform that enables the use of connected data and automation of reporting across finance and accounting, risk, and compliance.

42 jobs

BADGES