Workiva is a company focused on ensuring the security of applications and cloud-based infrastructure. The Senior Product & Application Security Engineer partners with product and engineering teams to assess security, review code, and provide guidance on secure design and implementation.
Responsibilities:
- Serves as a senior product and application security partner to engineering and product teams across the organization
- Leads the application of security techniques threat modeling and secure design practices to protect applications cloud infrastructure and product environments
- Contributes at a senior level within a team or matrixed environment influencing security strategy and execution
- Tackles complex and ambiguous security problems requiring deep technical analysis and evaluation of multiple risk factors
- Proactively identifies systemic security risks across products services and infrastructure
- Designs and drives effective long term security solutions and remediation strategies across diverse product areas
- Has significant impact on product security customer trust compliance and operational risk across multiple teams and initiatives
- Exercises strong judgment in defining security priorities selecting scalable controls and balancing risk with business needs
- Acts as a trusted security advisor to senior engineers technical leads and engineering managers
- Regularly collaborates across product engineering platform and infrastructure teams to influence secure architecture and design decisions
- Engages with senior internal stakeholders and may support discussions with directors and senior directors on security topics
- Operates with a high degree of independence setting direction and priorities aligned with organizational security objectives
- Owns security assessments risk evaluations and remediation efforts from discovery through resolution
- Mentors and provides technical leadership to peers and partner teams
Requirements:
- 3+ years of related experience with a Bachelor's degree or equivalent experience
- 3+ years of software development experience in at least one of the following languages: Java, Javascript/Typescript, Python, Go
- Knowledge of security vulnerabilities, secure code review, and OWASP Top 10
- Deep knowledge of application security secure coding practices threat modeling and vulnerability classes including OWASP Top 10
- Proven experience leading secure code reviews architecture reviews and security design discussions
- Ability to communicate complex security concepts risks and recommendations to both technical and executive stakeholders
- Experience using web application security testing tools such as Burp Suite
- Strong understanding of cloud security concepts particularly in AWS based environments
- Advanced web application penetration testing certifications such as OSWA OSWE OSCP BSCP eWTP GWAPT
- Secure code review or application security certifications such as CASE Java or OSWE
- Web Application Firewall WAF tuning and optimization experience
- Hands on penetration testing experience across modern web applications
- Familiarity with DevSecOps tooling such as Semgrep GitHub Advanced Security Trivy Grype or similar
- Experience securing or evaluating AI driven systems and workflows