Senior Application Security Engineer
Summary
The Senior Application Security Engineer is responsible for validating that application services are designed and implemented with high security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, this role evaluates development practices identifying potential for vulnerabilities before they are introduced. As issues are uncovered, the senior application security engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation. The Senior Application Security Engineer is constantly applying strategic thinking and new methodologies to assess key applications and processes for weaknesses and finding resolutions before they can be abused. The Senior Application Security Engineer has the security and application expertise needed to contribute directly to vulnerability remediation.
This position is also responsible for assessing the security of applications for business-to-business initiatives, third-party relationships, outsourced solutions and vendors. Considered a highly knowledgeable individual, the Senior Application Security Engineer is expected to identify and contribute to programmatic controls, monitor and manage secure development practices to address modern day issues, and act as subject-matter experts on multiple types of vulnerabilities and attacks. Senior Application Security Engineer think like attackers, but always acts with integrity and do not abuse their privilege.
Responsibilities
- Perform vulnerability and penetration testing.
- Document security findings with reasonable reproduction steps and methodologies for remediation.
- Focus on automation to aid in efficiencies with both testing and remediation of findings.
- Develop, share, and maintain tools and scripts used in penetration-testing and red team processes.
- Work with teammates to learn and regularly share skills and foster team excellence.
- Work in tandem with developers to provide repetitive validation testing prior to production, while allowing for a continuous cycle of development followed by application security assessments.
- Monitor the security community for public-facing security issues and evaluate impact.
- Attend and participate in application project and product stakeholder meetings. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning.
- Improve and follow security review processes to ensure an automated and repeatable process is managed. This can be through the use of dynamic and static code analysis resources.
- Use security standards and implementation configurations, as well as common security frameworks.
- Prepare for and manage bug bounty programs.
- Document delivery and implementation improvements to meet and improve service-level agreements.
- Participate in, and occasionally lead, security team meetings that facilitate secure design.
- Highly engage in information security projects that evaluate existing security infrastructure and propose changes to align with requirements from security leadership and architects. Additionally, deliver projects on time, within budget, and in accordance with SLAs.
- (SLAs) and business metrics.
- Align with architects and development teams for a mission of secure design.
- Train developers and junior application security engineers on weaknesses to avoid.
- Identify and develop practices to support application security in a highly compliant and regulated environment - FedRAMP Moderate, ISO 27001, General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act of 1996 (HIPAA), etc.
- Work in tandem with architects, other security engineers, the security operations center (SOC), and infrastructure and development team members.
- Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not impacted.
- Identify and drive security efficiencies, enabling security team members to work on more advanced tasks.
- Provide technical guidance to new hires and interns as needed.
- Participate and contribute to threat modeling exercises, may lead as needed/ able.
What You'll Need
Education
- High School Diploma or equivalent combination of education and experience in a related field.
- Relevant bachelor's degree or higher a plus
Skills
- Strong vulnerability and penetration-testing skills for web apps (XSS, SQLI, CSRF, SSRF, XXE, IDOR, etc.)
- Firm grasp of cryptographic algorithms (AES, SHA, HMAC, RSA, ECC, etc.) and how to exploit their misuse
- Understanding of cloud platforms (AWS, GCP, Azure, etc.) and how to exploit vulnerabilities within those environments
- Working knowledge of multiple threat modeling frameworks
- Proficiency in software development (Java, Golang, Python, etc.)
- Solid understanding of network and web protocols
- Excellence in communicating business risk from cybersecurity issues
Experience
- 4+ years of experience in cybersecurity with a focus on penetration testing and application assessment. Additional experience in software engineering is a plus.
Travel Requirement
- Minimal, Up to 10%
Working Conditions & Physical Requirements
- Reliable Internet access for any period of time working remotely, not in a Workiva office.
How You’ll Be Rewarded
Base Pay Range in Colorado: $124,000 - $158,000
A discretionary bonus typically paid annually
Restricted Stock Units granted at time of hire
The base pay range represents the low and high end of the hiring range for this job. Actual pay will vary and may be above or below the range based on various factors including but not limited to relevant skills, experience, and capabilities.
Where You’ll Work
Our values drive how we work and who we hire. You will see these values ingrained in how we support our customers, work with team members, build our products and in the work environment we’ve created.
Customer Success: Always delight our customers.
Trust: Rely on each other.
Integrity: Do the right thing, every time.
Collaboration: Share resources and work together.
Innovation: Keep creating solutions and finding better ways.
Inclusion: Support a diverse community where we all belong.
Accountability: Be responsible for your success and failure.
We believe our people are our greatest asset, and our unique culture gives employees the opportunity to make an impact everyday. We give our employees the freedom and resources they need—backed by our culture of collaboration and diverse thought—to continue innovating and breaking new ground. We hire talented people with a wide range of skills and experiences who are eager to tackle some of today’s most challenging problems.
At Workiva, you’ll enjoy:
Fantastic Benefits: With coverage starting day one, choose from competitive health, dental, and vision plans on the largest physician networks available.
Casual Dress: Workiva has a casual work environment, most people wear jeans to the office.
Involvement: Ability to participate in Employee Resource Groups, (Women in Tech, Women in Sales, Ethnic Diversity, Veterans, Rainbow (LGBTQ), Remote Employees, Caregiving) Volunteering, Company wide celebrations, and more
Work-life Balance: We have competitive PTO, VTO and Parental Leave. We encourage employees to spend time enjoying life outside of work.
Learn more about life at Workiva: www.linkedin.com/showcase/workiva-life-and-careers/
Learn more about the company: https://www.linkedin.com/company/workiva/
Learn more about benefits: https://www.workiva.com/careers/benefits
Workiva is an Equal Employment Opportunity and Affirmative Action Employer. We believe that great minds think differently. We value diversity of backgrounds, beliefs, and interests, and we recognize diversity as an important source of intellectual thought, varied perspective, and innovation. Employment decisions are made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression genetic information, marital status, citizenship status or any other protected characteristic.
Workiva is committed to working with and providing reasonable accommodations to applicants with disabilities. To request assistance with the application process, please email [email protected].
Workiva supports employees in working where they work best - either from an office or remotely from any location within their country of employment. Effective October 18, 2021, proof of COVID-19 vaccination is required to visit any Workiva office, attend in-person meetings, or travel for business purposes.