Security Engineer
San Francisco, California, United States - Remote
Applications have closed
WorkStep
WorkStep is the leading employee engagement platform for the frontline. WorkStep’s continuous listening and voice of employee solutions help you retain your workforce for the long haul.The Company:
WorkStep is the leading software provider of workforce retention and hiring solutions for the supply chain industry. We’re a Series B startup (backed by leading investors) who is disrupting the industry and changing the way companies have traditionally hired and retained their frontline supply chain workers.
Our mission is simple: to make the supply chain a better place to work. How? By helping companies within e-commerce, manufacturing, retail, transportation, and logistics make better-fit hires and improve their frontline workforce satisfaction and retention.
The Role:
The key to WorkStep's ability to earn the trust of our users and customers is a security strategy that adapts as we innovate. Our teams move fast with confidence because they know security isn't a last minute consideration, but a foundation for everything we do and build. WorkStep is hiring a security generalist to join the team in building on these principles.
This role collaborates closely with Engineering, Product Management, IT, and Operations to enable rapid evolution while maintaining rigorous, context-appropriate standards for how we protect data and reduce risk across the organization. You'll research and validate security vulnerabilities and propose solutions for remediation or mitigation. Most importantly, you'll invest in scaling our operations by building mechanisms for automatically enforcing best practices and surfacing new vulnerabilities.
Responsibilities:
- Develop, deploy, and monitor modern information security tooling
- Enforce compliance framework controls
- Serve as a security subject matter expert and partner to multiple engineering teams
- Perform risk analysis and provide prioritized remediation recommendations
- Own and drive threat modeling, security design reviews, security architecture best practices, pentesting and bug bounty programs
- Maintain and lead our Incident Response processes
- Participate in code review for high-impact or security-related changes
- Build automation and monitoring systems to enforce security policies and detect threats
Requirements
- 5+ years of experience working as a Security Engineer, Security Operations, Application Security Engineer, or related field
- Familiarity with modern EDR, SOAR, and SIEM systems in cloud environments
- Familiarity with secure SDLC concepts and AppSec tools such as IAST, RASP, SCA, etc
- Proficiency in building CI/CD pipelines
- Experience with IaC tooling
- Experience securing containerized, serverless environments such as Kubernetes
- Working knowledge of CVSS, MITRE ATT&CK, and OWASP
Preferred experience:
- Experience working with Google Cloud infrastructure
- Security certification such as CISSP, CCSP, CISM, GSEC, etc
Benefits
WorkStep is a fully remote company, meaning our team can work from where it suits them—whether that's East Coast or West Coast, in the mountains, or at the beach. We're a collaborative bunch who are focused on helping our customers succeed and deliver results, FAST. But we also know how to have fun and enjoy each other's company. Our benefits include:
- Remote working environment
- Flexible PTO
- Top-notch technology
- Annual team building on-sites (when safe to resume)
- Workspace, wellness, and professional development stipends
- Internet and phone reimbursement
- Competitive company-sponsored health, vision, and dental benefits package
- Opportunity to join a passionate, motivated, and fun team at an early stage to help shape and execute on our mission
If you’re a collaborator who likes a challenge, who doesn’t mind rolling up their sleeves, and wants to join a fast growing company at an early stage, we want to hear from you!
WorkStep is an EEO employer. We do not discriminate against any applicant for employment, or any employee because of race, color, religion, national origin, age, sex, sexual orientation, gender identity, gender, disability, age, or protected veteran status. We are committed to building a safe, inclusive environment for people of all backgrounds.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation CCSP CI/CD CISM CISSP Cloud Compliance CVSS E-commerce EDR GCP GSEC IAST Incident response Kubernetes MITRE ATT&CK Monitoring OWASP Pentesting Risk analysis SDLC Security strategy SIEM SOAR Strategy Vulnerabilities
Perks/benefits: Career development Flex hours Flex vacation Health care Startup environment Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs