Senior Application Security Engineer

Senior Application Security Engineer


Summary

The Senior Application Security Engineer is responsible for validating that application services are designed and implemented with high security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, this role evaluates development practices identifying potential for vulnerabilities before they are introduced. As issues are uncovered, the senior application security engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation. The Senior Application Security Engineer is constantly applying strategic thinking and new methodologies to assess key applications and processes for weaknesses and finding resolutions before they can be abused. The Senior Application Security Engineer has the security and application expertise needed to contribute directly to vulnerability remediation.

This position is also responsible for assessing the security of applications for business-to-business initiatives, third-party relationships, outsourced solutions and vendors. Considered a highly knowledgeable individual, the Senior Application Security Engineer is expected to identify and contribute to programmatic controls, monitor and manage secure development practices to address modern day issues, and act as subject-matter experts on multiple types of vulnerabilities and attacks. Senior Application Security Engineer think like attackers, but always acts with integrity and do not abuse their privilege.

Responsibilities

Information Security and Integrity

  • Perform vulnerability and penetration testing.
  • Document security findings with reasonable reproduction steps and methodologies for remediation.
  • Focus on automation to aid in efficiencies with both testing and remediation of findings.
  • Develop, share, and maintain tools and scripts used in penetration-testing and red team processes.
  • Work with teammates to learn and regularly share skills and foster team excellence.
  • Work in tandem with developers to provide repetitive validation testing prior to production, while allowing for a continuous cycle of development followed by application security assessments.
  • Monitor the security community for public-facing security issues and evaluate impact.
  • Attend and participate in application project and product stakeholder meetings. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning.
  • Improve and follow security review processes to ensure an automated and repeatable process is managed. This can be through the use of dynamic and static code analysis resources.
  • Use security standards and implementation configurations, as well as common security frameworks.
  • Prepare for and manage bug bounty programs.
  • Document delivery and implementation improvements to meet and improve service-level agreements.
  • Participate in, and occasionally lead, security team meetings that facilitate secure design.
  • Highly engage in information security projects that evaluate existing security infrastructure and propose changes to align with requirements from security leadership and architects. Additionally, deliver projects on time, within budget, and in accordance with SLAs.
    • (SLAs) and business metrics.
    • Align with architects and development teams for a mission of secure design.
    • Train developers and junior application security engineers on weaknesses to avoid.
  • Identify and develop practices to support application security in a highly compliant and regulated environment – FedRAMP Moderate, ISO 27001, General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act of 1996 (HIPAA), etc.
  • Work in tandem with architects, other security engineers, the security operations center (SOC), and infrastructure and development team members.
  • Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not impacted.
  • Identify and drive security efficiencies, enabling security team members to work on more advanced tasks.
  • Provide technical guidance to new hires and interns as needed.
  • Participate and contribute to threat modeling exercises, may lead as needed/ able.

What You’ll Need

Education

  • High School Diploma or equivalent combination of education and experience in a related field.
  • Relevant bachelor’s degree or higher a plus

Skills

  • Strong vulnerability and penetration-testing skills for web apps (XSS, SQLI, CSRF, SSRF, XXE, IDOR, etc.)
  • Firm grasp of cryptographic algorithms (AES, SHA, HMAC, RSA, ECC, etc.) and how to exploit their misuse
  • Understanding of cloud platforms (AWS, GCP, Azure, etc.) and how to exploit vulnerabilities within those environments
  • Working knowledge of multiple threat modeling frameworks
  • Proficiency in software development (Java, Golang, Python, etc.)
  • Solid understanding of network and web protocols
  • Excellence in communicating business risk from cybersecurity issues

Experience

  • 4+ years of experience in cybersecurity with a focus on penetration testing and application assessment. Additional experience in software engineering is a plus.

Travel Requirement

  • Minimal, Up to 10%

Working Conditions & Physical Requirements

  • Reliable Internet access for any period of time working remotely, not in a Workiva office.

How You’ll Be Rewarded

  • Base Pay Range in Colorado: $124,000 – $158,000
  • A discretionary bonus typically paid annually
  • Restricted Stock Units granted at time of hire

The base pay range represents the low and high end of the hiring range for this job. Actual pay will vary and may be above or below the range based on various factors including but not limited to relevant skills, experience, and capabilities.

Where You’ll Work

Our values drive how we work and who we hire. You will see these values ingrained in how we support our customers, work with team members, build our products and in the work environment we’ve created.

  • Customer Success:  Always delight our customers.
  • Trust: Rely on each other.
  • Integrity: Do the right thing, every time.
  • Collaboration: Share resources and work together.
  • Innovation: Keep creating solutions and finding better ways.
  • Inclusion: Support a diverse community where we all belong.
  • Accountability: Be responsible for your success and failure.

We believe our people are our greatest asset, and our unique culture gives employees the opportunity to make an impact everyday. We give our employees the freedom and resources they need—backed by our culture of collaboration and diverse thought—to continue innovating and breaking new ground. We hire talented people with a wide range of skills and experiences who are eager to tackle some of today’s most challenging problems.

At Workiva, you’ll enjoy:

  • Fantastic Benefits: With coverage starting day one, choose from competitive health, dental, and vision plans on the largest physician networks available.
  • Casual Dress: Workiva has a casual work environment, most people wear jeans to the office.
  • Involvement: Ability to participate in Employee Resource Groups, (Women in Tech, Women in Sales, Ethnic Diversity, Veterans, Rainbow (LGBTQ), Remote Employees, Caregiving) Volunteering, Company wide celebrations, and more
  • Work-life Balance: We have competitive PTO, VTO and Parental Leave. We encourage employees to spend time enjoying life outside of work.

Learn More

Skills

Posted on

November 17, 2021