Product Security Engineer

About the Role

The security team at Workos is a highly collaborative group with a strong engineering mindset. The team's security program is shaped by hands-on experience attacking and defending systems, and they embrace the latest advancements in practices and tooling that make modern security teams effective. As a Product Security Engineer, you will work closely with cross-functional teams, including engineering, product, and customer success, to ensure that security is integrated into every aspect of the product lifecycle.

Workos is committed to maintaining the highest standards of security and customer trust. With a growing customer base of hundreds of modern software companies, the company requires a skilled and dedicated security team to protect sensitive data and identities. As a Product Security Engineer, you will play a vital role in maintaining the company's reputation for security excellence and contributing to the development of secure, enterprise-ready products.

What You Will Do

• Lead secure design efforts, partnering with engineering teams on secure design and code reviews to identify and prioritize risks early in the product lifecycle
• Develop secure by default systems, creating paved paths that systemically reduce risk and make secure development the easiest path for engineers
• Conduct penetration tests and code audits on new and existing products from an adversarial lens to identify potential vulnerabilities
• Improve security tooling by integrating and enhancing static analysis, supply chain security, and vulnerability management capabilities across engineering pipelines
• Operate and improve the responsible disclosure program, automating processes, validating submissions, and coordinating remediation efforts
• Collaborate with engineers to write and ship code that remediates vulnerabilities in production systems and improves the security posture of Workos products
• Engage directly with customers to build trust and address security-related questions and concerns
• Develop and maintain security documentation, including incident response plans and security guides
• Participate in security training and awareness programs to educate employees on security best practices
• Collaborate with the product team to develop security roadmaps and strategies

What We Are Looking For

• 5+ years of experience in a security engineering or security-focused software engineering role
• Ability to execute across a wide range of security functions, including security assessments, penetration testing, and security tooling integration
• Familiarity with common industry tooling, including static analysis and vulnerability management tools
• Proven ability to identify and prioritize security risks, with a pragmatic approach to risk management
• Strong collaboration and communication skills, with experience working with cross-functional teams
• Ability to think like an attacker, with a deep understanding of security threats and vulnerabilities
• Passion for security and a commitment to staying up-to-date with the latest security trends and technologies
• Experience with cloud-based security solutions and scalable security architectures
• Familiarity with security frameworks and compliance regulations, such as SOC 2 and GDPR

Nice to Have

• Experience with AI and machine learning-based security solutions
• Familiarity with containerization and orchestration technologies, such as Docker and Kubernetes
• Knowledge of programming languages, including Python, Java, and C++
• Experience with security information and event management (SIEM) systems
• Certification in security, such as CISSP or CEH

Benefits and Perks

• Competitive salary and equity package
• Comprehensive health insurance, including medical, dental, and vision
• Generous PTO and holiday policy, with flexible working hours
• Remote work stipend and home office setup support
• Professional development opportunities, including training and conference sponsorships
• Access to cutting-edge security tools and technologies
• Collaborative and dynamic work environment with a team of experienced security professionals
• Opportunity to work on challenging and impactful security projects
• Recognition and reward programs for outstanding performance and contributions

• Highlight your experience with security tooling and technologies, including static analysis and vulnerability management tools, to demonstrate your technical skills.
• Emphasize your ability to think like an attacker and identify potential security risks, with a focus on pragmatic risk management.
• Showcase your collaboration and communication skills, with examples of working with cross-functional teams to develop secure systems and address security-related issues.
• Be prepared to discuss your experience with cloud-based security solutions and scalable security architectures, as well as your knowledge of security frameworks and compliance regulations.
• Consider including examples of security projects you've worked on, including your role, responsibilities, and achievements, to demonstrate your skills and experience.
• Don't hesitate to ask about the company's security culture and practices during the interview, to demonstrate your interest in the role and the company.
• Be prepared to discuss your salary expectations and negotiate based on your experience and qualifications.