Product Security Engineer

WorkOS•San Francisco, CA

6h•Remote

About The Position

WorkOS builds modern developer tools and APIs that make it easy for companies to become Enterprise Ready. Our platform powers authentication, identity, authorization, and other critical infrastructure that developers need to securely scale their products to large organizations. We recently raised a $100M Series C, valuing the company at $2B, led by Meritech and Sapphire with participation from Greenoaks, Craft, Abstract, and Audacious. WorkOS powers enterprise features for many of the fastest-growing AI companies, including OpenAI, Cursor, and Perplexity, Vercel, and Plaid. As AI reshapes software, WorkOS is at the frontier of Human and Agent Authentication, Identity, and Access Control—helping companies answer a new critical question: who are your agents, and what are they allowed to do? Our fast-growing customer base includes hundreds of modern software companies building the next generation of enterprise-ready products. The Security team at WorkOS is responsible for keeping the data and identities of hundreds of millions of customers secure. Security is fundamental to our products, and customer trust is the foundation of our success. We are a highly collaborative group with a strong engineering mindset. Our security program is shaped by hands-on experience attacking and defending systems, and applying lessons from across the industry. We embrace the latest advancements in practices and tooling that make modern security teams effective. We are comfortable in code and collaborate often with engineering to create products that are secure by default. We are looking for a risk-focused and pragmatic individual who excels at identifying and reasoning about security risk in real-world contexts, prioritizing ruthlessly to reduce risk. A builder who can break things, comfortable reading and writing code, with a passion for deeply understanding the products to secure them, thinking like an attacker to find subtle, high impact vulnerabilities and like a defender to design pragmatic, effective mitigations. A strong partner to engineering, building trust by understanding their priorities, making security frictionless, and finding ways to make the secure path the easiest path. Someone excited about AI, embracing AI and automation to scale security and reduce toil. Curious and humble, asking the basic questions, enjoying untangling complex systems, and bringing others along.

Requirements

5+ years of experience in a security engineering or security-focused software engineering role.
Ability to execute across a wide range of security functions such as security assessments, penetration testing, responsible disclosure, security tooling integration, etc.
Familiarity with and experience using common industry tooling.
Proven ability to identify vulnerabilities in software, demonstrated through CVEs, bug bounty, blog posts, or prior work experience.
Strong written and verbal communication skills, particularly in partnering with engineering teams.
Comfortable reading and writing code, and able to effectively leverage AI during the process.

Nice To Haves

Experience in the authentication and identity domain.
Experience writing production level code, especially developing security features.

Responsibilities

Lead secure design efforts. Partner with engineering teams on secure design and code reviews. Identify and prioritize risks early in the product lifecycle.
Build secure by default systems. Develop paved paths that systemically reduce risk and make secure development the easiest path for engineers.
Perform offensive security testing. Conduct penetration tests and code audits on new and existing products from an adversarial lens.
Improve our security tooling. Integrate and improve our static analysis, supply chain security, and vulnerability management capabilities across engineering pipelines.
Operate our responsible disclosure program. Run and improve our program by furthering automation, validating submissions, and coordinating remediation.
Improve our products. Write and ship code to remediate vulnerabilities in production systems and improve the security posture of WorkOS products.
Work directly with customers. Help build our customers' trust by directly engaging with their security-related questions and concerns.