Senior Product & Application Security Engineer

Workiva Inc.

1d•$111,000 - $178,000•Remote

About The Position

At Workiva, the Senior Product & Application Security Engineer partners closely with product and engineering teams to ensure the security of our applications, code, and cloud-based infrastructure. This role does not focus on direct feature development, but instead works alongside engineers to review code, assess application and infrastructure security, and provide guidance on secure design and implementation across the Workiva platform. This position requires broad security expertise and extensive hands-on software development experience, enabling the engineer to approach security challenges with a developer’s mindset. The role supports a wide range of product and environment security needs and serves as a key technical backup to senior security leadership. We are especially interested in candidates from engineering backgrounds who are interested in moving into security, bringing deep product knowledge and practical development experience to strengthen Workiva’s security posture.

Requirements

3+ years of related experience with a Bachelor’s degree or equivalent experience
3+ years of software development experience in at least one of the following languages: Java, Javascript/Typescript, Python, Go
Knowledge of security vulnerabilities, secure code review, and OWASP Top 10

Nice To Haves

Deep knowledge of application security secure coding practices threat modeling and vulnerability classes including OWASP Top 10
Proven experience leading secure code reviews architecture reviews and security design discussions
Ability to communicate complex security concepts risks and recommendations to both technical and executive stakeholders
Experience using web application security testing tools such as Burp Suite
Strong understanding of cloud security concepts particularly in AWS based environments
Advanced web application penetration testing certifications such as OSWA OSWE OSCP BSCP eWTP GWAPT
Secure code review or application security certifications such as CASE Java or OSWE
Web Application Firewall WAF tuning and optimization experience
Hands on penetration testing experience across modern web applications
Familiarity with DevSecOps tooling such as Semgrep GitHub Advanced Security Trivy Grype or similar
Experience securing or evaluating AI driven systems and workflows

Responsibilities

Serves as a senior product and application security partner to engineering and product teams across the organization
Leads the application of security techniques threat modeling and secure design practices to protect applications cloud infrastructure and product environments
Contributes at a senior level within a team or matrixed environment influencing security strategy and execution
Tackles complex and ambiguous security problems requiring deep technical analysis and evaluation of multiple risk factors
Proactively identifies systemic security risks across products services and infrastructure
Designs and drives effective long term security solutions and remediation strategies across diverse product areas
Has significant impact on product security customer trust compliance and operational risk across multiple teams and initiatives
Exercises strong judgment in defining security priorities selecting scalable controls and balancing risk with business needs
Acts as a trusted security advisor to senior engineers technical leads and engineering managers
Regularly collaborates across product engineering platform and infrastructure teams to influence secure architecture and design decisions
Engages with senior internal stakeholders and may support discussions with directors and senior directors on security topics
Operates with a high degree of independence setting direction and priorities aligned with organizational security objectives
Owns security assessments risk evaluations and remediation efforts from discovery through resolution
Mentors and provides technical leadership to peers and partner teams