Senior Product & Application Security Engineer

At Workiva, the Senior Product & Application Security Engineer partners closely with product and engineering teams to ensure the security of our applications, code, and cloud-based infrastructure. This role does not focus on direct feature development, but instead works alongside engineers to review code, assess application and infrastructure security, and provide guidance on secure design and implementation across the Workiva platform.

This position requires broad security expertise and extensive hands-on software development experience, enabling the engineer to approach security challenges with a developer's mindset. The role supports a wide range of product and environment security needs and serves as a key technical backup to senior security leadership. We are especially interested in candidates from engineering backgrounds who are interested in moving into security, bringing deep product knowledge and practical development experience to strengthen Workiva's security posture.

What You'll Do

• Serves as a senior product and application security partner to engineering and product teams across the organization

• Leads the application of security techniques threat modeling and secure design practices to protect applications cloud infrastructure and product environments

• Contributes at a senior level within a team or matrixed environment influencing security strategy and execution

• Tackles complex and ambiguous security problems requiring deep technical analysis and evaluation of multiple risk factors

• Proactively identifies systemic security risks across products services and infrastructure

• Designs and drives effective long term security solutions and remediation strategies across diverse product areas

• Has significant impact on product security customer trust compliance and operational risk across multiple teams and initiatives

• Exercises strong judgment in defining security priorities selecting scalable controls and balancing risk with business needs

• Acts as a trusted security advisor to senior engineers technical leads and engineering managers

• Regularly collaborates across product engineering platform and infrastructure teams to influence secure architecture and design decisions

• Engages with senior internal stakeholders and may support discussions with directors and senior directors on security topics

• Operates with a high degree of independence setting direction and priorities aligned with organizational security objectives

• Owns security assessments risk evaluations and remediation efforts from discovery through resolution

• Mentors and provides technical leadership to peers and partner teams

Minimum Qualifications

• 3+ years of related experience with a Bachelor's degree or equivalent experience

• 3+ years of software development experience in at least one of the following languages: Java, Javascript/Typescript, Python, Go

• Knowledge of security vulnerabilities, secure code review, and OWASP Top 10

Preferred Qualifications

• Deep knowledge of application security secure coding practices threat modeling and vulnerability classes including OWASP Top 10

• Proven experience leading secure code reviews architecture reviews and security design discussions
  Ability to communicate complex security concepts risks and recommendations to both technical and executive stakeholders

• Experience using web application security testing tools such as Burp Suite

• Strong understanding of cloud security concepts particularly in AWS based environments

• Advanced web application penetration testing certifications such as OSWA OSWE OSCP BSCP eWTP GWAPT

• Secure code review or application security certifications such as CASE Java or OSWE

• Web Application Firewall WAF tuning and optimization experience

• Hands on penetration testing experience across modern web applications

• Familiarity with DevSecOps tooling such as Semgrep GitHub Advanced Security Trivy Grype or similar

• Experience securing or evaluating AI driven systems and workflows

Travel Requirements & Working Conditions

• For remote working opportunities, a stable internet connection is required

• Occasional travel may be needed for team meetings, conferences, or company events

How You'll Be Rewarded

A discretionary bonus typically paid annually

Restricted Stock Units granted at time of hire

401(k) match and comprehensive employee benefits package

The salary range represents the low and high end of the salary range for this job in the US. Minimums and maximums may vary based on location. The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience and other relevant factors.

Employment decisions are made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other protected characteristic.

Workiva is committed to working with and providing reasonable accommodations to applicants with disabilities. To request assistance with the application process, please email talentacquisition@workiva.com.

Workiva employees are required to undergo comprehensive security and privacy training tailored to their roles, ensuring adherence to company policies and regulatory standards.

Workiva supports employees in working where they work best - either from an office or remotely from any location within their country of employment.