Workfront - Lehi, UT
Workfront is a fast-growing, industry-leading technology company that needs motivated and talented developers to assist
with delivering exceptional results that create great software solutions. Our engineering teams utilize modern and bleeding-
edge technologies to solve interesting and complicated challenges for our rapidly expanding SaaS market. We are
relentless in maximizing each individual’s career goals and aspirations, fostering interactions with like-minded people who
share the same drive and passion while allowing the freedom to create your own success. If you are looking for a
performance-oriented culture in which your contributions and ideas make a difference, come join Workfront!
The position of Application Security Engineer reports to the manager of Information Security and works closely with
Workfront’s global Engineering and Product Management teams. Your work and people interactions will be evaluated
against our company values which are as follows.
Do Great Work
Obsess Over Customer
Communicate with engineers, exec/senior management or customers regarding our product security program so
they clearly understand Workfront’s risk posture
75% completion on quarterly stretch goals
Partner with Engineering to drive >90% success rate for security defects SLAs
Become a Privacy Engineering SME in your first year
Manage bug bounties from kick-off to defect remediation
Develop and/or purchase specific security training for Engineering (Threat Modeling, Privacy By Design, Secure
Identify risks and areas of exposure in applications developed
Perform security reviews of source code, stored procedures, and server/service configurations.
Define and document application security requirements for applications.
Oversee development of security components throughout all stages of the SDLC.
Perform manual and automated security testing of Workfront applications.
Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
Educate developers on secure coding techniques and security best practices.
Participate in development of security policies, standards, and processes.
Participate in incident handling and perform application-related forensics activities. Reviewing design documents
and threat model risks
Adeptly use application security testing tools (BurpSuite, Zap, Sqlmap etc)
3+ years combined of software development or application security experience
Understand Privacy by Design concepts
Has worked in a SaaS/Cloud environment
Knowledge and understanding of OWASP Top 10
Ability to integrate tools into processes using APIs
Must be able to write scripts to automate work (Python, Bash, etc)
Be able to identify the root cause of application vulnerabilities and provide remediation procedures
Knowledge in some of the following: Containers, Splunk, SaltStack, Git, AWS, Netsparker, CheckMarx
Familiarity with development processes such as Agile or Scrum
Experience with one or more of the following technologies: MySQL, MSSQL, SQLite, MongoDB, Oracle
Pertinent certifications for secure development/web application penetration testing : GIAC GWAPT/GWEB/GPEN/
GMOB/GSSP-[Java|.NET] , EMAPT, EWDP, EWPT, EWP
Want to discover the best jobs and companies?
Welcome to the next step in your career
Maia is a daily email with jobs and career advice.
Discover jobs that are a fit for you, with Maia’s smart job matching.