Application Security Engineer

Workfront - Lehi, UT

Workfront is a fast-growing, industry-leading technology company that needs motivated and talented developers to assist
with delivering exceptional results that create great software solutions. Our engineering teams utilize modern and bleeding-
edge technologies to solve interesting and complicated challenges for our rapidly expanding SaaS market. We are
relentless in maximizing each individual’s career goals and aspirations, fostering interactions with like-minded people who
share the same drive and passion while allowing the freedom to create your own success. If you are looking for a
performance-oriented culture in which your contributions and ideas make a difference, come join Workfront!
 
The position of Application Security Engineer reports to the manager of Information Security and works closely with
Workfront’s global Engineering and Product Management teams. Your work and people interactions will be evaluated
against our company values which are as follows.
 
 Do Great Work
 Finish Strong
 Win Together
 Obsess Over Customer
 
Success Criteria:
 Communicate with engineers, exec/senior management or customers regarding our product security program so
they clearly understand Workfront’s risk posture
 75% completion on quarterly stretch goals
 Partner with Engineering to drive >90% success rate for security defects SLAs
 Become a Privacy Engineering SME in your first year
 Manage bug bounties from kick-off to defect remediation
 Develop and/or purchase specific security training for Engineering (Threat Modeling, Privacy By Design, Secure
Coding, etc.)
 
DUTIES:
 Identify risks and areas of exposure in applications developed
 Perform security reviews of source code, stored procedures, and server/service configurations.
 Define and document application security requirements for applications.
 Oversee development of security components throughout all stages of the SDLC.
 Perform manual and automated security testing of Workfront applications.
 Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
 Educate developers on secure coding techniques and security best practices.
 Participate in development of security policies, standards, and processes.
 Participate in incident handling and perform application-related forensics activities. Reviewing design documents
and threat model risks
 Adeptly use application security testing tools (BurpSuite, Zap, Sqlmap etc)
 
CORE EXPERIENCE:
 3+ years combined of software development or application security experience
 Understand Privacy by Design concepts
 Has worked in a SaaS/Cloud environment
 Knowledge in the least one of the following programming languages: JavaScript, Java, Python, Swift, PHP, .Net
 Knowledge and understanding of OWASP Top 10
 Ability to integrate tools into processes using APIs
 Must be able to write scripts to automate work (Python, Bash, etc)
 Be able to identify the root cause of application vulnerabilities and provide remediation procedures
 Knowledge in some of the following: Containers, Splunk, SaltStack, Git, AWS, Netsparker, CheckMarx
 Familiarity with development processes such as Agile or Scrum
 Experience with one or more of the following technologies: MySQL, MSSQL, SQLite, MongoDB, Oracle
 Pertinent certifications for secure development/web application penetration testing : GIAC GWAPT/GWEB/GPEN/
GMOB/GSSP-[Java|.NET] , EMAPT, EWDP, EWPT, EWP


Want to discover the best jobs and companies?

By clicking "Sign up", you agree to Maia's terms of use and
privacy policy .

Already have an account with Maia? Sign in

Welcome to the next step in your career

Maia is a daily email with jobs and career advice.


Discover jobs that are a fit for you, with Maia’s smart job matching.

What don't you like about this job?