About this role
Staff level security engineering role focusing on product and application security across Workiva’s cloud platforms, including secure coding, threat modeling, and large-scale security initiatives.
Key Responsibilities
- Serves as technical security lead for large initiatives
- Lead secure design and threat modeling
- Define security standards and patterns
- Develop metrics for security program maturity
- Coach senior engineers
Technical Overview
Hands-on security with Java/JS/TypeScript/Python, cloud security across AWS/GCP/Azure, threat modeling, secure code reviews, and DevSecOps tooling (Semgrep, GH Security, Trivy, Grype).
Ideal Candidate
The ideal candidate is a senior security engineer with breadth in application security, cloud security (AWS/GCP/Azure), secure coding, and threat modeling, capable of leading large security initiatives and mentoring engineers.
Must-Have Skills
6+ years of related experience with a Bachelor’s degree or equivalent experience3+ years of software development experience in JavaJavaScript/TypeScriptPythonor GoDeep knowledge of application security secure coding practicesthreat modelingand OWASP Top 10Experience leading secure code reviewsarchitecture reviewsand security design discussionsAbility to communicate complex security concepts to technical and executive stakeholdersExperience using Burp SuiteStrong understanding of cloud security conceptsparticularly in AWS environmentsHands-on penetration testing experience across modern web applicationsFamiliarity with DevSecOps tooling such as SemgrepGitHub Advanced SecurityTrivyGrypeProven experience driving large-scale security initiatives (e.g.Zero Trustsecret management)
Nice-to-Have Skills
Advanced web application penetration testing certifications (OSWA OSWE OSCP BSCP eWTP GWAPT)Secure code review or application security certifications (CASE Java or OSWE)Cloud security certifications (AWS Security - Specialty or Google Cloud Professional Cloud Security Engineer)WAF tuning and optimizationExperience securing or evaluating AI-driven systemsExpertise across multiple cloud providers (AWSGCPAzure)
Tools & Platforms
Burp SuiteSemgrepGitHub Advanced SecurityTrivyGrypeAWSGoogle Cloud PlatformAzureWeb Application Firewall (WAF)
Required Skills
['6+ years of related experience''Java''JavaScript/TypeScript''Python''Burp Suite''OWASP Top 10''Threat modeling''Secure code reviews''Architecture reviews''Security design discussions''DevSecOps''Semgrep''GitHub Advanced Security''Trivy''Grype''AWS''Amazon Web Services''Google Cloud Platform''Azure''Web Application Firewall (WAF)''Zero Trust''Secrets management''Authentication services''Production security services/systems']
Hard Skills
JavaJavaScript/TypeScriptPythonBurp SuiteOWASP Top 10Threat modelingSecure code reviewsArchitecture reviewsSecurity design discussionsDevSecOpsSemgrepGitHub Advanced SecurityTrivyGrypeAWSAmazon Web ServicesGoogle Cloud PlatformAzureWeb Application Firewall (WAF)Zero TrustSecrets managementAuthentication servicesProduction security services/systems
Soft Skills
Strategic thinkingCommunication with executive stakeholdersLeadershipMentoringCross-functional collaborationProblem-solvingDecision making
Certifications
Preferred
OSWAOSWEOSCPBSCPeWTPGWAPTCASE JavaOSWEAWS Certified Security - SpecialtyGoogle Cloud Professional Cloud Security Engineer
Keywords for Your Resume
staff product & application security engineerapplication securitysecure coding practicesthreat modelingOWASP Top 10Burp SuiteSecure code reviewsarchitecture reviewssecurity design discussionsDevSecOpsSemgrepGitHub Advanced SecurityTrivyGrypeAWSAmazon Web ServicesGoogle Cloud PlatformAzureWeb Application FirewallZero TrustSecrets managementAuthentication servicesProduction security services10+ engineering teams
Deal Breakers
Must have strong hands-on security and development background, Experience with cloud providers (AWS, GCP, Azure)
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile