We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search

Job posting has expired

#alert
Back to search results / More jobs like this
Back to search results
Remote New
Workiva, Inc. jobs

Staff Product & Application Security Engineer

Workiva, Inc.
$129,000.00 - $207,000.00
401(k)
United States
Mar 30, 2026

At Workiva, the Staff Product & Application Security Engineer partners closely with product and engineering teams to ensure the security of our applications, code, and cloud-based infrastructure. This role does not focus on direct feature development, but instead works alongside engineers to review code, assess application and infrastructure security, and provide guidance on secure design and implementation across the Workiva platform.

This position requires broad security expertise and extensive hands-on software development experience, enabling the engineer to approach security challenges with a developer's mindset. The role supports a wide range of product and environment security needs and serves as a key technical backup to senior security leadership. We are especially interested in candidates from engineering backgrounds who have moved into security, bringing deep product knowledge and practical development experience to strengthen Workiva's security posture.

What You'll Do

  • Serves as a technical security lead and domain expert to executive and engineering leadership for large, cross-organizational initiatives

  • Leads the application of security techniques threat modeling and secure design practices to protect applications cloud infrastructure and product environments

  • Defines, champions, and drives the adoption of organization-wide security standards, best practices, and foundational architecture patterns

  • Develops and implements objective, quantifiable metrics to measure the effectiveness and maturity of Workiva's application security program, reporting progress to executive stakeholders

Problem Solving

  • Resolves the most ambiguous, high-impact, and systemic security challenges across the entire platform, often requiring changes to established engineering processes.

  • Proactively identifies systemic security risks across products services and infrastructure

  • Designs and drives effective long term security solutions and remediation strategies across diverse product areas

  • Anticipates emerging industry security trends, regulatory changes, and threat landscapes, translating them into proactive, preventative technical strategies

  • Drives the formal risk acceptance or mitigation processes for critical, high-severity vulnerabilities that carry significant compliance or business risk.

Discretion and Impact

  • Drives broad, lasting, and foundational security changes that significantly enhance Workiva's overall security posture, customer trust, and global compliance.

  • Exercises ultimate technical judgment in defining company-wide security standards and directly influences major security investment decisions

  • This role must ensure the company's product security controls meet the technical requirements for relevant compliance frameworks (e.g., SOC 2, ISO 27001, FedRAMP)

Collaboration and Interaction

  • Act as a lead security advisor to executive leadership (VP/CTO level) on platform security risks, strategic initiatives, and technical feasibility.

  • Regularly collaborates across product engineering platform and infrastructure teams to influence secure architecture and design decisions

  • Engages with senior internal stakeholders and leads discussions with directors and senior directors on security topics

  • Formally coaches and mentors other Senior and Staff Engineers on advanced security engineering, technical leadership, and driving complex, multi-team projects

Autonomy

  • Defines and is fully accountable for the technical security roadmap and direction for major domains or engineering organizations without requiring external guidance.

  • Owns security assessments risk evaluations and remediation efforts from discovery through resolution

  • Serves as a lead technical authority and security subject matter expert, representing the organization in cross-functional architecture and governance councils.

What You'll Need

Minimum Qualifications

  • 6+ years of related experience with a Bachelor's degree or equivalent experience

  • 3+ years of software development experience in at least one of the following languages: Java, Javascript/Typescript, Python, Go

  • Deep knowledge of application security secure coding practices threat modeling and vulnerability classes including OWASP Top 10

  • Proven experience leading secure code reviews architecture reviews and security design discussions
    Ability to communicate complex security concepts risks and recommendations to both technical and executive stakeholders

  • Experience using web application security testing tools such as Burp Suite

  • Strong understanding of cloud security concepts particularly in AWS based environments

  • Hands on penetration testing experience across modern web applications

  • Familiarity with DevSecOps tooling such as Semgrep GitHub Advanced Security Trivy Grype or similar

  • Proven experience driving the adoption of large-scale security initiatives (e.g., implementing a global Zero Trust architecture, defining a company-wide secret management strategy)

  • Proven experience designing, building, and operating production security services/systems (e.g., internal security libraries, secrets management systems, authentication services, centralized security logging frameworks) used by 10+ engineering teams.

Preferred Qualifications

  • Advanced web application penetration testing certifications such as OSWA OSWE OSCP BSCP eWTP GWAPT

  • Secure code review or application security certifications such as CASE Java or OSWE

  • Cloud security certifications such as AWS Certified SEcurity - Specialty or Google Cloud Professional Cloud Security Engineer

  • Web Application Firewall WAF tuning and optimization experience

  • Experience securing or evaluating AI driven systems and workflows

  • Expertise in at least one major cloud provider (AWS, GCP, or Azure) beyond a single product environment, covering cross-account security, networking, and governance design. AWS Strongly preferred

Travel Requirements & Working Conditions

  • For remote working opportunities, a stable internet connection is required

  • Occasional travel may be needed for team meetings, conferences, or company events

How You'll Be Rewarded

Salary range in the US: $129,000.00 - $207,000.00

A discretionary bonus typically paid annually

Restricted Stock Units granted at time of hire

401(k) match and comprehensive employee benefits package

The salary range represents the low and high end of the salary range for this job in the US. Minimums and maximums may vary based on location. The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience and other relevant factors.

Employment decisions are made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other protected characteristic.

Workiva is committed to working with and providing reasonable accommodations to applicants with disabilities. To request assistance with the application process, please email talentacquisition@workiva.com.

Workiva employees are required to undergo comprehensive security and privacy training tailored to their roles, ensuring adherence to company policies and regulatory standards.

Workiva supports employees in working where they work best - either from an office or remotely from any location within their country of employment.

#LI-MJ2

(web-bd9584865-ksnsn)