security
Posted Apr 23Product Security Engineer
at WorkOS Ashby
United StatesRemote
Responsibilities
- Identify and prioritize risks early in the product lifecycle. - Build secure by default systems.
- Develop paved paths that systemically reduce risk and make secure development the easiest path for engineers. - Perform offensive security testing.
- Conduct penetration tests and code audits on new and existing products from an adversarial lens. - Improve our security tooling.
- Integrate and improve our static analysis, supply chain security, and vulnerability management capabilities across engineering pipelines. - Operate our responsible disclosure program.
- Run and improve our program by furthering automation, validating submissions, and coordinating remediation. - Improve our products.
- Write and ship code to remediate vulnerabilities in production systems and improve the security posture of WorkOS products. - Work directly with customers.
Requirements
- WorkOS powers enterprise features for many of the fastest-growing AI companies, including OpenAI, Cursor, and Perplexity, Vercel, and Plaid.
- As AI reshapes software, WorkOS is at the frontier of Human and Agent Authentication, Identity, and Access Control—helping companies answer a new critical question: who are your agents, and what are they allowed to do? Our fast-growing customer base includes hundreds of modern software companies building the next generation of enterprise-ready products.
- Security is fundamental to our products, and customer trust is the foundation of our success.
- You excel at identifying and reasoning about security risk in real-world contexts.
- You build trust with engineers by understanding their priorities, making security frictionless, and finding ways to make the secure path, the easiest path. - Excited about AI.
- You're embracing AI and automation to scale security and reduce toil. - Curious and humble.
- You ask the basic questions, enjoy untangling complex systems, and bring others along with you.
- experience in a security engineering or security-focused software engineering role. - Ability to execute across a wide range of security functions such as security assessments, penetration testing, responsible disclosure, security tooling integration, etc. - Familiarity with and
- experience using common industry tooling. - Proven ability to identify vulnerabilities in software, demonstrated through CVEs, bug bounty, blog posts, or prior work experience. - Strong written and verbal communication skills, particularly in partnering with engineering teams. - Comfortable reading and writing code, and able to effectively leverage AI during the process. - Bonus: