Senior Security Engineer - SecOps (Threat Hunting, Vuln Mgmt, IAM, Incident)

Company: Workato
Location: Myrtle Point
Posted on: March 16, 2023

Job Description:

About Workato Workato is the only integration and automation platform that is as simple as it is powerful - and because it's built to power the largest enterprises, it is quite powerful. Simultaneously, it's a low-code/no-code platform. This empowers any user (dev/non-dev) to painlessly automate workflows across any apps and databases. We're proud to be named a leader by both Forrester and Gartner and trusted by 7,000+ of the world's top brands such as Box, Grab, Slack, and more. But what is most exciting is that this is only the beginning. Why join us? Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles. We are driven by innovation and looking for team players who want to actively build our company. But, we also believe in balancing productivity with self-care. That's why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives. If this sounds right up your alley, please submit an application. We look forward to getting to know you! Also, feel free to check out why: * Business Insider named us an "enterprise startup to bet your career on" * Forbes' Cloud 100 recognized us as one of the top 100 private cloud companies in the world * Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America * Quartz ranked us the #1 best company for remote workers Responsibilities We are looking for a Sr. Security Engineer. You will be part of a new product security team responsible for building, supporting, enhancing and improving our security frameworks, tools, processes and methodologies used across our SDLC and Runtime environments. As a Sr. Security Engineer, you will be responsible for: * You will bolster and develop our defensive security capabilities, identifying advanced threats to Workato, developing and implementing countermeasures * Responding to incidents and conducting investigations as events happen through analyzing logs and various other sources * Engineer and automate custom detection and response capabilities to combat malicious and/or unwanted behaviors within the environment * Stay up to date with Tactics, Techniques, and Procedures (TTPs) that may apply to Workato and define and implement mitigation techniques to improve our overall risk posture * Conduct in-depth vulnerability assessments and security auditing of assets * Develop and improve processes for incident detection and the execution of countermeasures * Contribute to the creation and upkeep of runbooks to handle security incidents * Administer security configuration for threat management platforms for large-scale environments including security orchestration, automation, and response (SOAR) and security information and event management (SIEM) tools * Contribute and showcase Workato as a SOAR platform used within Workato's Security Operations * Provide guidance on security architecture for threat detection and response systems used as a part of the overall security operations * Consult with our security compliance team during security audits to demonstrate our technical security capabilities * Collaborate with Product Management and Development team members to enhance our Security program * Take part in the Security Operations on-call rotation, including leading all incident response efforts and documentation during your rotation Requirements Qualifications / Experience / Technical Skills * At least 5+ years of multifaceted defensive and offensive security experience in an enterprise Saas-based company * Strong technical knowledge and deep experience in security logging and monitoring, vulnerability assessment, risk-based analysis, and vulnerability mitigation * A skilled security expert, who can build tools and processes to incorporate threat intelligence from the ground up and automate threat hunting * Hands-on experience designing and deploying security controls across all security domains such as access management, data protection, vulnerability management, incident response and management, application security, network security, preventive, detective, and offensive security solutions * Capable of leveraging programming and/or scripting languages to solve practical day-to-day security challenges (Python, Go, Ruby) * Operational experience with AWS security solutions (e.g Inspector, Guarduty, Detective, Security Hub, Advanced Shield) * Strong understanding of encryption technologies (e.g TLS, HMAC, RSA, AES, PKI) * Strong understanding of Web-related technologies (e.g HTTP, SOAP, REST, TCP / IP) * Experience conducting or managing incident response for organizations, investigating targeted threats * Experience and knowledge of common penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc * Ability to work autonomously in a fast-paced, cross-functional environment, and comfortable with ambiguity * Bachelor's or Master's degree in computer science or equivalent experience * Information security professional certifications are a plus (CLSSP, CISSP, CISA, GSSP, GSEC, etc.) Soft Skills / Personal Characteristics * Outstanding interpersonal and communication skills; ability to communicate information successfully internally and externally and to drive multi-functional alignment and action * Code samples, papers, presentations, vulnerability disclosure reports (or anything else that demonstrates your competence)

Keywords: Workato, Medford , Senior Security Engineer - SecOps (Threat Hunting, Vuln Mgmt, IAM, Incident), Other , Myrtle Point, Oregon