×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Senior Product & Application Security Engineer

Remote / Online - Candidates ideally in
Ames, Story County, Iowa, 50010, USA
Listing for: Workiva, Inc.
Full Time, Part Time, Remote/Work from Home position
Listed on 2026-01-17
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Job Description & How to Apply Below

At Workiva, the Senior Product & Application Security Engineer partners closely with product and engineering teams to ensure the security of our applications, code, and cloud-based infrastructure. This role does not focus on direct feature development, but instead works alongside engineers to review code, assess application and infrastructure security, and provide guidance on secure design and implementation across the Workiva platform.

This position requires broad security expertise and extensive hands-on software development experience, enabling the engineer to approach security challenges with a developer's mindset. The role supports a wide range of product and environment security needs and serves as a key technical backup to senior security leadership. We are especially interested in candidates from engineering backgrounds who are interested in moving into security, bringing deep product knowledge and practical development experience to strengthen Workiva's security posture.

What You'll Do

  • Serves as a senior product and application security partner to engineering and product teams across the organization

  • Leads the application of security techniques threat modeling and secure design practices to protect applications cloud infrastructure and product environments

  • Contributes at a senior level within a team or matrixed environment influencing security strategy and execution

Problem Solving

  • Tackles complex and ambiguous security problems requiring deep technical analysis and evaluation of multiple risk factors

  • Proactively identifies systemic security risks across products services and infrastructure

  • Designs and drives effective long term security solutions and remediation strategies across diverse product areas

Discretion and Impact

  • Has significant impact on product security customer trust compliance and operational risk across multiple teams and initiatives

  • Exercises strong judgment in defining security priorities selecting scalable controls and balancing risk with business needs

Collaboration and Interaction

  • Acts as a trusted security advisor to senior engineers technical leads and engineering managers

  • Regularly collaborates across product engineering platform and infrastructure teams to influence secure architecture and design decisions

  • Engages with senior internal stakeholders and may support discussions with directors and senior directors on security topics

Autonomy

  • Operates with a high degree of independence setting direction and priorities aligned with organizational security objectives

  • Owns security assessments risk evaluations and remediation efforts from discovery through resolution

  • Mentors and provides technical leadership to peers and partner teams

What You'll Need

Minimum Qualifications

  • 3+ years of related experience with a Bachelor's degree or equivalent experience

  • 3+ years of software development experience in at least one of the following languages:
    Java, Java script/Typescript, Python, Go

  • Knowledge of security vulnerabilities, secure code review, and OWASP Top 10

Preferred Qualifications

  • Deep knowledge of application security secure coding practices threat modeling and vulnerability classes including OWASP Top 10

  • Proven experience leading secure code reviews architecture reviews and security design discussions
    Ability to communicate complex security concepts risks and recommendations to both technical and executive stakeholders

  • Experience using web application security testing tools such as Burp Suite

  • Strong understanding of cloud security concepts particularly in AWS based environments

  • Advanced web application penetration testing certifications such as OSWA OSWE OSCP BSCP eWTP GWAPT

  • Secure code review or application security certifications such as CASE Java or OSWE

  • Web Application Firewall WAF tuning and optimization experience

  • Hands on penetration testing experience across modern web applications

  • Familiarity with Dev Sec Ops  tooling such as Semgrep Git Hub Advanced Security Trivy Grype or similar

  • Experience securing or evaluating AI driven systems and workflows

Travel Requirements & Working Conditions

  • For remote working opportunities, a stable internet connection is required

  • Occasional travel may be needed…

Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search