Lead Security Engineer
WeWork is an organization committed towards helping people around the world make a life, and not just a living. We accomplish this through the thoughtful design of our spaces and technology.
We build and maintain a wide range of technology to support this mission. Our technology product catalog ranges from the typical monolithic web applications to an expansive IoT sensor network streaming signals into data pipelines to help optimize the way we use space. The secure design, development, and deployment of these products are a paramount concern for the WeWork Software Security team.
We are looking for people passionate about information security, experience working to secure consumer web technologies, deploying and developing safe-by-default developer platforms and SDKs, excited about working with and finding vulnerabilities in technology that exists in the real world (IoT™ et al.), and (most importantly) helping WeWork employees and members feel safe while we are all focusing on building a place where people make a life and not just a living.
To accomplish this goal, you will work closely with our engineering teams and the larger Information Security team to ensure security is part of WeWork technology design and development workflows. Penetration testing, code reviews, security architecture reviews, and mentorship of security engineers will be some of the tools you can wield to accomplish this. Additionally, we aim to focus as an entire team to constantly research and develop projects and tools that we could implement into our products, SDLC and platform that can continually lower risk to WeWork and its members.
- Perform application security architecture reviews spanning a wide range of digital technologies (web, mobile, embedded)
- Perform cloud infrastructure security architecture reviews to ensure we are building in safe-by-default feature-sets into our next generation developer platforms and SDKs
- Perform code reviews, and configuration reviews of WeWork applications and cloud infrastructure
- Champion secure development practices to software and infrastructure engineers
- Mentor junior security engineers within the Information Security team to ensure high quality delivery for our customers
Desired Skills and Experience
You should have:
- Solid understanding of modern developer platform and CI/CD practices
- Solid understanding of web, mobile, and embedded systems software development
- Solid experience with web, mobile, and embedded systems application pentesting
- Experience reviewing source code (Rails/Java/ObjC/PHP/NodeJS/JS/etc)
- Experience reviewing cloud provider configs and deployment
- Solid experience using a scripting language such as Python, Ruby, etc.
- Solid understanding of Linux architecture and security
- 3+ years of equivalent work experience required
- Bachelor’s degree in Computer Science, Computer Engineering, Information Systems, or related field
- Actively or previously participated in security CTF competitions
- Actively or previously participated in Bug Bounty programs
- Has given talks at a major or minor security conference or meetup