Senior Product Security Engineer - Application Security

Justworks is looking for an experienced, hands-on Senior Security Engineer who can help drive and execute the company’s Security Architecture & Engineering function. As a successful candidate, you have demonstrated experience building security solutions to enhance security and defend against threats. You have a deep understanding of the fundamentals of computing and development/coding with Ruby on Rails, JavaScript and/or other languages. The candidate should also have experience in *Nix environment and the use of common cybersecurity tools.

Depending on the experiences and skillsets, this role can cover a few security domains such as network and infrastructure, application security, identity and access management, data protection as well as capabilities to support Security Operations and GRC (Governance, Risks and Compliance)

• Work with other security engineers on technical design reviews to evaluate existing security controls and identify opportunities to enhance the security posture of Justworks
• Work with other security engineers to bring adequate security capabilities to Justworks.
• Provide technical and architectural guidance to product managers, product engineers, and corporate IT on digital security
• Bring and implement security capabilities in AWS and for corporate. Work with the team to execute and deliver the roadmap.
• Develop security architecture, design, and coding standards across the Justworks applications and infrastructure to promote a standardized set of security requirements, aligning with internal policies and meeting external compliance requirements.
• Work collaboratively with the current product managers and staff engineers or future Enterprise Architecture team to design and implement enterprise security capabilities into solution architecture
• Participates in major new product development projects to ensure that appropriate security controls are built into systems prior to production cutover.
• Drive process improvement and control implementation projects in coordination with the larger Digital Technology team at Justworks.
• Act as a cross-functional tools and services expert, working with engineering and risk teams to build security control requirements
• Help Cyber Defense Operations triage incidents as need especially related to product security, application security and AWS security
• Perform other related duties as assigned. 

As a Senior Security Engineer, how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following:

• Good judgement - the exercise of critical thinking, analyzing and assessing problems and implications, identifying patterns, making connections of underlying issues, understanding risks and developing mitigation strategies, and taking ownership of the outcome.
• Resourcefulness - taking a can-do approach, even in the face of obstacles and constraints by assessing what’s in front of you and effectively and efficiently optimizing what you have, whether it's working on something new or thinking about how to do something better.
• Teamwork and communication - putting our collective best together through documentation, collaboration, relationship-building, listening, empathy, recruiting, and evangelism.
• Influence and leadership - fostering a community of knowledge-sharing, collaboration, mentorship, and forward-thinking.
• Skills and knowledge - the capacity to actively learn and apply specific domain knowledge, know-how, and best practices to continually enhance and improve.

In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for:

• Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You’re an active listener, treat people respectfully, and have a strong desire to know and help others.
• Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. You’re curious, ask open questions, and are receptive to thoughts and feedback from others.
• Grit - You demonstrate grit by having the courage to commit and persevere. You’re committed, earnest, and dive in to get the job done well with a positive attitude.
• Integrity - Simply put, do what you say and say what you'll do. You’re honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example. 
• Simplicity - Be like Einstein: “Everything should be made as simple as possible, but no simpler.”

• At least 5+ years experience in information security concepts, common technical security controls, and security architecture design principles, ideally in a SaaS environment
• Solid experience with Secure-SDLC processes and DevSecOps, including secure design, threat modeling, vulnerability management, etc.
• Familiar with secure coding practices and security scanning technologies
• Extensive experience in security architecture, system design, and engineering scalable security solutions in a cloud-native (AWS) environment
• Background as a software engineer, security architect, or security engineer with experience implementing DevSecOps
• Hands-on technical expertise with depth in modern cloud-based security architecture and engineering in an AWS environment
• Proven track record as a strong communicator
• Strong analytical skills
• Exceptional organizational skills

• Technical experience with DevOps, Jira, and other agile automation tools
• Ruby on Rails & Javascript
• (Preferred) Security Certifications: CISSP, CISM, CRISC, GIAC, CCSP or CEH

The base wage range for this position based in our New York City Office is targeted at $167,500.00 to $205,000.00 per year.