Product Security Engineer

About WeWork:



WeWork is the platform for creators, providing hundreds of thousands of members around the world with space, community, and services that enable them to do what they love and create their life's work. Our mission is to create a world where people work to make a life, not just a living, and our own team members are central to that goal.

About the Role:




As part of our Product Security Engineering team, you will be responsible for securing WeWork applications and infrastructure. You will work closely with the engineering teams to ensure security is part of the SDLC. Penetration testing, code review, and threat modeling, will be some of the duties you will be responsible for. Additionally, you will assist with research and development projects that further push the boundaries of the state of information security.


Responsibilities:




  • Perform penetration tests and code reviews of WeWork applications (Web/Mobile)




  • Teach secure development practices to software engineers




  • Work with Application Teams to threat model their projects in all aspects of the SDLC




  • Make recommendations to help improve WeWork application security posture




  • Validate and triage vulnerabilities submitted by researchers from our bug bounty program




  • Keep security documentation and policies up to date




  • Work with the Security Director to manage third-party audits and compliance reviews




  • Assist with automation development of security processes




  • Manage all 3rd party security vulnerability scans and triaging of found risks




  • Help automate enforcement of PCI and ISO 27001 requirements in our environments




  • Advancing your personal knowledge of information security to stay bleeding edge




  • Strong troubleshooting skills




Requirements:




  • Solid experience with web/mobile application pentesting




  • Solid experience reviewing source code (Rails/Java/PHP/NodeJS/JS/Android/iOS/etc.)




  • Solid experience using a scripting language such as python, ruby, etc.




  • Solid understanding of web/mobile security fundamentals




  • Solid understanding of Linux architecture and security




  • Solid understanding of AWS design and cloud security




Preferred Experience:




  • Bachelor's degree in Computer Science, Information Systems, or related field and/or 3+ years of equivalent work experience required




  • Knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses




  • Professional certifications such as: OSCP, OSCE, GPEN or other relevant industry certification strongly preferred




  • Actively or previously participated security CTF competitions




  • Actively or previously participated in Bug Bounty programs such as Hackerone or Bugcrowd




  • Have given talks at a major or minor security conference






Back to top