Security Engineer

About Workato

Workato transforms technology complexity into business opportunity. As the leader in enterprise orchestration, Workato helps businesses globally streamline operations by connecting data, processes, applications, and experiences. Its AI-powered platform enables teams to navigate complex workflows in real-time, driving efficiency and agility.

Trusted by a community of 400,000 global customers, Workato empowers organizations of every size to unlock new value and lead in today's fast-changing world. Learn how Workato helps businesses of all sizes achieve more at workato.com.

Why join us?

Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles. We are driven by innovation and looking for team players who want to actively build our company.

• Business Insider named us an "enterprise startup to bet your career on"
• Forbes' Cloud 100 recognized us as one of the top 100 private cloud companies in the world
• Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America
• Quartz ranked us the #1 best company for remote workers

• Secure SDLC Integration: Embed with engineering teams to ensure security is part of every phase of the development lifecycle, from design to deployment.
• Threat Modeling & Design Reviews: Conduct early-stage threat modeling and participate in architectural and design reviews to identify and mitigate risks proactively.
• Security Enablement: Act as a security champion within product teams by providing training, building security knowledge, and driving adoption of secure coding practices.
• Code & Pipeline Reviews: Perform code reviews with a security lens and provide guidance on CI/CD pipeline security.
• Vulnerability Discovery & Triage: Identify and prioritize vulnerabilities using static/dynamic analysis and manual review, and work with developers on remediation strategies.
• Security Tooling & Automation: Collaborate with the broader ProdSec and DevOps teams to improve tooling and automate security feedback loops.
• Cross-Functional Collaboration: Partner with Product, SecOps, and Platform teams to align security with product goals and agile workflows.
• Security Advocacy: Help scale security awareness through documentation, workshops, and informal coaching embedded in daily engineering practice.
• Security Automation: Design and implement automated security tools and processes to improve detection, response, and compliance efficiency

• Bachelor's degree in Computer Science, Cybersecurity, or related technical field
• 4+ years in cybersecurity or software engineering, with at least 2 years focused on application or product security
• Strong understanding of software development processes and ability to speak the language of engineers
• Proficiency in one or more programming AND scripting languages (e.g., Ruby, Java, Python, JavaScript, Bash)
• Hands-on experience with vulnerability scanners and security testing tools
• Strong knowledge of threat modeling and security architecture reviews
• AI/ML security experience including risk assessment and prevention guidelines

• Master's degree in a relevant field
• Prior experience as an application or product security engineer in a SaaS or cloud-native environment
• Advanced certifications (CISSP, OSCP, GPEN, GCIH, GIAC)
• Experience with DevSecOps and security automation
• Network security and encryption standards expertise
• Incident management and response experience
• AWS Security Specialty certification or equivalent cloud security certification
• Expertise in AWS security services (EKS, IAM, KMS, GuardDuty, CloudTrail)