Upwork ($UPWK) is the world’s work marketplace. We serve everyone from one-person startups to over 30% of the Fortune 100 with a powerful, trust-driven platform that enables companies and talent to work together in new ways that unlock their potential.
Last year, more than $3.3 billion of work was done through Upwork by skilled professionals who are gaining more control by finding work they are passionate about and innovating their careers.
This is an engagement through Upwork’s Hybrid Workforce Solutions (HWS) Team. Our Hybrid Workforce Solutions Team is a global group of professionals that support Upwork’s business. Our HWS team members are located all over the world.
- Design and develop Upwork Application Security Health Platform to monitor for and encourage security and engineering best-practice across the organization.
- Create an analytics and reporting system with input tools such as Sonarqube, Veracode, Qualys, and Bitbucket to track security gaps, and report on overall application security scores using intuitive dashboards.
- Review and define requirements for information security solutions around applications security, QA Security Testing, Penetration Testing, and software vulnerability management programs.
- Integrate static, dynamic and software composition application security scanning and analysis into CI/CD pipeline (learning opportunity and as time allows)
- Partner with QA to identify security testing requirements and opportunities to improve security testing use cases and coverage (learning opportunity and as time allows)
- Evaluate and recommend solutions for applications security (learning opportunity and as time allows)
Must Haves (Required Skills):
- Design, build, and maintain efficient, reusable, and reliable Ruby code
- Experience working with Information Security team, creating solutions for application and/or infrastructure security reporting and assessments
- Experience working with QA Teams building and automating security testing is a plus
- Experience working with information security teams supporting cybersecurity organizational goals and secure delivery of products is a plus
- Experience working with industry-leading application security scanners and analysis tools. Experience with Sonarqube, Veracode, Netsparker, Snyk or similar tools is preferred
- Experience working with ticketing and tracking tools such as Jira
Upwork is proudly committed to fostering a diverse and inclusive workforce. We never discriminate based on race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.