WeWork is the platform for creators, providing hundreds of thousands of members around the world with space, community, and services that enable them to do what they love and create their life's work. Our mission is to create a world where people work to make a life, not just a living, and our own team members are central to that goal.
About the Role:
As part of our Product Security Engineering team, you will be responsible for securing WeWork applications and infrastructure. You will work closely with the engineering teams to ensure security is part of the SDLC. Penetration testing, code review, and threat modeling, will be some of the duties you will be responsible for. Additionally, you will assist with research and development projects that further push the boundaries of the state of information security.
Perform penetration tests and code reviews of WeWork applications (Web/Mobile)
Teach secure development practices to software engineers
Work with Application Teams to threat model their projects in all aspects of the SDLC
Make recommendations to help improve WeWork application security posture
Validate and triage vulnerabilities submitted by researchers from our bug bounty program
Keep security documentation and policies up to date
Work with the Security Director to manage third-party audits and compliance reviews
Assist with automation development of security processes
Manage all 3rd party security vulnerability scans and triaging of found risks
Help automate enforcement of PCI and ISO 27001 requirements in our environments
Advancing your personal knowledge of information security to stay bleeding edge
Strong troubleshooting skills
Solid experience with web/mobile application pentesting