WeWork is an organization committed towards helping people around the world make a life, and not just a living. We accomplish this through the thoughtful design of our spaces and technology.
To accomplish this goal, you will work closely with our engineering teams and the larger Information Security team to ensure security is part of WeWork technology design and development workflows. Penetration testing, code reviews, security architecture reviews, and mentorship of security engineers will be some of the tools you can wield to accomplish this. Additionally, you will assist with research and development of projects that we could implement in house to push the state of the art of application security that will be built into our products.
We build and maintain a wide range of technology to support this mission. Our technology product catalog ranges from the typical monolithic web applications to an expansive IoT sensor network streaming signals into data pipelines to help optimize the way we use space. The secure design and development of these products are a paramount concern for the WeWork Product Security team.
We are looking for people passionate about information security, experience working to secure consumer web technologies, deploying safe-by-default developer platforms, excited about working with technology that exists in the real world (IoT™), and (most importantly) helping WeWork employees feel safe while we are all focusing on building a place where people make a life and not just a living.
- Perform application security software reviews spanning a wide range of digital technologies (web, mobile, embedded)
- Perform cloud software security architecture and platform reviews to ensure we are building in safe-by-default feature-sets into our next generation developer platforms and SDKs
- Perform penetration tests, code reviews, and configuration reviews of WeWork applications and infrastructure
- Champion secure development practices to software and infrastructure engineers
- Work with the larger security team to manage third-party audits and application penetration tests
- Advancing your personal knowledge of information security to stay on the bleeding edge
- Mentor all junior security engineers within the Information Security team to ensure high quality delivery for our customers
You should have
- Knowledge of modern development and deployment processes used by consumer technology organizations
- Solid understanding of web, mobile, and embedded systems software development
- Solid understanding of modern developer platform and CI/CD practices
- Solid experience with web, mobile, and embedded systems application pentesting
- Experience reviewing source code (Rails/Java/ObjC/PHP/NodeJS/JS/etc)
- Experience reviewing cloud provider configs and deployment
- Solid experience using a scripting language such as Python, Ruby, etc.
- Solid understanding of Linux architecture and security
- Bachelor’s degree in Computer Science, Computer Engineering, Information Systems, or related field and/or 5+ years of equivalent work experience required
- Actively or previously participated in security CTF competitions
- Actively or previously participated in Bug Bounty programs
- Has given talks at a major or minor security conference or meetup
We are an equal opportunity employer and value diversity in our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.