Workrise delivers tailored workforce and vendor management solutions backed by the most qualified people in the energy industry. We do this reliably at scale, so customers can confidently execute on the projects in front of them, and focus their time and energy on the goals that drive their business forward.

We are hiring a Staff Software Security Engineer to help us build out security solutions across our detection & response engineering, identity, security architecture, and application & cloud security. You are as much a builder as you are a leader. You can build on your previous experiences as being a domain expert and help craft a technical strategy that fits the needs of the business. You love mentoring and sharing your knowledge from other engineers and team mates just as much as you enjoy learning from them.


What you'll be doing:

  • Collaborate: Technical leadership with a small team of 3-4 software security engineers to create well-designed, fit-for purposes, maintainable solutions. You will bring a spirit of collaboration and willingness to work with multiple departments and stakeholders. You should have the mindset that security is a continuous and collaborative process and want to simplify security (paved roads) for your customers
  • Build: We are a team of builders and seek a balance between build vs buy, cost, and operational efficiency. You may be building out customer security tools, doing response automation, or helping engineering teams to build custom security solutions. You bring an eagerness to find fit-for-purpose solutions, build, deploy and operate
  • Security Data: Lots of data. Whether it’s in detection & response, engineering, DevSecOps, vulnerability management, or incident response, we are a highly evidence-driven culture that leverages data to help us fill in the gaps of our understanding. You will also contribute detection rules to our SIEM as well as set strategy for automating our detection & response pipelines
    Application Security - You will help secure the software development lifecycle. We provide a broad range of services to support our IT & engineering teams from secure design & architecture reviews, vulnerability management, Bug Bounty program management, 3rd party pen testing, dependency management, patching, and SAST scanning. You reach for Burp proxy like it’s second nature to inspect for potential vulnerabilities or to reproduce a bug bounty report
  • Application Security: You will work with leaders in Privacy & Trust, Software Engineering, Product, & Corporate Security to understand the business and build technical strategy and roadmaps that align with the business and operational strategy


Experience and Education Requirements:

  • Bachelor’s degree in Computer Science, Engineering or related field or equivalent experience
  • You must have hands-on coding experience building, deploying and operating solutions. This is a hands-on role building security solutions
  • Demonstrated technical leadership with ability to communicate to Junior/Senior engineers and fluidly as with the rest of the business. Ability to build solutions is an important ability to communicate and influence.
  • Depth in experience in one or more domains of Application Security, Cloud Security, or Detection & Response Engineering. While you may be working in multiple domains, we’re not expecting out-of-the-box unicorns here
  • Minimum of 7 years technical professional experience in a security or software engineering discipline as a development engineer
  • 3+ years experience building customer applications, tools, and/or data pipelines
  • 3+ years of experience in cloud security, architecture, and secure coding practices
  • 3+ years working in a cloud environment (AWS, GCP)
  • 3+ years working with container orchestration services (k8’s, Docker, service mesh)
  • Demonstrated experience within the security community on open source projects, bug bounty submissions, or similar contributions.
  • Deep knowledge of both loosely and strongly typed languages
  • Ability to work with engineering focused teams to promote safe development practices
  • Experience with CI/CD tools such as CircleCI, Jenkins, Github webhooks
  • Demonstrated experience  in at least one programming language such as Python, Go, JavaScript, or Rust
  • Experience with the OWASP Top 10  and common application exploits, and techniques
  • Experience with vulnerability management and scoring techniques like CVSS, EPSS
  • Experience with RBAC and IAM access control techniques
  • Exposure to security and compliance, and privacy frameworks such as GDPR, CCPA, ISO27001, NIST CSF

More than a job:

At Workrise you can feel good about supporting our mission to serve those who do the hard work. We recognize that making an impact matters to you and we believe in providing an environment that fosters your growth. We use data to drive our decisions and improve the experience of our workers and the clients we serve. With mutual respect for each other, we continually collaborate to find the best solution.

In appreciation for your contributions, we support you with:

  • Working alongside talented peers who will bring out the best in you
  • The opportunity to significantly impact the growth curve of an already high-growth business
  • Benefits for full-time employees, flexible paid time off, 401k with company matching, medical, dental and vision insurance

Workrise is committed to providing an environment where any and all people feel belonging, respected, and free to be their authentic selves. We welcome applicants of all gender identity and expression, sexual orientation, neurodiversity, educational background, religion, ethnicity, disability, age, veteran status, and citizenship. We’d love to learn what you can add to our team.

Who we are:

In 2014, we set out to create a better way to manage and deploy Oil & Gas workers at scale through technology. Over time, we’ve grown to add Renewables in service of the energy industry. 

We’re a Series E startup, backed by industry-leading investors Founders Fund, Bedrock Capital, Andreesen Horowitz, and Baillie Gifford. To date, we’ve placed over 26,000 skilled tradespeople with over 500 businesses and are poised to grow exponentially.

We’d love to share more through the interview process and look forward to learning more about your journey.


To all recruitment agencies: Workrise does not accept agency resumes. Please do not forward resumes to our jobs alias, Workrise employees or any other organization location. Workrise is not responsible for any fees related to unsolicited resumes.

Apply for this Job

* Required

resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Workrise’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.