Information Security EngineerWorkstream • Vancouver, Metro Vancouver Regional District, CA

Information Security Engineer

Workstream • Vancouver, Metro Vancouver Regional District, CA

27 days ago

Job type

Full-time

Job description

Workstream is a mission-driven company building the all-in-one HR, payroll, and hiring platform for managing the hourly workforce. There are 2.7 billion hourly workers, making up 80% of the global workforce, but this market has been heavily underserved by technology and deserves better. Workstream has been purpose-built for the hourly workforce from day one so that these businesses and their employees can thrive.

Our customers include leading brands from multiple sectors, including Burger King, Carl's Jr. / Hardee's, IHOP, KFC, and Culvers. We are a high growth series B company and quickly expanding our product portfolio to deliver on our vision. We are backed by legendary VCs and industry experts like Founders Fund, BOND, and Coatue.

Grow With Us

We are seeking a Security Engineer who is, at heart, a builder. In this role, you won't just be running scans or writing policies; you will be writing code, fixing vulnerabilities, and architecting secure infrastructure alongside our engineering teams.

You will act as the primary "Blue Team" lead, defending Workstream against threats while collaborating with external Red Team communities to stay sharp. Your scope is holistic : you will cover Application Security, Infrastructure Security, and Corporate Security , ensuring that security is baked into our DNA, not bolted on at the end.

This is a full-time, office-based role requiring presence 5 days a week to foster close collaboration with cross-functional teams — Monday, Tuesday, and Friday at the Menlo office, and Wednesday and Thursday at the San Francisco office.

Day in the Life

Application Security (AppSec)

Embed yourself in the software development lifecycle (SDLC). Perform code reviews and architectural analysis for new features in Node.js and Ruby on Rails .
Work side-by-side with software engineers to locate, triage, and fix security vulnerabilities (e.g., XSS, SQLi, IDOR) directly in the codebase.

Build and maintain automated security tooling (SAST / DAST) in our CI / CD pipelines.

Secure AI / ML integrations and APIs, including protection against prompt injection, model poisoning, and data exfiltration through AI interfaces

Review and secure implementations of large language models (LLMs) and other AI services used in the platform

Design and implement secure networking, IAM policies, and container security (Kubernetes / Docker).

Monitor system logs and alerts to detect and respond to anomalies in real-time.

Act as the internal Blue Team lead. Collaborate with external Red Teams and bug bounty researchers to understand the latest attack vectors.

Translate Red Team findings into concrete engineering tasks and defensive measures.

Lead incident response simulations (Tabletops) and actual response efforts during security events.

Corporate Security

Oversee internal company security posture, including endpoint protection, identity management (Okta / SSO), and zero-trust networking access.

Conduct security training for employees to foster a culture of security awareness.

Design security architecture supporting multi-state and multi-jurisdiction data residency requirements.

Collaborate with legal and other teams on data breach notification procedures and requirements across multiple jurisdictions.

Maintain security documentation for SOC 2 Type II audits and other compliance frameworks.

Who You Are

Technical Qualifications

Engineering Background : You have a strong background in software engineering. You are comfortable reading and writing production-level code, specifically in Node.js and Ruby on Rails .

Holistic Security Experience : 3+ years of experience covering the "Security Trinity" : Software Security, Infrastructure Security, and Corporate / IT Security . Experience in SaaS, fintech, or HR technology environments strongly preferred.

Vulnerability Remediation : Proven track record of not just finding bugs, but working with engineers to solve them. You understand how to implement fixes without breaking functionality.

Cloud Native : Deep experience securing modern cloud environments (AWS preferred) and containerized applications.

HR / Payroll Security Understanding : Familiarity with security challenges specific to HR and payroll systems, including protection of sensitive employee data (PII, SSN, wage information), multi-tenant architecture security, and regulatory compliance requirements for employment data.

AI / ML Security : Understanding of AI security principles including model security, training data protection, prompt injection vulnerabilities, AI-powered threat detection, and emerging AI-specific attack vectors. Familiarity with AI governance frameworks and responsible AI practices.

Red Team Aware, Blue Team Focused : You actively follow Red Team communities (CTFs, DefCon, Bug Bounties) to understand the attacker mindset, but your passion lies in building the defense (Blue Team) to stop them.

Empathy for Engineers : You understand that "perfect security" shouldn't destroy developer velocity. You focus on guardrails, not gates.

Communication : Ability to explain complex security risks to non-technical stakeholders and provide clear technical guidance to developers.

Bonus Points

Active participation in Bug Bounty programs or CTF competitions.

Experience with compliance frameworks (SOC 2, ISO 27001, HIPAA).

Certifications such as OSCP (Offensive Security Certified Professional) or CISSP.

Experience securing Open APIs.

Experience with multi-tenant SaaS security architecture.

Background in fintech, HR technology, or payroll systems security.

Familiarity with state-specific data residency and privacy requirements.

Knowledge of AI security frameworks.

Understanding of AI bias, fairness, and discrimination issues in employment contexts.

What We Offer

A mission-driven and value-based company dedicated to empower deskless workers and local businesses.

An early employee opportunity at a Series B hyper-growth startup; work with the founding team and industry veterans to accelerate your career.

Competitive salary and equity.

Comprehensive health coverage : medical, dental, and vision. We pay 95% of your premiums for our employees and 85% for dependents.

In office amenities and stocked kitchen.

401K Plan.

Learning / development stipend.

Flexible PTO.

Salary Range

In compliance with the British Columbia Pay Transparency Act, the base salary range for this role is between $150,000 - $180,000 in San Francisco. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

Workstream provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

We are committed to the full inclusion of all qualified individuals.

#J-18808-Ljbffr

Create a job alert for this search

Information Security Engineer • Vancouver, Metro Vancouver Regional District, CA

Similar jobs

Research Associate

Impact Recruitment • Greater Vancouver Metropolitan Area, Canada

Full-time

Impact Recruitment has the pleasure of working once again with this national, full-service law firm located in downtown Vancouver. With a strong history of representing clients in innumerable comple...Show more

Last updated: 1 day ago • Promoted

Security Engineer (ID#5228)

freelance.ca • Richmond, Canada

Full-time

The company, a national IT consulting company, is seeking a Security Engineer to join a DevSecOps team focused on security in SDLC. This will involve secure design review, threat modelling, secure c...Show more

Last updated: 16 hours ago • Promoted • New!

Engineering Technologist

Advanced Cyclotron Systems Inc. • Greater Vancouver Metropolitan Area, Canada

Full-time

Why Join Advanced Cyclotron Systems, Inc.Advanced Cyclotron Systems, Inc.ACSI) is a world leader in the design and manufacturing of high output cyclotrons for the international nuclear medicine com...Show more

Last updated: 1 day ago • Promoted

Senior Site Reliability Engineer

Relay • Vancouver, BC, Canada

Full-time

Relay is a digital banking platform that gives self-made business owners the tools and know-how to be great with money—bringing clarity, confidence, and control to every dollar earned, so the...Show more

Last updated: 3 hours ago • Promoted • New!

SEO|PR Specialist

Trolley • Vancouver, BC, Canada

Full-time

Note : We are not considering applications from agencies or recruiters at this time.Only individual candidates will be reviewed. You'll play a critical role in boosting the online presence of our...Show more

Last updated: 30+ days ago • Promoted

Restaurant Manager

Wendy's Canada • Squamish, BC, Canada

Full-time

We're looking for outgoing and energetic Restaurant Managers!.General Manager in managing the operations and staff of a Wendy's restaurant, including the execution of all Company policies, ...Show more

Last updated: 30+ days ago • Promoted

Technical Project Manager

Bridgemans Services • Garibaldi Highlands, BC, Canada

Full-time

Primary Location : On MV Isabelle X / Saga-Company Vessels alongside Squamish, BC.Company Operating Name : Bridgemans Crew Management Ltd. Business Address : 2512 Yukon St, Vancouver, BC V5Y 0H2.Terms o...Show more

Last updated: 30+ days ago • Promoted

Art Director

DotYeti Design • Vancouver, BC, Canada

Full-time

You'll work closely with our design, sales, and marketing teams to deliver compelling, impactful designs that elevate the brand experience. Define and lead the visual direction of projects, ensu...Show more

Last updated: 27 days ago • Promoted

Camp Security - Squamish

Paladin Security • Squamish, British Columbia, Canada

Full-time

Our Security Officers at this large camp in the Squamish area are responsible for detecting and deterring activities that could result in harm to, or loss of, project personnel, assets, equipment, ...Show more

Last updated: 1 day ago • Promoted

DevOps Engineer

Targeted Talent • Vancouver, BC, Canada

Permanent

We are looking for an experienced.Toronto! Our client is a large technology firm with a product that you've likely used.You have hands-on experience with enterprise-grade infrastructures, opera...Show more

Last updated: 30+ days ago • Promoted

General Application

Carbon Engineering Ltd. • Squamish, BC, Canada

Full-time

Leading the commercialization of ground-breaking technology that captures CO₂ directly from air is challenging and exhilarating. As a member of the CE team, you’ll be surrounded by smar...Show more

Last updated: 30+ days ago • Promoted

Data Science Instructor

CICCC - Cornerstone International Community College of Canada- • Vancouver, BC, Canada

Full-time

This position is classified as an Independent Contractor.Data Science Instructor is not an employee of the institution and will operate independently while meeting agreed-upon performance standards...Show more

Last updated: 3 hours ago • Promoted • New!

Design Research Assistant Systems Change

Kwantlen Polytechnic University • Richmond, British Columbia, Canada

Full-time

This role reports to the Principal Investigator (PI).In this role, the assistant will work with Dr.Victor Martinez (PI) in the newly formed research group FutureXplorations, with the objective of h...Show more

Last updated: 1 day ago • Promoted

Hospitality Security

Joseph Richard Group • Surrey, British Columbia, Canada

Full-time

We are currently hiring for the role of.Hospitality Security at the Henry Public House in Cloverdale!.This role involves ensuring the safety and security of all guests, employees, and property whil...Show more

Last updated: 30+ days ago • Promoted

Security and Mobilization Admin / Coordinator (badging and mobilization)

McDermott International, Ltd • Squamish, BC, Canada

Full-time

Our ingenuity fuels daily life.Together, we’ve forged some of the most trusted partnerships across the energy value chain to make what was once just an idea a reality : laying subsea infrastructure ...Show more

Last updated: 2 hours ago • Promoted • New!

Cargo K9 Security Detection Handler - Vancouver, BC

Securiguard • Richmond, BC, Canada

Full-time

Securiguard is Canada's leading private security company.We specialize in K9 Security, offering government-certified teams in Protection, Explosives, and Narcotics Detection.Our teams work alon...Show more

Last updated: 3 hours ago • Promoted • New!

FO-MA 24R - Senior Compliance Auditor

BC Liquor Distribution Branch • Burnaby, British Columbia, Canada

Permanent

The BC Liquor Distribution Branch (LDB) is one of two branches of government that provide oversight for the beverage alcohol and non-medical cannabis industries in the province.The LDB is responsib...Show more

Last updated: 6 days ago • Promoted

Ramp Agent (Part Time)

Equest • Richmond, British Columbia, Canada

Part-time +1

Pacific Coastal Airlines is looking for a.South Terminal building at the Vancouver International Airport in Richmond.We are seeking a candidate who is looking to enjoy a family-oriented, dynamic, a...Show more

Last updated: 11 hours ago • Promoted • New!