Information Security EngineerWorkstream • Vancouver, Metro Vancouver Regional District, CA

Information Security Engineer

Workstream • Vancouver, Metro Vancouver Regional District, CA

Il y a 25 jours

Type de contrat

Temps plein

Description de poste

Workstream is a mission-driven company building the all-in-one HR, payroll, and hiring platform for managing the hourly workforce. There are 2.7 billion hourly workers, making up 80% of the global workforce, but this market has been heavily underserved by technology and deserves better. Workstream has been purpose-built for the hourly workforce from day one so that these businesses and their employees can thrive.

Our customers include leading brands from multiple sectors, including Burger King, Carl's Jr. / Hardee's, IHOP, KFC, and Culvers. We are a high growth series B company and quickly expanding our product portfolio to deliver on our vision. We are backed by legendary VCs and industry experts like Founders Fund, BOND, and Coatue.

Grow With Us

We are seeking a Security Engineer who is, at heart, a builder. In this role, you won't just be running scans or writing policies; you will be writing code, fixing vulnerabilities, and architecting secure infrastructure alongside our engineering teams.

You will act as the primary "Blue Team" lead, defending Workstream against threats while collaborating with external Red Team communities to stay sharp. Your scope is holistic : you will cover Application Security, Infrastructure Security, and Corporate Security , ensuring that security is baked into our DNA, not bolted on at the end.

This is a full-time, office-based role requiring presence 5 days a week to foster close collaboration with cross-functional teams — Monday, Tuesday, and Friday at the Menlo office, and Wednesday and Thursday at the San Francisco office.

Day in the Life

Application Security (AppSec)

Embed yourself in the software development lifecycle (SDLC). Perform code reviews and architectural analysis for new features in Node.js and Ruby on Rails .
Work side-by-side with software engineers to locate, triage, and fix security vulnerabilities (e.g., XSS, SQLi, IDOR) directly in the codebase.

Build and maintain automated security tooling (SAST / DAST) in our CI / CD pipelines.

Secure AI / ML integrations and APIs, including protection against prompt injection, model poisoning, and data exfiltration through AI interfaces

Review and secure implementations of large language models (LLMs) and other AI services used in the platform

Design and implement secure networking, IAM policies, and container security (Kubernetes / Docker).

Monitor system logs and alerts to detect and respond to anomalies in real-time.

Act as the internal Blue Team lead. Collaborate with external Red Teams and bug bounty researchers to understand the latest attack vectors.

Translate Red Team findings into concrete engineering tasks and defensive measures.

Lead incident response simulations (Tabletops) and actual response efforts during security events.

Corporate Security

Oversee internal company security posture, including endpoint protection, identity management (Okta / SSO), and zero-trust networking access.

Conduct security training for employees to foster a culture of security awareness.

Design security architecture supporting multi-state and multi-jurisdiction data residency requirements.

Collaborate with legal and other teams on data breach notification procedures and requirements across multiple jurisdictions.

Maintain security documentation for SOC 2 Type II audits and other compliance frameworks.

Who You Are

Technical Qualifications

Engineering Background : You have a strong background in software engineering. You are comfortable reading and writing production-level code, specifically in Node.js and Ruby on Rails .

Holistic Security Experience : 3+ years of experience covering the "Security Trinity" : Software Security, Infrastructure Security, and Corporate / IT Security . Experience in SaaS, fintech, or HR technology environments strongly preferred.

Vulnerability Remediation : Proven track record of not just finding bugs, but working with engineers to solve them. You understand how to implement fixes without breaking functionality.

Cloud Native : Deep experience securing modern cloud environments (AWS preferred) and containerized applications.

HR / Payroll Security Understanding : Familiarity with security challenges specific to HR and payroll systems, including protection of sensitive employee data (PII, SSN, wage information), multi-tenant architecture security, and regulatory compliance requirements for employment data.

AI / ML Security : Understanding of AI security principles including model security, training data protection, prompt injection vulnerabilities, AI-powered threat detection, and emerging AI-specific attack vectors. Familiarity with AI governance frameworks and responsible AI practices.

Red Team Aware, Blue Team Focused : You actively follow Red Team communities (CTFs, DefCon, Bug Bounties) to understand the attacker mindset, but your passion lies in building the defense (Blue Team) to stop them.

Empathy for Engineers : You understand that "perfect security" shouldn't destroy developer velocity. You focus on guardrails, not gates.

Communication : Ability to explain complex security risks to non-technical stakeholders and provide clear technical guidance to developers.

Bonus Points

Active participation in Bug Bounty programs or CTF competitions.

Experience with compliance frameworks (SOC 2, ISO 27001, HIPAA).

Certifications such as OSCP (Offensive Security Certified Professional) or CISSP.

Experience securing Open APIs.

Experience with multi-tenant SaaS security architecture.

Background in fintech, HR technology, or payroll systems security.

Familiarity with state-specific data residency and privacy requirements.

Knowledge of AI security frameworks.

Understanding of AI bias, fairness, and discrimination issues in employment contexts.

What We Offer

A mission-driven and value-based company dedicated to empower deskless workers and local businesses.

An early employee opportunity at a Series B hyper-growth startup; work with the founding team and industry veterans to accelerate your career.

Competitive salary and equity.

Comprehensive health coverage : medical, dental, and vision. We pay 95% of your premiums for our employees and 85% for dependents.

In office amenities and stocked kitchen.

401K Plan.

Learning / development stipend.

Flexible PTO.

Salary Range

In compliance with the British Columbia Pay Transparency Act, the base salary range for this role is between $150,000 - $180,000 in San Francisco. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

Workstream provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

We are committed to the full inclusion of all qualified individuals.

#J-18808-Ljbffr

Créer une alerte emploi pour cette recherche

Information Security Engineer • Vancouver, Metro Vancouver Regional District, CA

Offres similaires

Strategic Information Security Risk Analyst (Hybrid)

Vancity Group • Vancouver

Temps plein +1

A leading financial institution in Vancouver seeks an Information Security Risk Management Analyst.This permanent, full-time role involves enhancing risk management practices and addressing informa...Voir plus

Dernière mise à jour : il y a 6 jours • Offre sponsorisée

Technical Designer - Level Up.

Level Up. • delta, bc, ca

Temps plein

This role sits at the intersection of design and engineering and is ideal for someone who enjoys turning ideas into playable experiences quickly, while maintaining technical quality and scalability...Voir plus

Dernière mise à jour : il y a 3 jours • Offre sponsorisée

Information Security Engineer

Workstream • Vancouver

Temps plein

Workstream is a mission-driven company building the all-in-one HR, payroll, and hiring platform for managing the hourly workforce. Workstream has been purpose-built for the hourly workforce from day...Voir plus

Dernière mise à jour : il y a 6 jours • Offre sponsorisée

IT Systems & Network Engineer — Hybrid Cloud & Security

DMCL Chartered Professional Accountants • Vancouver

Temps plein

A leading accounting firm in Vancouver seeks a Systems Administrator to manage IT infrastructure and provide technical support. Candidates should have a Bachelor’s degree, five years of experience, ...Voir plus

Dernière mise à jour : il y a 6 jours • Offre sponsorisée

Data Analyst with Experience in Pharmaceutical - Sophus IT Solutions

Sophus IT Solutions • richmond, bc, ca

Temps plein

Data Analyst with Experience in Pharmaceutical or Life Sciences Manufacturing.The Data Analyst is responsible for collecting, categorizing, and submitting data generated by Vision AI monitoring sys...Voir plus

Dernière mise à jour : il y a 3 jours • Offre sponsorisée

Security Engineer - Data

Swim Recruiting • Vancouver, British Columbia, Canada

Temps plein

Security Engineer contact role working on a high-profile program with a local enterprise organization.Security Engineer contract role. Enterprise organization with a global footprint with hybrid wor...Voir plus

Dernière mise à jour : il y a 14 jours • Offre sponsorisée

Senior Information Security Manager, Health IT

Fraser Health • Vancouver

Temps plein

A regional health authority in Surrey, B.Full Time Manager, Information Security to enhance patient safety through effective information security programs. The role involves developing security poli...Voir plus

Dernière mise à jour : il y a 6 jours • Offre sponsorisée

Manager, ML Platform and Infrastructure

Equest • Vancouver, British Columbia, Canada

Temps plein

DarkVision is seeking a hands-on Engineering Manager to lead our ML Platform and Infrastructure team.You will be responsible for the strategic planning, architecture, and reliability of the compute...Voir plus

Dernière mise à jour : il y a 3 jours • Offre sponsorisée

Information Technology Private Tutoring Jobs Richmond

Superprof • Richmond, Canada

Temps plein +1

Superprof is Canada's #1 tutoring platform, and we're actively recruiting passionate tutors! Whether you're a student, a professional, or simply someone who loves teaching, join the largest communi...Voir plus

Dernière mise à jour : il y a plus de 30 jours • Offre sponsorisée

Senior Cloud Security Engineer — Secure by Design & Scale

Punt • Vancouver

Temps plein

A fast-growing technology company is seeking a Senior Security Engineer with over 5 years of experience in securing cloud-native applications. You will be responsible for enhancing the security post...Voir plus

Dernière mise à jour : il y a 2 jours • Offre sponsorisée

Presales Security Expert- Named Cloud

Fortinet • Vancouver

Temps plein

Join Fortinet, a cybersecurity pioneer with over two decades of excellence, as we continue to shape the future of cybersecurity and redefine the intersection of networking and security.At Fortinet,...Voir plus

Dernière mise à jour : il y a 6 jours • Offre sponsorisée

Manager of Internal IT Audit

Burke Recruiting Inc. • Richmond, British Columbia, Canada

Temps plein

Internal Audit | IT Risk, Cybersecurity & ERP Exposure.Up to 40% across Canada and the US.Our client is a large, complex organization with operations across North America and a growing Internal...Voir plus

Dernière mise à jour : il y a 12 jours • Offre sponsorisée

Tier I SOC Analyst - CyberClan

CyberClan • delta, bc, ca

Temps plein

Tier I SOC Analyst - Job Description.Established in 2006, CyberClan’s carefully selected team of experts are capable of solving complex cyber security challenges – keeping data secure and businesse...Voir plus

Dernière mise à jour : il y a 7 jours • Offre sponsorisée

Staff Cyber Security Engineer — Hybrid, Enterprise‑Scale Impact

lululemon • Vancouver

Temps plein

A leading performance apparel company in Vancouver is seeking a Staff Security Engineer to enhance their cybersecurity capabilities. This role involves leading complex cybersecurity initiatives, dev...Voir plus

Dernière mise à jour : il y a 6 jours • Offre sponsorisée

Information Security and Data Protection Partner

Paladin Technologies • Vancouver, BC, CA

Temps plein

Quick Apply

The Information Security and Data Protection Partner is a strategic advisor and trusted security champion embedded within the business. In this role you will guide teams across the organization in m...Voir plus

Dernière mise à jour : il y a 19 jours

Cyber Security Engineer - Vancouver

Yeah! Global • Vancouver

Temps plein

About the job Cyber Security Engineer - Vancouver.Note : This job does not offer any Visa sponsorship.We are looking for applicants already living in Canada. Our client is seeking a highly skilled an...Voir plus

Dernière mise à jour : il y a 6 jours • Offre sponsorisée

Security Engineer, AI Security

Electronic Arts (EA) • Vancouver

Temps plein

Electronic Arts creates next-level entertainment experiences that inspire players and fans around the world.Here, everyone is part of the story. Part of a community that connects across the globe.A ...Voir plus

Dernière mise à jour : il y a 6 jours • Offre sponsorisée

Intermediate QA Automation with c# (Security clearance) - delta

Confidential • delta, bc, ca

Temps plein

Design, develop, and execute manual and automated test suites for web, mobile, API, and backend components.Write comprehensive test cases, test scripts, test scenarios and acceptance criteria based...Voir plus

Dernière mise à jour : il y a 7 jours • Offre sponsorisée