workstream

Information Security Engineer

Preview — apply on company site for full detailsApply Now

At a Glance

Location: United States
Compensation: ange for this role is between $130,000 - $160,000 in Utah. This range is not in
Posted: 2026-02-09T19:44:43-05:00

Key Requirements

Required Skills

Node.jsRuby

Domain Knowledge

Engineering
Regulatory
SaaS

Benefits & Perks

Health Insurance

quity Comprehensive health coverage (95% employee / 85% dependents) 401(k),

Requirements

Strong software engineering background with the ability to read and write production-level code.

Hands-on experience securing real systems, not just writing policies or reports.

Comfortable auditing Node.js and Ruby on Rails codebases.

Experience working in SaaS environments with enterprise customers and sensitive data.

A pragmatic, collaborative mindset: you believe security should enable innovation, not block it.

Able to communicate risk clearly to engineers and non-technical stakeholders.

Compensation & Benefits

A mission-driven company building software that impacts millions of hourly workers

An opportunity to shape security from the ground up at a growing Series B company

Competitive salary and equity

Comprehensive health coverage (95% employee / 85% dependents)

401(k), pre-tax commuter benefits, and flexible PTO

Learning and development stipend

Responsibilities

Application & Product Security (Primary Focus)

Work side-by-side with software engineers to locate, triage, and fix security issues directly in the codebase, including authorization flaws, multi-tenant isolation bugs, sensitive data exposure, and business logic vulnerabilities.

Review and provide security input on designs, APIs, and changes involving authentication, authorization, and sensitive employee data.

Threat-model critical (“Tier-1”) APIs and workflows and help teams design safer defaults.

Build practical guardrails and reference implementations that can be reused across teams.

Security Program & Blue Team Ownership

About the Company

This role is not about writing policies or running tools in isolation. You will work directly with our product and platform engineers to identify risks, fix vulnerabilities, and build secure-by-default patterns that allow teams to move fast without compromising safety.

This is a full-time, hybrid role requiring presence three days per week in our San Francisco or Menlo Park office.

https://www.workstream.us/blog/funding-series-b

https://techcrunch.com/2021/08/26/workstreams-text-based-recruitment-tool-gets-a-48m-bet-from-bond-and-beyond/

https://techbuzz.news/buzzworthy-august-27-2021/