WorkWave is a field service management software that provides SaaS solutions for businesses in the service industry (HVAC, Plumbing & Electrical, Cleaning, Lawn & Landscape, Home Delivery, Logistics & Distribution). We empower these businesses to deliver exceptional customer experiences and grow their customer base on our efficient and easy-to-use platform.
WorkWave Team is looking for innovative Application Security Engineers who want to be part of a team of creative and talented individuals. Our teams are a mix of technologists, product managers, development engineers, and UI/UX designers, all working together to deliver our vision. You will be a part of our WorkWave team, helping to develop & support the WorkWave products
The ideal candidate should have expertise in compliance and security standards such as PCI DSS, SOC, ISO, and Privacy Shield / Data Privacy Framework. Key responsibilities include ensuring the security of desktop, web, and mobile applications through vulnerability assessments, penetration testing, security scans, and architecture design reviews.
Responsibilities
- Ensure application security measures comply with industry standards (e.g., PCI DSS, SOC 2, ISO 27001). Maintain security policies and support compliance audits.
- Conduct regular vulnerability assessments and manage remediation. Implement and maintain vulnerability management tools.
- Perform penetration testing on desktop, web, and mobile applications. Document the findings and collaborate with development teams to implement fixes.
- Conduct regular security scans and audits using SAST, DAST, SCA, and IAST tools.
- Review application architecture for security best practices, Provide secure coding guidance and participate in release readiness reviews.
- Ensure data security through encryption and access controls. Implement data protection strategies and follow “Privacy by design” principles.
- Perform network vulnerability assessments and firewall audits, and address potential security weaknesses.
- Collaborate with cross-functional teams to integrate security into the SDLC.
- Provide security training and assist in developing incident response plans.
- Bachelor’s degree in computer science, Information Security, or related field. Relevant certifications such as CEH, CHFI, Security+, CSSLP would be an added advantage.
- 4+ years of experience in application security, focusing on desktop, web, and mobile applications.
- Proven experience with compliance standards and frameworks (PCI DSS, SOC 2, ISO 27001, Privacy Shield).
- Hands-on experience with vulnerability assessment tools and techniques (Qualys, Blackduck, Polaris, BurpSuite, Nmap, Firewalls, WAF, IDS, IPS, Kali Linux).
- Strong background in penetration testing and security audits.
- Familiarity with SAST, DAST, SCA, and IAST tools.
- In-depth knowledge of application security principles, cryptography, authentication, and authorization.
- Experience with secure coding practices and application architecture design review.
- Ability to work independently and as part of a team.
- Strong analytical and problem-solving skills, with excellent communication and interpersonal abilities.
We believe that coming together as a community, in person, is important for innovation, connection and fostering a sense of belonging. Our roles have the right balance of remote and in-office working to enable flexibility for managing your life along with ensuring a real connection with your colleagues and the broader IFS community.
