Senior Security Engineer

About Workato

Workato transforms technology complexity into business opportunity. As the leader in enterprise orchestration, Workato helps businesses globally streamline operations by connecting data, processes, applications, and experiences. Its AI-powered platform enables teams to navigate complex workflows in real-time, driving efficiency and agility.

Trusted by a community of 400,000 global customers, Workato empowers organizations of every size to unlock new value and lead in today's fast-changing world. Learn how Workato helps businesses of all sizes achieve more at workato.com.
Why join us?

Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles. We are driven by innovation and looking for team players who want to actively build our company.

But, we also believe in balancing productivity with self-care. That's why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives.

If this sounds right up your alley, please submit an application. We look forward to getting to know you!

Also, feel free to check out why:

• Business Insider named us an "enterprise startup to bet your career on"
• Forbes' Cloud 100 recognized us as one of the top 100 private cloud companies in the world
• Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America
• Quartz ranked us the #1 best company for remote workers

Responsibilities

We are seeking a highly skilled Senior Security Engineer to join our Product Security team in Barcelona, Spain. This role will focus on designing, implementing, and managing security solutions for our cloud-native platform on AWS. You will play a pivotal role in safeguarding our systems, ensuring compliance, and advancing our security posture.

• Cloud Infrastructure Security: Design, implement, and manage security controls for AWS infrastructure.
• Vulnerability Management: Perform vulnerability assessments and drive remediation efforts across cloud environments.
• Automation & Monitoring: Automate security monitoring and incident response processes using industry best practices and tools.
• Security Projects Leadership: Lead key initiatives and projects such as CNAPP selection and implementation, advanced threat detection, and custom security control development.
• Penetration Testing: Conduct and analyze penetration testing exercises to identify and mitigate potential risks.
• Compliance Support: Collaborate with compliance teams to ensure adherence to security standards like SOC 2 and ISO 27001.
• Risk Assessments: Conduct technical risk assessments for critical infrastructure components.
• Cross-Functional Collaboration: Work closely with DevOps, Infrastructure, and Application teams to embed security into the development lifecycle.
• Incident Response: Lead investigations into advanced persistent threats (APTs) and other sophisticated security incidents.

If you're looking for a real challenge in terms of mission criticality, multi-geographic region deployments, diversity of managed services, and the chance to be a part of an impactful team working with cutting edge cloud technologies and more, then this might be the position for you!
Requirements
Qualifications / Experience / Technical Skills

• Education: Bachelor's degree in a related technical field. A Master's degree is advantageous.
• Certifications:
• Essential: AWS Security Specialty, GIAC (e.g., GSEC)
• Preferred: CISSP, OSCP, GPEN, GCIH
• Years of Experience: 5-8 years in cybersecurity with a focus on cloud infrastructure security.
• Deep expertise in AWS security services (e.g., EKS, IAM, KMS, GuardDuty, Config, Amazon Linux).
• Proficient in scripting and automation (e.g., Python, Bash).
• Hands-on experience with security tools like SIEM, IDS/IPS, and vulnerability scanners.
• Advanced knowledge of penetration testing tools and methodologies (e.g., Metasploit, Burp Suite).
• Expertise in network security, encryption standards, and IAM technologies.
• Familiarity with compliance frameworks (e.g., SOC 2, ISO 27001).
• Experience with security automation in DevSecOps environments.

Soft Skills / Personal Characteristics

• Strong documentation and communication skills.