Security Engineer, AppSec

About Workato
Workato transforms technology complexity into business opportunity. As the leader in enterprise orchestration, Workato helps businesses globally streamline operations by connecting data, processes, applications, and experiences. Its AI-powered platform enables teams to navigate complex workflows in real-time, driving efficiency and agility.

Trusted by a community of 400,000 global customers, Workato empowers organizations of every size to unlock new value and lead in today's fast-changing world. Learn how Workato helps businesses of all sizes achieve more at

Why join us?
Ultimately, Workato believes in fostering a
flexible, trust-oriented culture that empowers everyone to take full ownership of their roles
. We are driven by
innovation
and looking for
team players
who want to actively build our company.

But, we also believe in
balancing productivity with self-care
. That's why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives.

If this sounds right up your alley, please submit an application. We look forward to getting to know you

Also, Feel Free To Check Out Why

• Business Insider named us an "enterprise startup to bet your career on"
• Forbes' Cloud 100 recognized us as one of the top 100 private cloud companies in the world
• Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America
• Quartz ranked us the #1 best company for remote workers

Responsibilities
Join our Product Security team in Barcelona as a
Security Engineer - Embedded
AppSec
and help secure the future of AI automation. In this role, you will be
deeply integrated with our development teams
, embedding security throughout the software development lifecycle (SDLC), and ensuring security is built-in while playing a key role in our Agentic AI Transformation.

You will work closely with developers, architects, and product managers to perform early threat modeling, offer actionable security guidance, and reduce risk before it ships. If you're passionate about shifting security left, enabling engineering teams, and influencing product design, this is the role for you.

You will play a pivotal role in safeguarding our systems, ensuring compliance, and advancing our security posture. Key responsibilities include:

• Secure SDLC Integration: Embed with engineering teams to ensure security is part of every phase of the development lifecycle, from design to deployment.
• Threat Modeling & Design Reviews: Conduct early-stage threat modeling and participate in architectural and design reviews to identify and mitigate risks proactively.
• Security Enablement: Act as a security champion within product teams by providing training, building security knowledge, and driving adoption of secure coding practices.
• Code & Pipeline Reviews: Perform code reviews with a security lens and provide guidance on CI/CD pipeline security.
• Vulnerability Discovery & Triage: Identify and prioritize vulnerabilities using static/dynamic analysis and manual review, and work with developers on remediation strategies.
• Security Tooling & Automation: Collaborate with the broader ProdSec and DevOps teams to improve tooling and automate security feedback loops.
• Cross-Functional Collaboration: Partner with Product, SecOps, and Platform teams to align security with product goals and agile workflows.
• Security Advocacy: Help scale security awareness through documentation, workshops, and informal coaching embedded in daily engineering practice.
• Security Automation: Design and implement automated security tools and processes to improve detection, response, and compliance efficiency

This role offers the opportunity to secure mission-critical systems deployed globally while working with cutting-edge AI and cloud technologies. If you're looking to make a significant impact on enterprise security, this could be perfect for you.

Requirements
Qualifications / Experience / Technical Skills

• Bachelor's degree in Computer Science, Cybersecurity, or related technical field
• 4+ years in cybersecurity or software engineering, with at least 2 years focused on application or product security
• Strong understanding of software development processes and ability to speak the language of engineers
• Proficiency in one or more programming AND scripting languages (e.g., Ruby, Java, Python, JavaScript, Bash)
• Hands-on experience with vulnerability scanners and security testing tools
• Strong knowledge of threat modeling and security architecture reviews
• AI/ML security experience including risk assessment and prevention guidelines

Soft Skills / Personal Characteristics

• Master's degree in a relevant field
• Prior experience as an application or product security engineer in a SaaS or cloud-native environment
• Advanced certifications (CISSP, OSCP, GPEN, GCIH, GIAC)
• Experience with DevSecOps and security automation
• Network security and encryption standards expertise
• Incident management and response experience
• AWS Security Specialty certification or equivalent cloud security certification
• Expertise in AWS security services (EKS, IAM, KMS, GuardDuty, CloudTrail)

Job Req ID: 2316