Application Guide

How to Apply for Senior Product & Application Security Engineer

at Workiva

🏢 About Workiva

Workiva specializes in integrated ESG (Environmental, Social, and Governance) reporting, helping organizations transparently communicate their climate impact and compliance efforts. This focus on sustainability and regulatory technology makes them unique in the SaaS space. Working here means contributing to tools that drive corporate accountability and environmental transparency.

About This Role

As a Senior Product & Application Security Engineer at Workiva, you'll serve as a security partner to engineering and product teams, applying threat modeling and secure design practices to protect applications and cloud infrastructure. You'll own security assessments from discovery through resolution, influencing security strategy across the organization while working in a matrixed environment.

💡 A Day in the Life

A typical day might involve collaborating with product teams on threat modeling for new features, conducting secure code reviews for JavaScript/TypeScript applications, and leading security assessments of cloud infrastructure. You'll balance hands-on technical work with strategic discussions about security practices across engineering teams.

🚀 Application Tools

Generate Cover Letter

AI-powered, tailored for Workiva

Interview Prep

Practice questions for this role

🎯 Who Workiva Is Looking For

  • Has 3+ years of software development experience in Java, JavaScript/TypeScript, Python, or Go, with demonstrable expertise in at least one language
  • Possesses deep knowledge of security vulnerabilities, secure code review practices, and OWASP Top 10, with hands-on experience applying these in product environments
  • Can bridge security and development, having both broad security expertise and extensive software development background
  • Thrives in matrixed environments, able to influence teams without direct authority and lead security initiatives collaboratively

📝 Tips for Applying to Workiva

1

Highlight specific experience with secure code review in Java, JavaScript/TypeScript, Python, or Go - mention the languages you've used and projects where you applied security principles

2

Demonstrate how you've served as a security partner to engineering teams in past roles, not just as an auditor but as a collaborative advisor

3

Showcase experience with threat modeling in cloud environments, particularly as it relates to SaaS applications

4

Connect your experience to ESG or compliance-focused products if possible, showing understanding of Workiva's regulatory technology domain

5

Provide concrete examples of owning security assessments from discovery through resolution, including how you've driven remediation efforts

✉️ What to Emphasize in Your Cover Letter

["Your experience bridging security and development, specifically how you've partnered with engineering teams to implement security practices", "Examples of threat modeling and secure design practices you've applied to protect applications and cloud infrastructure", "How you've influenced security strategy in matrixed environments without direct authority", "Any experience with compliance-focused or regulated products that aligns with Workiva's ESG reporting focus"]

Generate Cover Letter →

🔍 Research Before Applying

To stand out, make sure you've researched:

  • Workiva's ESG reporting platform and how it helps organizations with climate impact transparency
  • The specific compliance frameworks Workiva likely deals with (SEC regulations, sustainability standards)
  • Workiva's technology stack and cloud infrastructure approach (mentioned in job responsibilities)
  • Recent security initiatives or announcements from Workiva's engineering or security teams

💬 Prepare for These Interview Topics

Based on this role, you may be asked about:

1 Walk through a specific threat modeling exercise you conducted for a cloud-based application
2 How would you approach secure code review for a large JavaScript/TypeScript codebase?
3 Describe a time you had to influence engineering teams to adopt security practices they initially resisted
4 How do you balance security requirements with product development velocity in a SaaS environment?
5 What experience do you have with security in regulated or compliance-focused domains similar to ESG reporting?
Practice Interview Questions →

⚠️ Common Mistakes to Avoid

  • Focusing only on security auditing without demonstrating collaborative partnership with engineering teams
  • Listing security certifications without showing hands-on software development experience in the required languages
  • Presenting as purely a security specialist without the software development background this role requires

📅 Application Timeline

This position is open until filled. However, we recommend applying as soon as possible as roles at mission-driven organizations tend to fill quickly.

Typical hiring timeline:

1

Application Review

1-2 weeks

2

Initial Screening

Phone call or written assessment

3

Interviews

1-2 rounds, usually virtual

Offer

Congratulations!

Ready to Apply?

Good luck with your application to Workiva!

← Back to Job Listing Apply Now →