Staff Security Engineer

Summary

Join Wrapbook as a Staff Security Engineer and contribute to a company focused on revolutionizing the project economy. This remote position, open to candidates in Canada, offers a chance to be a hands-on technical leader, ensuring robust security measures across applications, infrastructure, and architecture. You will define and execute elements of the security roadmap, work with engineering teams, assess risks, and strengthen security culture. The ideal candidate possesses at least 8 years of direct security experience, strong application development expertise, and the ability to lead cross-functional projects. Wrapbook provides a competitive salary, comprehensive benefits, and a collaborative work environment.

Requirements

• Have at least 8 years of direct security experience
• Possess broad security expertise and demonstrate knowledge of core concepts including confidentiality, availability, least privilege, integrity, RBAC, and OWASP top ten
• Possess deep application security knowledge, with the ability to evaluate feature design risks and integrate security tools into the application stack
• Understand cloud and infrastructure security, including cloud-native network architecture, and can recommend appropriate security controls across application, infrastructure, and network layers
• Have web application or software development experience, with the ability to read and write code (Ruby and Ruby on Rails preferred) and assess application stack security
• Be experienced in technical project management, breaking complex challenges into actionable phases while leading teams to achieve technical goals
• Be a motivated problem solver who brings critical thinking and curiosity to building secure, user-friendly products
• Thrive on virtual collaboration, building strong relationships with remote team members across the company
• Demonstrate technical leadership through empathy for customers and partners, active listening, and a commitment to helping others grow professionally

Responsibilities

• Leverage your technical expertise to define and execute elements of the security roadmap
• Work with engineering teams to triage flaws or implement features
• Assess risks and strengthen our security culture
• Plan and prioritize security projects and initiatives to grow the application security capability
• Assess current application and product security capabilities to define a strategic project roadmap
• Establish and track AppSec metrics to measure effectiveness
• Master our technical architecture and product features to lead security assessments and threat modeling discussions
• Foster strong relationships with engineering teams to drive technical improvements and integrate security processes seamlessly
• Collaborate with GRC and IT peers to identify and reduce risks across the company's technology ecosystem, ensuring a holistic approach to security
• Define security requirements for product design, architecture, and implementation
• Participate in Security's on-call rotation and help improve our incident response practices
• Help build an effective security culture through training, presentations, and best practice advocacy
• Establish and maintain core processes, standards, and tooling for the Security Engineering team

Preferred Qualifications

Experience with Ruby and Ruby on Rails

Benefits

• Unlimited Paid Time Off
• Work from anywhere in Canada and USA
• Health and Dental benefits
• IT set up for your home
• 401k and RRSP
• Learning and Development Allowance