Senior Security Engineer
Hello. We are ShipHero (https://shiphero.com). We have built a software platform entrusted by hundreds of ecommerce companies, large and small to run their operations and we continue to grow. About US$5 billion of ecommerce orders are shipped a year via ShipHero. Our customers sell on Shopify, Amazon, Etsy, Ebay, WooCommerce, BigCommerce and many other platforms. We’re driven to help our customers grow their businesses by providing a platform that solves complex problems, and is engineered to be reliable and fast. We are obsessed with building great technology, that is beautiful, easy to use and is loved by our customers. Our culture also reflects our ethos and belief that by bringing passionate, talented and great people together - you can do great things.
Our team is fully remote, with most of our engineers currently spread over the Americas but have been building out teams in Europe as well. We communicate regularly using video chat and Slack, and put a strong emphasis on asynchronous work so people have large chunks of uninterrupted time to focus and do deep work.
Making sure you and the rest of the company are able to focus while being at work is really important to us. You can read our internal guide on how we communicate from our website: https://shiphero.com/careers/c...
About the role
We are looking for an experienced Security Engineer who will analyze our software designs and implementations from a security perspective, in order to identify and resolve security issues. Your duties will include the appropriate security analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software.
You should have a solid technical background and great abilities of security threats prevention. We also expect you to have an analytical mindset and to be an efficient team player.
Software Security Engineer responsibilities are:
- Scope and perform application security reviews of our full stack: web applications, APIs, and platform architectures.
- Develop, maintain and implement security automated solutions for deployment pipelines.
- Coordinate and perform vulnerability testing, risk analysis and security assessments on environments.
- Evaluate criticality of outstanding security findings and collaborate with roadmap planning for proper mitigation.
- Promote secure development practices for our Engineering Teams
- Recommend and evaluate appropriate security tools, training resources and latest security trends.
- Work together with our Security Officer to define the cloud security incident response plan and to analyze cloud security breaches to determine their root cause.
Software Security Engineer requirements are:
- 5+ of technical experience with establishing and implementing securing best practices in AWS cloud
- Practical experience on programming/scripting to automate security tasks using languages like Python.
- Practical experience with Apache, Nginx, Gunicorn and MySQL.
- Practical experience using modern cloud deploy pipelines such as Infrastructure as Code (Terraform), Software Development Lifecycle, Continuous Integration and Delivery (Git & Atlassian Suite).
- Offensive mindset and the ability to think of and consider abuse and attack paths as well as the defensive mindset to think of recommendations to prevent them.
- Ability to express to other stakeholders what’s important and what’s urgent, so it can be prioritized along with competing priorities.
- Competence in spoken and written English.
- $2.500 so you can buy any equipment you need to be happy at your job
- 20 days paid vacation + new year & Christmas
- Conference days don't count against your vacation days, we want you to stay up-to-date
- We will pay for courses & conferences, if you learn we all learn
- Salary range is $80.000 - $120.000 / year depending on experience and location