Senior Security Engineer

San Francisco, Austin, or Remote

Full Time Senior-level / Expert
Shippo logo

Shippo

Shippo is the best multi-carrier shipping software for e-commerce businesses. Find the best shipping rates, integrate with e-commerce platforms, print shipping labels, track package delivery, and verify addresses with either our shipping API or...
Apply now Apply later

Before you read on, take a look around you. Chances are, pretty much everything you see has been shipped, often multiple times, in order to get there. E-commerce and parcel shipping volumes are exploding but so are customer expectations about shipping speed and cost. Managing shipping and logistics operations to meet increasingly exacting demands is an extremely hard endeavor, especially for SMBs who can be left in the dust by larger and far more sophisticated competitors. But this does not have to be so.
At Shippo, our goal is to level the playing field by providing businesses with access to shipping tools and terms that would not be available to them otherwise. We lower the barriers to shipping for businesses around the world, and move shipping from a pain point to a competitive advantage.
Through Shippo, e-commerce businesses, from fast-growing brands to mom-and-pop shops are able to connect to multiple shipping carriers around the world from one API and dashboard, and seamlessly run every aspect of their shipping operations, from checkout shipping options to returns.
Join us to build the foundations of something hard yet meaningful, roll up your sleeves, and get important work done everyday. Founded in 2013, and funded by top-tier investors likeD1 Capital Partners, Bessemer Venture Partners, Union Square Ventures, Uncork Capital, VersionOne Ventures, FundersClub, we are a fast-growing and proudly distributed Unicorn with hubs in San Francisco and Austin. We are also featured in Wealthfront’s Career Launching List  and Forbes’ Cloud 100 list of fast growing startups.
About the RoleAs a Senior Security Engineer at Shippo, you will help secure our systems by architecting and implementing systems, processes and standards, and championing their adoption across I.T., Engineering and the rest of the company. You are responsible for ensuring that Shippo’s corporate and production systems exceed industry security and compliance standards by implementing security measures to protect, monitor and investigate sensitive data and systems. 

Responsibilities

  • Establish and maintain a roadmap for security infrastructure, tools, detection, monitoring, digital forensics, incident response, and automation
  • Partner with IT to implement technology, configurations and processes to secure corporate environments, remote work, business systems, and user endpoints
  • Select, implement and maintain security team tools, infrastructure, and automation
  • Plan and manage security infrastructure and operations projects
  • Analyze, assess, and respond to cyber threats
  • Document security designs
  • Create incident response playbooks and procedures
  • Implement secure access to corporate systems, cloud production services for administration, deployment, configuration, and debugging
  • Conduct in-depth security reviews of corporate and production infrastructure
  • Implement processes, code, and systems that prevent, detect and respond to cyber threats
  • Lead vulnerability management, patching, and attack surface monitoring efforts
  • Manage regular security assessments and penetration tests
  • Draft and maintain information security standards, policies and best practices
  • Plan and manage security monitoring projects. Oversee security detection capabilities and ongoing monitoring and response activities
  • Oversee red team, blue team, purple team and tabletop activities
  • Respond to security audit and security due diligence requests
  • Advise teams on developing pragmatic solutions that achieve business requirements and also maintain acceptable levels of risk
  • Evangelize security best practices across the organization


  • Minimum 7 years of experience in a combination of security engineering and SecOps roles
  • BS or MS degree in Computer Science or equivalent experience
  • Strong all around defender skill set, with a working knowledge of cybersecurity technical implementations, log analysis, digital forensics
  • Experience in securing third applications, AWS infrastructure, and OS hardening guidelines
  • Strong background in MacOS, Linux, and Windows
  • Experience with endpoint detection and response, anti-malware tools, and email protection tools
  • Hands on experience implementing security for various enterprise technologies and services, such as email, DNS, operating systems, and business applications
  • Relevant experience managing security on AWS cloud infrastructure
  • Proven expertise in system and network security including authentication, cryptography, secure protocols, intrusion detection systems (IDS), firewalls, VPNs, and both wireless and wired security
  • Experience with handling incident responses and leading Security Incident Response Teams
  • Certification in one or more technical information security disciplines (e.g. CISSP, GIAC)Relevant experience working in the SaaS industry with a deep understanding of regulatory frameworks such as ISO, GDPR, SOC2, etc. is highly desired
  • Deep understanding of customer needs and passion for customer success
  • Exceptional verbal, written, and interpersonal communication skills
  • Scripting and automation experience (e.g. Python, Bash, Powershell)Experience scaling dimensions of security with respect to company growth
  • Experience securing SaaS applications (e.g. SFDC, Google App suite, Atlassian etc.)
Benefits and Perks
Medical, dental, and vision healthcare coverage for you and your dependents. Pets coverage is also available!Flexible policy for PTO and work arrangement 3 VTO days for ShippoCares volunteering events $2,500 annual learning stipend for your personal and professional growthCharity donation match up to $100Free daily catered lunch, drinks, and snacksFun team events outside of work hours - happy hours, “escape room” adventures, hikes, and more!
Job region(s): Remote/Anywhere North America
Job stats:  11  1  0
  • Share this job via
  • or

Explore more Information Security career opportunities