Social network you want to login/join with:
About us: Every day, the complex challenges of global shipping and logistics bring growing pains that fast-growing online brands struggle to negotiate. Getting products into the hands of customers quickly and affordably is a challenge for most. At Auctane, we serve and champion these merchants every day. Our software stack solves shipping and logistics problems that arise as merchants scale, so they can focus their time, energy, and resources on what matters most. Auctane is a team of shipping and software experts with a passion for helping merchants move their ideas, dreams, and innovations around the globe. The Auctane family includes ShipStation, ShipWorks, ShipEngine, ShippingEasy, Stamps, Endicia, Metapack, Shipsi, GlobalPost, and Packlink. Our partners include Amazon, UPS, USPS, eBay, BigCommerce, Shopify, WooCommerce, and Walmart.
Why would I want to be a Senior Security Engineer at Auctane? The role sits within the infosec team which is part of the larger R&D Tech function who work at scale, pace and with the latest architecture patterns and tech. The role would currently be an 80/20 split looking at Auctane's corporate security / Auctane's cloud environments. Full ownership of protecting our corporate environment (people & assets) through industry standard tools, control, training, and awareness. To be part of the team driving forward securing our AWS environment using industry leading security tools/services with regards to 'security by design', 'security as code', and 'Shifting Left' to help Metapack's journey from a DevOps to a DevSecOps culture. We have a flat and open engineering culture where data and evidence beats opinion and hierarchy, backed by honest and frank discussions. We passionately believe in forming autonomous, cross-functional teams who are empowered to deliver our ambitious strategy.
What would I be doing?
1. Assuring that Auctane has best of breed 'industry standard' security tooling in place to protect the business's assets.
2. Aligning existing tooling or mitigating gaps by choosing new appropriate tooling throughout our Auctane's entities/brands.
3. Responding swiftly to new and emerging security threats and vulnerabilities, investigating suspected attacks and being an integral part of the Information security incident process.
4. Being part of the internal Infosec/cyber security incident process - investigate suspected attacks and help manage security incidents, including providing post-mortem analysis, identifying causes, developing solutions and preventive measures.
5. Managing the development, refresh, and continued implementation of Auctane's Information Security Management System.
6. Performing regular security reviews, vulnerability, risk assessments, and audits.
7. Building relationships with all staff to promote 'Security by Design' throughout the business.
8. Working with outside consultants as appropriate for independent security reviews and compliance audits.
What key skills and experience do I need?
1. Detailed technical knowledge of vulnerabilities, threats, attack methods and infection vectors within Corporate Environments which are SaaS first.
2. Experience of providing infosec staff training/awareness and phishing campaigns via SaaS platforms such as Proofpoint.
3. Experience of running 'Threat Modelling' for teams and products with reference to secure engineering principles, and standards (e.g., OWASP, CIS, NIST).
4. Experience in securing Google Workspace implementations.
5. A solid foundation in computer networking fundamentals & security controls, firewalls, WAFs, IDS, IPS technologies.
6. Able to balance the demands of delivering high quality and demanding timescales.
7. Hold yourself accountable to delivering on your commitments.
8. Your every action demonstrates that collaboration is the best way to deliver awesome products.
It would be great if you also could bring:
1. Working knowledge of Security in AWS/GCP cloud environments (Security Hub, GuardDuty, and Detective) and the use of Config.
2. Knowledge of EC2, S3, ECS, and Fargate security best practices.
3. Ability to visualize the security posture of our AWS environment and prioritization of associated risks.
4. Hands-on experience with a Cloud Security Posture Management (CSPM) tool.
5. The desire to move into a more DevSecOps culture.
6. Willingness to attend conferences, webinars, and meet-ups and share the learning.
7. Experience of using automation to solve complex problems.
8. A desire to constantly challenge the norm.
What we offer:
1. Stock options.
2. Personal Training Budget: Up to 2,000€/year training budget (certifications, conferences attendance, etc.) to invest in your professional development. We want to help you improve your technical skills, feel involved in the product community, and develop your soft skills in order to lead teams and manage other stakeholders.
3. We are a remote-first company: All team members at Packlink are remote employees. After COVID, you can decide if you want to.
#J-18808-Ljbffr