Senior Application Security Engineer

Summary

Join EasyPost, a rapidly growing YC unicorn, as a Senior Application Security Engineer. You will play a critical role in enhancing the security of our logistics ecosystem. Responsibilities include designing, building, and maintaining security systems, collaborating with other teams on security integration, and building security features within our products. You will also create security alerts and documentation, work with M&A entities, and assess vendor risks. This role requires a Bachelor's degree, 8+ years of experience, and proficiency in several programming languages. EasyPost offers a competitive compensation package, comprehensive benefits, and a flexible work schedule.

Requirements

• Bachelor's degree in computer science, management information systems, or related field
• 8+ years of related experience, master’s degree and 6+ years of related experience, or equivalent related work experience
• Comfortable writing production-ready code daily in at least two of the following languages: Python, Ruby, Go, or Rust
• Ability to design systems that are simple to understand, maintainable, scalable, and resilient
• Prior experience securing large-scale web applications and/or Application Programming Interfaces (APIs), including performing security design reviews, vulnerability assessments, and building testing strategies for logic flaws
• The ability to understand and communicate concepts around threat modeling and risk management, including to both technical and non-technical stakeholders
• Proven history of building strong partnerships with Engineering and Product teams to deliver world-class products and features
• Working knowledge of several compliance and regulatory frameworks (SOC2, ISO 27001, SOX/ITGC, HIPAA, GDPR, CCPA, etc…)
• Experience in assessing risk and selecting key objectives during the vendor management lifecycle for software, hardware, cloud, and software-as-a-service vendors
• Deep knowledge of how to build and maintain mixed computing environments (Linux, Windows, Mac OS, and mobile devices)
• Past experience with migrating applications and services to public cloud providers (AWS, GCP, Azure, etc…)

Responsibilities

• Lead the design, building and maintenance of security systems and infrastructure that support the organization's evolving business and security goals
• Collaborate with other teams to integrate security and privacy controls and technology into the company’s overall planning and development process from project inception to project delivery
• Build systems and programs that help security at EasyPost to scale efficiently in both breadth and depth of coverage
• Embrace “shift-left” DevSecOps patterns, including infrastructure-as-code and Continuous Integration/Continuous Delivery design patterns that move security feedback to the earliest phases of product development and provide faster feedback to partner teams
• Design and build key competitive security features within the product itself that will support continued business growth among security-conscious customers
• Build and maintain security alerting infrastructure that delivers timely, relevant, and actionable alerts directly to internal staff, customers, and users
• Create and maintain self-service documentation, training material, and knowledge base resources that help developers be more productive and write safer code
• Work directly with M&A entities to integrate their products and improve the overall security posture of their existing development and support environments

Benefits

• Comprehensive medical, dental, vision, and life insurance
• Competitive compensation package and equity
• Monthly work from home stipend of $50
• Flexible work schedule and paid time off
• Collaborative culture with a supportive team
• A great place to work with unlimited growth opportunities
• The opportunity to make massive contributions at a hyper-growth company
• Make an impact on a product helping ship millions of packages per day