About us :
Every day, the complex challenges of global shipping and logistics bring growing pains that fast-growing online brands struggle to negotiate. Getting products into the hands of customers quickly and affordably is a challenge for most. At Auctane, we serve and champion these merchants every day. Our software stack solves shipping and logistics problems that arise as merchants scale, so they can focus their time, energy, and resources on what matters most.
Auctane is a team of shipping and software experts with a passion for helping merchants move their ideas, dreams, and innovations around the globe. The Auctane family includes ShipStation, ShipWorks, ShipEngine, ShippingEasy, Stamps, Endicia, Metapack, Shipsi, GlobalPost, and Packlink. Our partners include Amazon, UPS, USPS, eBay, BigCommerce, Shopify, WooCommerce, and Walmart.
Why would I want to be a Senior Cloud Security Engineer at Auctane?
To drive forward securing our Cloud environments (80% AWS, 20% GCP) and using industry-leading security tools/services with regards to 'security by design' / 'security as code' / 'Shifting Left' to help Auctane's journey from a DevOps to a DevSecOps culture.
The role sits within the infosec team, which is part of the larger R&D Tech function, working at scale, pace, and with the latest architecture patterns and tech.
We have a flat and open engineering culture where data & evidence beat opinion and hierarchy, backed by honest and frank discussions. We believe in forming autonomous, cross-functional teams empowered to deliver our ambitious strategy.
What would I be doing?
- Architecting, designing, and owning Cloud Security (mainly AWS), including API Security and Container Security.
- Developing automation of security and compliance capabilities supporting DevOps processes (SDLC).
- Architecting, designing, and owning policies for a unified WAF (Akamai or Imperva) across all Auctane brands.
- Performing regular security reviews, vulnerability assessments, risk assessments, and audits.
- Promoting "Security by Design" throughout engineering and the wider business.
- Participating in incident response, investigating attacks, managing security incidents, and conducting post-mortem analyses.
- Responding to emerging security threats and vulnerabilities.
What key skills and experience do I need?
- Deep technical knowledge of vulnerabilities, threats, attack methods, and infection vectors in Cloud Environments.
- Hands-on experience with Cloud Security Posture Management (CSPM) tools.
- Strong understanding of cloud networking & security controls, WAFs, IDS, IPS, and custom signature creation.
- Experience implementing WAFs.
- Knowledge of AWS security tools (Security Hub, GuardDuty, Detective) and Config.
- Familiarity with EC2, S3, ECS, and Fargate security best practices.
- Ability to visualize security posture and prioritize risks.
- Ability to review and advise on Terraform code security.
- Experience with Threat Modelling (e.G., OWASP, NIST).
- Ability to balance quality and deadlines, and demonstrate accountability and collaboration.
Additional desirable skills:
- Knowledge of automation tools for infrastructure security (e.G., Cloud Custodian).
- Familiarity with secure coding platforms (e.G., Secure Code Warrior).
- Willingness to attend conferences and share learnings.
- Experience using automation to solve complex problems.
- Basic understanding of CI/CD pipelines and security integration.
What we offer :
- Stock options
- Personal Training Budget:
Up to 2,000€/year for certifications, conferences, etc., to support your professional growth.
El anuncio original lo puedes encontrar en Kit Empleo:
#J-18808-Ljbffr