Hello. We are ShipHero (https://shiphero.com). We have built a software platform entrusted by hundreds of ecommerce companies, large and small to run their operations and we continue to grow. About US$5 billion of ecommerce orders are shipped a year via ShipHero. Our customers sell on Shopify, Amazon, Etsy, Ebay, WooCommerce, BigCommerce and many other platforms. We’re driven to help our customers grow their businesses by providing a platform that solves complex problems, and is engineered to be reliable and fast. We are obsessed with building great technology, that is beautiful, easy to use and is loved by our customers. Our culture also reflects our ethos and belief that by bringing passionate, talented and great people together - you can do great things.
Our team is fully remote, with most of our engineers currently spread over the Americas but have been building out teams in Europe as well. We communicate regularly using video chat and Slack, and put a strong emphasis on asynchronous work so people have large chunks of uninterrupted time to focus and do deep work.
Making sure you and the rest of the company are able to focus while being at work is really important to us. You can read our internal guide on how we communicate from our website: https://shiphero.com/careers/c...
We are looking for an experienced Security Engineer who will analyze our software designs and implementations from a security perspective, in order to identify and resolve security issues. Your duties will include the appropriate security analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software.
You should have a solid technical background and great abilities of security threats prevention. We also expect you to have an analytical mindset and to be an efficient team player.
5+ years of technical experience with establishing and implementing security best practices in AWS cloud
Practical experience on programming/scripting to automate security tasks using languages like Python.
Practical experience with Apache, Nginx, Gunicorn and MySQL.
Practical experience using modern cloud deploy pipelines such as Infrastructure as Code (Terraform), Software Development Lifecycle, Continuous Integration and Delivery (Git & Atlassian Suite).
Offensive mindset and the ability to think of and consider abuse and attack paths as well as the defensive mindset to think of recommendations to prevent them.
Ability to express to other stakeholders what’s important and what’s urgent, so it can be prioritized along with competing priorities.
Competence in spoken and written English.