Key skills
PythonGoRubyRustAWSAzureGCPCI/CDRisk Management
About this role
EasyPost is a rapidly growing company founded in 2012, focused on simplifying shipping for businesses of all sizes. They are seeking an Application Security Engineer III to lead the development of secure software ecosystems, architect defense strategies, and integrate security throughout the development lifecycle.
Responsibilities:
- Design, build, and maintain scalable security systems and infrastructure that align with the organization's evolving business goals
- Partner with cross-functional teams to integrate security and privacy controls into the product lifecycle, from project inception to final delivery
- Build automated systems and programs that allow security at EasyPost to scale efficiently in both breadth and depth of coverage
- Champion "shift-left" methodologies, utilizing Infrastructure-as-Code and CI/CD design patterns to move security feedback to the earliest phases of development
- Architect and build competitive customer-facing security features that support business growth and appeal to security-conscious markets
- Maintain high-fidelity alerting/notification infrastructure that delivers timely, relevant, and actionable intelligence to internal staff and customers
- Create self-service documentation, training materials, and knowledge base resources that empower developers to write safer code and increase productivity
- Collaborate directly with M&A entities to assess risks, integrate products, and unify diverse environments under our security standards
Requirements:
- Bachelor's degree in computer science, management information systems, or related field
- 5+ years of related experience, master's degree and 3+ years of related experience, or equivalent related work experience
- Ability to code proficiently in at least two of the following programming languages: Python, Ruby, Go, and Rust
- Ability to design systems that are simple to understand, maintainable, scalable, and resilient
- Prior experience securing large-scale web applications and/or Application Programming Interfaces (APIs), including performing security design reviews, vulnerability assessments, and building testing strategies for logic flaws
- The ability to understand and communicate concepts around threat modeling and risk management, including to both technical and non-technical stakeholders
- Proven history of building strong partnerships with Engineering and Product teams to deliver world-class products and features
- Working knowledge of several compliance and regulatory frameworks (SOC2, ISO 27001, SOX/ITGC, HIPAA, GDPR, CCPA, etc…)
- Experience in assessing risk and selecting key objectives during the vendor management lifecycle for software, hardware, cloud, and software-as-a-service vendors
- Deep knowledge of how to build and maintain mixed computing environments (Linux, Windows, Mac OS, and mobile devices)
- Past experience with migrating applications and services to public cloud providers (AWS, GCP, Azure, etc…)