Define and own Shippo’s security strategy, translating business goals, customer trust needs, and regulatory requirements into a clear, prioritized security roadmap.
Plan and execute quarterly security initiatives that deliver meaningful risk reduction and enable business growth.
Continuously assess Shippo’s threat landscape and adjust priorities as the company, product surface area, and customer needs evolve.
Secure Shippo’s cloud and application environments, with deep ownership of AWS security architecture and controls.
Partner with Engineering teams to embed security into the SDLC, including application security reviews, SAST/DAST, dependency management, and secure design practices.
Own security operations, including incident readiness, response, and post-incident learning.
Lead security incidents end-to-end
from investigation and containment to postmortems and long-term remediation.
Conduct security risk assessments across applications, infrastructure, vendors, and processes; clearly communicate findings and recommendations to stakeholders.
Serve as the primary security point of contact for customer and partner security inquiries, audits, and escalations.
Lead, coach, and support a small security team, setting clear expectations, providing actionable feedback, and fostering a culture of learning and ownership.
Requirements
Proven experience leading security at a high-growth technology company, in a role combining hands-on execution with functional ownership.
Strong hands-on expertise in cloud security (AWS), application security, and modern SaaS architectures.
Practical experience leading SOC 2 Type II compliance and audits.
Experience owning or leading incident response for real-world security incidents.
Ability to translate technical security risks into clear business context for non-technical stakeholders.
Strong judgment, ownership mindset, and comfort operating with ambiguity and limited team scale.
Bonus Experience with CSPM tools, WAFs, EDR solutions, and modern AppSec tooling.
Background in e-commerce, fintech, logistics, or platform companies.
Experience building early security functions or scaling security practices alongside company growth.
Tech Stack
AWS
Cloud
SDLC
Benefits
Healthcare coverage for medical, dental, and vision (90% covered by the company, incl. dependents).
Pets coverage is also available!
Take-as-much-as-you-need vacation policy & flexible working hours
One week-long company wide winter slow down
3 Volunteer Days Off (VTOs)
WFH stipend to set up your home office
Charity donation match up to $100
Dedicated programs, coaching, tools, and resources for your professional and career growth as well as an individual learning stipend for your personal and focused growth
Fun team in person time through our Shippos Everywhere program which includes regular team and company off-sites throughout the year as well as local Shippos gatherings.