Key skills
JavaScriptTypeScriptPythonGoTerraformKubernetesCDNCI/CDLeadershipOWASPWAF
About this role
Shipt is a retail tech company that connects people to reliable, high-quality delivery with a personal touch. As a Staff Engineer on the Application Security team, you will lead secure practices, design and implement security controls, and mentor team members to ensure the safety of applications and user data.
Responsibilities:
- You’ll be responsible for development practices across our engineering organization and building software systems to make secure development easier
- In this role, you will design, implement, and scale security controls and processes that protect Shipt’s users, empower Shipt developers, ensure the safety of our applications, and protect user data
- You are expected to operate at a high level of technical proficiency, provide technical leadership, mentor other team members, and influence security culture at all levels of the company
- You will gain valuable experience collaborating with cross-disciplinary teams, contributing to the protection of customers and shoppers nationwide
Requirements:
- extensive software engineering experience with focus on developer tooling or infrastructure
- strong programming skills in Go, Python, and/or JavaScript/TypeScript
- experience building with CI/CD systems as part of the software development lifecycle
- familiarity with containerization concepts and tools
- experience working and deploying with cloud platforms, especially Kubernetes
- experience building APIs, automation tools, and developer-facing services
- knowledge of common security vulnerabilities and remediation approaches
- knowledge or training with compliance programs such as PCI DSS and SOC2
- experience with Infrastructure as Code tools, such as Terraform
- strong system design and architecture skills
- experience translating business requirements into practical development solutions
- experience with OWASP Top 10, SANS CWE Top 25, and common security design flaws
- led the design, implementation, and validation of secure coding practices, application security controls, and integration of security platforms
- understanding of tools and techniques leveraged to breach networks, server systems, cloud workloads or applications
- experience leading threat modeling and security design reviews
- Bachelor's Degree or equivalent experience
- CISSP, OSWE, CSSLP, GWAPT, GWEB, OSCP, CompTIA Security+ certification
- proficiency in Terraform
- familiarity with open-source software and dependency management
- experience managing, configuring and troubleshooting CDN & WAF technologies