Staff Engineer

Shipt is a retail tech company that connects people to reliable, high-quality delivery with a personal touch. As a Staff Engineer on the Application Security team, you will lead secure practices across the organization, design and implement security controls, and mentor other engineers to enhance the security culture at Shipt.

Responsibilities:

• You’ll be responsible for development practices across our engineering organization and building software systems to make secure development easier
• In this role, you will design, implement, and scale security controls and processes that protect Shipt’s users, empower Shipt developers, ensure the safety of our applications, and protect user data
• As a Staff Engineer, you are expected to operate at a high level of technical proficiency, provide technical leadership, mentor other team members, and influence security culture at all levels of the company
• You have extensive software engineering experience with focus on developer tooling or infrastructure
• You have strong programming skills in Go, Python, and/or JavaScript/TypeScript
• You have experience building with CI/CD systems as part of the software development lifecycle
• You have familiarity with containerization concepts and tools
• You have experience working and deploying with cloud platforms, especially Kubernetes
• You have experience building APIs, automation tools, and developer-facing services
• You have knowledge of common security vulnerabilities and remediation approaches
• You have knowledge or training with compliance programs such as PCI DSS and SOC2
• You have experience with Infrastructure as Code tools, such as Terraform
• You have strong system design and architecture skills
• You have experience translating business requirements into practical development solutions
• You have experience with OWASP Top 10, SANS CWE Top 25, and common security design flaws
• You have led the design, implementation, and validation of secure coding practices, application security controls, and integration of security platforms
• You have an understanding of tools and techniques leveraged to breach networks, server systems, cloud workloads or applications
• You have experience leading threat modeling and security design reviews

Requirements:

• You have extensive software engineering experience with focus on developer tooling or infrastructure
• You have strong programming skills in Go, Python, and/or JavaScript/TypeScript
• You have experience building with CI/CD systems as part of the software development lifecycle
• You have familiarity with containerization concepts and tools
• You have experience working and deploying with cloud platforms, especially Kubernetes
• You have experience building APIs, automation tools, and developer-facing services
• You have knowledge of common security vulnerabilities and remediation approaches
• You have knowledge or training with compliance programs such as PCI DSS and SOC2
• You have experience with Infrastructure as Code tools, such as Terraform
• You have strong system design and architecture skills
• You have experience translating business requirements into practical development solutions
• You have experience with OWASP Top 10, SANS CWE Top 25, and common security design flaws
• You have led the design, implementation, and validation of secure coding practices, application security controls, and integration of security platforms
• You have an understanding of tools and techniques leveraged to breach networks, server systems, cloud workloads or applications
• You have experience leading threat modeling and security design reviews
• Bachelor's Degree or equivalent experience
• You have a CISSP, OSWE, CSSLP, GWAPT, GWEB, OSCP, CompTIA Security+ certification
• You have proficiency in Terraform
• You have familiarity with open-source software and dependency management
• You have experience managing, configuring and troubleshooting CDN & WAF technologies