Key skills
PythonGoRubyRustAWSAzureGCPCI/CDRisk Management
About this role
EasyPost is a rapidly growing company founded in 2012, dedicated to simplifying shipping for businesses of all sizes. The Application Security Engineer III will play a crucial role in enhancing the application's security posture, architecting defense strategies, and integrating security throughout the development lifecycle.
Responsibilities:
- Lead Security Architecture: Design, build, and maintain scalable security systems and infrastructure that align with the organization's evolving business goals
- Embed Security by Design: Partner with cross-functional teams to integrate security and privacy controls into the product lifecycle, from project inception to final delivery
- Scale Security Operations: Build automated systems and programs that allow security at EasyPost to scale efficiently in both breadth and depth of coverage
- Drive DevSecOps Adoption: Champion "shift-left" methodologies, utilizing Infrastructure-as-Code and CI/CD design patterns to move security feedback to the earliest phases of development
- Product Innovation: Architect and build competitive customer-facing security features that support business growth and appeal to security-conscious markets
- Intelligent Notifications: maintain high-fidelity alerting/notification infrastructure that delivers timely, relevant, and actionable intelligence to internal staff and customers
- Enablement & Education: Create self-service documentation, training materials, and knowledge base resources that empower developers to write safer code and increase productivity
- M&A Integration: Collaborate directly with M&A entities to assess risks, integrate products, and unify diverse environments under our security standards
Requirements:
- Bachelor's degree in computer science, management information systems, or related field
- 5+ years of related experience, master's degree and 3+ years of related experience, or equivalent related work experience
- Ability to code proficiently in at least two of the following programming languages: Python, Ruby, Go, and Rust
- Ability to design systems that are simple to understand, maintainable, scalable, and resilient
- Prior experience securing large-scale web applications and/or Application Programming Interfaces (APIs), including performing security design reviews, vulnerability assessments, and building testing strategies for logic flaws
- The ability to understand and communicate concepts around threat modeling and risk management, including to both technical and non-technical stakeholders
- Proven history of building strong partnerships with Engineering and Product teams to deliver world-class products and features
- Working knowledge of several compliance and regulatory frameworks (SOC2, ISO 27001, SOX/ITGC, HIPAA, GDPR, CCPA, etc…)
- Experience in assessing risk and selecting key objectives during the vendor management lifecycle for software, hardware, cloud, and software-as-a-service vendors
- Deep knowledge of how to build and maintain mixed computing environments (Linux, Windows, Mac OS, and mobile devices)
- Past experience with migrating applications and services to public cloud providers (AWS, GCP, Azure, etc…)