Senior Application Security Engineer

at EasyPost
  • $125k-$170k
  • Remote - Worldwide

Remote

Cybersecurity

Senior

Job description

Founded in 2012, EasyPost is a YC unicorn whose mission is to make shipping simple for businesses, from garage startups to the Fortune 500. Shipping, now more than ever, is the backbone of the global economy, but integrating the technology-enabled operations of a modern business with the low-tech and complex shipping industry has always been a challenge. EasyPost solves this problem with the first developer-friendly REST API for shipping, and we continue to push boundaries and discover new ways to simplify shipping for all. Our team is rapidly growing, and this is the perfect time to get on board. Join us, and help build the shipping infrastructure of the future.

Position Summary:

The Senior Application Security Engineer will play a critical role in maintaining and improving the security of EasyPost’s growing and evolving logistics ecosystem. Responsibilities will include identifying, planning, and completing high-impact security projects, reviewing new proposed product features, building new security systems and programs. The Senior Security Engineer will leverage their experience and creativity to protect millions of users, the company, and our partner organizations against both identified and emerging security risks.

Essential Duties and Responsibilities:

The essential functions include, but are not limited to the following:

o Lead the design, building and maintenance of security systems and infrastructure that support the organization’s evolving business and security goals.

o Collaborate with other teams to integrate security and privacy controls and technology into the company’s overall planning and development process from project inception to project delivery.

o Build systems and programs that help security at EasyPost to scale efficiently in both breadth and depth of coverage.

o Embrace “shift-left” DevSecOps patterns, including infrastructure-as-code and Continuous Integration/Continuous Delivery design patterns that move security feedback to the earliest phases of product development and provide faster feedback to partner teams.

o Design and build key competitive security features within the product itself that will support continued business growth among security-conscious customers.

o Build and maintain security alerting infrastructure that delivers timely, relevant, and actionable alerts directly to internal staff, customers, and users.

o Create and maintain self-service documentation, training material, and knowledge base resources that help developers be more productive and write safer code.

o Work directly with M&A entities to integrate their products and improve the overall security posture of their existing development and support environments.

Minimum Education & Experience Qualifications:

o Bachelor’s degree in computer science, management information systems, or related field.

o 8+ years of related experience, master’s degree and 6+ years of related experience, or equivalent related work experience.

o Comfortable writing production-ready code daily in at least two of the following languages: Python, Ruby, Go, or Rust.

o Ability to design systems that are simple to understand, maintainable, scalable, and resilient.

o Prior experience securing large-scale web applications and/or Application Programming Interfaces (APIs), including performing security design reviews, vulnerability assessments, and building testing strategies for logic flaws.

o The ability to understand and communicate concepts around threat modeling and risk management, including to both technical and non-technical stakeholders.

o Proven history of building strong partnerships with Engineering and Product teams to deliver world-class products and features.

o Working knowledge of several compliance and regulatory frameworks (SOC2, ISO 27001, SOX/ITGC, HIPAA, GDPR, CCPA, etc…)

o Experience in assessing risk and selecting key objectives during the vendor management lifecycle for software, hardware, cloud, and software-as-a-service vendors.

o Deep knowledge of how to build and maintain mixed computing environments (Linux, Windows, Mac OS, and mobile devices).

o Past experience with migrating applications and services to public cloud providers (AWS, GCP, Azure, etc…)

$125,000 - $170,000 a year

The posted salary range represents the base compensation for this role. Actual compensation may vary based on factors including, but not limited to, experience, education, skills, geographic location, and internal equity.

What We Offer:

o Comprehensive medical, dental, vision, and life insurance

o Competitive compensation package and equity

o Monthly work from home stipend of $50

o Flexible work schedule and paid time off

o Collaborative culture with a supportive team

o A great place to work with unlimited growth opportunities

o The opportunity to make massive contributions at a hyper-growth company

o Make an impact on a product helping ship millions of packages per day

Data Privacy Notice for Job Applicants:

For information on personal data processing, please see our Privacy Policy: https://www.easypost.com/privacy

“EasyPost is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.”

To be considered for this position, you must be authorized and based in the United States.

Share this job:
Please let EasyPost know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at EasyPost

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply