Flexport’s Security team is seeking a Sr. Staff or Principal level Software Security Architect to help Flexport establish itself as the most trusted company in the global trade ecosystem. As a Software Security Architect, you develop and help to drive the adoption of software security strategy, security architecture standards, design patterns, and best practices across Flexport software products and services. You are a person that builds strong relationships with Flexport’s technical teams and ensures the security strategy is aligned with the overall team and business' objectives and strategy. If you are someone who is innovative and enjoys maintaining a deep level of expertise in software security while being a security thought leader both internally and externally, then this is a great role for you.
- Drive overall software security architecture, working closely with product and engineering specific technical architecture experts
- Engage with product, engineering, and legal teams to design new security frameworks, APIs, and services for the current and future global trade verticals
- Partner and help drive architecture standards and future capabilities specific to our authentication and authorization (IAM) as it relates to products and services associated with global trade
- Identify security gaps in product roadmaps and engineering architecture with a goal to help build innovative technology to enable trust in Flexports platform products
- Will own security architecture strategy/roadmap securing the global trade ecosystem
- Provide hands on software security training to engineers and grow our security champs
- Design and build prototype security solutions, including security specific test cases
- Engage in hands-on, in-depth analysis, review, and design of the software, including technical review and analysis of source code with a security perspective. Will include reviews of in-house developed code, as well as review of technologies provided by third party vendors
- Conduct ongoing security analysis of our architecture and designs, facilitate and perform various security tests and reviews of our code, products, services and infrastructure
- Help build secure products and standards around emerging technologies and using existing standards and security practices
- Guide our software development teams through the Secure Software Development Lifecycle (SSDL) by participating in design reviews, threat modeling, and in-depth security penetration testing of code and systems. These responsibilities extend to providing input on application design, secure coding practices,and appsec
- Serve as a leader by promoting security awareness, mentoring other team members, and staying up-to-date on security trends related to threats, vulnerabilities and OWASP best practices
You should have:
- Demonstrated leadership in all aspects of software security
- Strong background in the implementation and maturity of Secure SDLC programs based on at least one industry-standard framework (OWASP SAMM, BSIMM, MS SDL)
- Knowledge of common security standards and best practices, such as NIST 800-53/800-160, ISO 270xx, CWE, CVSS, OWASP, MITRE ATT&CK, CERT Secure Coding Standards.
- Experience with security best practices for common authentication protocols (OpenID Connect, OAUTH, SAML, LDAP, KERBEROS, etc.).
- Experience with the secure implementation of OAuth2 Flows: Authorization Code Flow, Client Credentials Flow, Device Code flow, etc.
- Experience with data and application integration patterns (Domain-Driven, APIs, messaging, streaming, sync/async).
- Extensive background in conducting threat modeling for Web, Mobile, SaaS, Enterprise, and Industrial IoT applications.
- Security knowledge in the area of enterprise communication protocols and data exchange technologies, e.g.: AMQP (Advanced Message Queuing Protocol), MQTT, Web Sockets, etc.
- Ability to tackle large scale security architecture problems
- 10+ years of overall product security experience is required
- 4+ years of experience in threat modeling and threat modeling tools is required
- Experience working with large distributed applications on heterogeneous platforms
- Strong interpersonal and communications skills
- Possess strong organizational skills, both for yourself and for the team while working with many people in a fast-paced environment.
We believe global trade can move the human race forward. That’s why it’s our mission to make global trade easier for everyone. We aim to do this by building the Operating System for Global trade - a strategic model combining advanced technology and data analytics, logistics infrastructure, and supply chain expertise. Flexport today connects almost 10,000 clients and suppliers across 109 countries, including established global brands like Georgia-Pacific as well as emerging innovators like Sonos. Started in 2013, we've raised over $1.3B in funding from SoftBank Vision Fund, Founders Fund, GV, First Round Capital and Y Combinator. We’re excited about the three big ways we’re moving forward after our recent $1B investment from SoftBank Vision Fund in February 2019.
Worried about not having any freight forwarding experience?
- Don’t be! We’re building the first Operating System for Global Trade. That’s why it’s incredibly important for us to bring people from diverse backgrounds and experiences together with our industry veterans to help move the freight forwarding industry forward.
- What’s freight forwarding and why does it matter? Freight forwarding is the coordination and shipment of goods from one place to another and it’s what makes global trade possible. Flexport is on a mission to make global trade easier for everyone because we believe it can help connect the world and break down economic barriers.
- We know this industry is complex. That’s why we invest in education starting day one with Flexport Academy, a one week intensive onboarding program designed specifically to set every new Flexport employee up for success.
At Flexport, our ability to fulfill our mission of making global trade easy for everyone relies on having a diverse, dedicated and engaged workforce. That is why Flexport is committed to creating and nurturing an environment where anyone can be their authentic self. All qualified applicants will receive consideration for employment regardless of race, color, religion, sex, national origin, age, physical and mental disability, health status, marital and family status, sexual orientation, gender identity and expression, military and veteran status, and any other characteristic protected by applicable law.