Every day, the complex challenges of global shipping and logistics bring growing pains that fast-growing online brands struggle to negotiate. Getting products into the hands of customers quickly and affordably is a challenge for most. At Auctane, we serve and champion these merchants every day. Our software stack solves shipping and logistics problems that arise as merchants scale, so they can focus their time, energy, and resources on what matters most.
Auctane is a team of shipping and software experts with a passion for helping merchants move their ideas, dreams and innovations around the globe. The Auctane family includes ShipStation, ShipWorks, ShipEngine, and ShippingEasy. Our partners include Amazon, UPS, USPS, eBay, BigCommerce, Shopify, WooCommerce, and Walmart.
A wholly-owned subsidiary of Thoma Bravo, Auctane is headquartered in Austin, TX, with offices in St. Louis, London, and Sydney.
The way we work really is at the heart of Auctane, and our 4 core values are brought together to give a sense of our culture.
With Innovation and Integrity at our core, we have a flat and open culture where data & evidence, backed by honest and frank discussions, beats subjective opinion and hierarchy. We Collaborate with energy and Passion on meeting the needs of our fantastic customers and partners.
We passionately believe in forming autonomous, cross functional teams who are empowered to deliver our ambitious strategy. With stamps.com ownership comes the ability to operate largely independently away from Board meetings and old world thinking but with the financial support of a high performing tech company. Energy and passion for our business and customers is a part of the Auctane culture – and we love working with like-minded people.
Why would I want to be a Cloud Security Engineer at Auctane?
To drive forward securing our AWS environments using industry leading security tools/services with regards to towards ‘security by design’ / ‘security as code’ / 'Shifting Left’ to help Auctane’s journey from a DevOps to a DevSecOps culture.
The role sits within the infosec team which is part of the larger Tech function who work at scale, pace and with the latest architecture patterns and tech.
We have a flat and open engineering culture where data, & evidence beats opinion and hierarchy, backed by honest and frank discussions. We passionately believe in forming autonomous, cross functional teams who are empowered to deliver our ambitious strategy.
What would I be doing?
• Architecting, designing and ownership of AWS Cloud Security including API Security and Container Security.
• Developing the automation of security and compliance capabilities in support of DevOps processes (SDLC)
• Architecting, designing and Policy ownership of a single WAF solution across all Auctane Brands
• Performing regular security reviews, vulnerability, risk assessments and audits
• Building relationships with all staff to promote “Security by Design” throughout the Engineering Teams and wider business.
• Being part of the internal Infosec / cyber security incident process - investigate suspected attacks and help manage security incidents, including providing post-mortem analysis, identify causes, develop solutions and preventive measures
• Responding swiftly to new and emerging security threats and vulnerabilities, investigate suspected attacks and be an integral part of the Information security incident process
What key skills and experience do I need?
As a trusted technical authority, you’ll be the go-to person for all things Security engineering for Cloud Security who can demonstrate and apply the following;
• Detailed technical knowledge of vulnerabilities, threats, attack methods and infection vectors with Cloud Environments.
• A solid foundation in cloud native networking fundamentals & security controls, WAFs, IDS, IPS technologies, ability to construct custom signatures and investigate intercepted traffic/logs.
◦ Experience of successfully implementing WAFs
• Solid understanding of AWS security tools (Security Hub, GuardDuty and Detective) and the use of Config
◦ Knowledge of EC2, S3, ECS and Fargate security best practices.
◦ Ability to visualise the security posture of our AWS environment and prioritisation of associated risks.
• Able to review basic HashiCorp Terraform Syntax and advise engineering teams on how to secure and deploy their Terraform code.
• Experience of running “Threat Modelling” for teams and products with reference to secure engineering principles, and standards (eg OWASP\CIS\NIST)
• Able to balance the demands of delivering high quality and demanding timescales.
• Hold yourself accountable to delivering on your commitments.
• Your every action demonstrates that collaboration is the best way to deliver awesome products
It would be great if you also could bring
• Knowledge of automated tools to secure infrastructure as code: Cloud Custodian
• Knowledge of code training platforms ie Secure Code Warrior
• Willing to attend conferences, webinars and meet-ups and share the learning.
• Experience of using automation to solve complex problems
• General development knowledge:
◦ At a high-level how an engineer builds and deploys code from their IDE through the pipeline and to production.
◦ Of a typical pipeline build (Jenkins or TeamCity) and therefore can advise teams on how to implement steps to automate security tools ie Static Application Security Testing (SAST) or Software Composition Analysis (SCA) as part of the build
• A desire to constantly challenge the norm
What are the perks?
• Access to training to help you progress your skills and career
• 25 days holiday, 10% bonus (paid quarterly), pension, enhanced maternity and paternity leave, group life insurance scheme, private medical healthcare
• Discounted gym membership, cycle to work scheme, interest free season ticket loan
• Breakfast, dinner, fresh fruit, snacks and drinks
• Dynamic, open culture with lots of social activities
Travel Requirements (if applicable):
Equal Opportunity Employer/Veterans/Disabled