About Auctane:

Every day, the complex challenges of global shipping and logistics bring growing pains that fast-growing online brands struggle to negotiate.  Getting products into the hands of customers quickly and affordably is a challenge for most. At Auctane, we serve and champion these merchants every day. Our software stack solves shipping and logistics problems that arise as merchants scale, so they can focus their time, energy, and resources on what matters most.

Auctane is a team of shipping and software experts with a passion for helping merchants move their ideas, dreams and innovations around the globe. The Auctane family includes ShipStation, ShipWorks, ShipEngine, and ShippingEasy. Our partners include Amazon, UPS, USPS, eBay, BigCommerce, Shopify, WooCommerce, and Walmart.

A wholly-owned subsidiary of Thoma Bravo,  Auctane is headquartered in Austin, TX, with offices in St. Louis, London, and Sydney.

Our Values:

The way we work really is at the heart of Auctane, and our 4 core values are brought together to give a sense of our culture.

With Innovation and Integrity at our core, we have a flat and open culture where data & evidence, backed by honest and frank discussions, beats subjective opinion and hierarchy.  We Collaborate with energy and Passion on meeting the needs of our fantastic customers and partners.

We passionately believe in forming autonomous, cross functional teams who are empowered to deliver our ambitious strategy. With stamps.com ownership comes the ability to operate largely independently away from Board meetings and old world thinking but with the financial support of a high performing tech company. Energy and passion for our business and customers is a part of the Auctane culture – and we love working with like-minded people. 

Why would I want to be a Cloud Security Engineer at Auctane?

To drive forward securing our AWS environments using industry leading security tools/services with regards to towards ‘security by design’ / ‘security as code’ / 'Shifting Left’ to help Auctane’s journey from a DevOps to a DevSecOps culture.

The role sits within the infosec team which is part of the larger Tech function who work at scale, pace and with the latest architecture patterns and tech.

We have a flat and open engineering culture where data, & evidence beats opinion and hierarchy, backed by honest and frank discussions. We passionately believe in forming autonomous, cross functional teams who are empowered to deliver our ambitious strategy.

What would I be doing?

• Architecting, designing and ownership of AWS Cloud Security including API Security and Container Security.
• Developing the automation of security and compliance capabilities in support of DevOps processes (SDLC)
• Architecting, designing and Policy ownership of a single WAF solution across all Auctane Brands
• Performing regular security reviews, vulnerability, risk assessments and audits
• Building relationships with all staff to promote “Security by Design” throughout the Engineering Teams and wider business.
• Being part of the internal Infosec / cyber security incident process - investigate suspected attacks and help manage security incidents, including providing post-mortem analysis, identify causes, develop solutions and preventive measures
• Responding swiftly to new and emerging security threats and vulnerabilities, investigate suspected attacks and be an integral part of the Information security incident process

What key skills and experience do I need?

As a trusted technical authority, you’ll be the go-to person for all things Security engineering for Cloud Security who can demonstrate and apply the following;

• Detailed technical knowledge of vulnerabilities, threats, attack methods and infection vectors with Cloud Environments.
• A solid foundation in cloud native networking fundamentals & security controls, WAFs, IDS, IPS technologies, ability to construct custom signatures and investigate intercepted traffic/logs.
◦ Experience of successfully implementing WAFs
• Solid understanding of AWS security tools (Security Hub, GuardDuty and Detective) and the use of Config
◦ Knowledge of EC2, S3, ECS and Fargate security best practices.
◦ Ability to visualise the security posture of our AWS environment and prioritisation of associated risks.
• Able to review basic HashiCorp Terraform Syntax and advise engineering teams on how to secure and deploy their Terraform code.
• Experience of running “Threat Modelling” for teams and products with reference to secure engineering principles, and standards (eg OWASP\CIS\NIST)
• Able to balance the demands of delivering high quality and demanding timescales.
• Hold yourself accountable to delivering on your commitments.
• Your every action demonstrates that collaboration is the best way to deliver awesome products

It would be great if you also could bring

• Knowledge of automated tools to secure infrastructure as code: Cloud Custodian
• Knowledge of code training platforms ie Secure Code Warrior
• Willing to attend conferences, webinars and meet-ups and share the learning.
• Experience of using automation to solve complex problems
• General development knowledge:
◦ At a high-level how an engineer builds and deploys code from their IDE through the pipeline and to production.
◦ Of a typical pipeline build (Jenkins or TeamCity) and therefore can advise teams on how to implement steps to automate security tools ie Static Application Security Testing (SAST) or Software Composition Analysis (SCA) as part of the build
• A desire to constantly challenge the norm

What are the perks?

• Access to training to help you progress your skills and career
• 25 days holiday, 10% bonus (paid quarterly), pension, enhanced maternity and paternity leave, group life insurance scheme, private medical healthcare
• Discounted gym membership, cycle to work scheme, interest free season ticket loan
• Breakfast, dinner, fresh fruit, snacks and drinks
• Dynamic, open culture with lots of social activities

Travel Requirements (if applicable):                   

  • None

Equal Opportunity Employer/Veterans/Disabled

If you are based in California, we encourage you to read this important information about the ShipStation Privacy Policy for California residents linked here.


Apply for this Job

* Required

When autocomplete results are available use up and down arrows to review
+ Add Another Education
+ Add Another Employment

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in ShipStation Careers’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.