Cloud Security Engineer

Job Description

Job Title

At Shipt, we are transforming the grocery shopping experience and giving time back to consumers. Our friendly shoppers handpick fresh groceries and household essentials, then deliver them to your door in as little as one hour.

Shipt is growing and we are searching for a Cloud Security Engineer to join our team! The Cloud Security Engineer at Shipt will possess advanced knowledge and experience in monitoring, supporting, and hardening cloud infrastructure and environments; preferably AWS and/or GCP. The ideal candidate will have experience working with Information Security and DevOps teams in a CI/CD environment as well as a comprehensive understanding of cloud security operations, compliance, and cloud Identity and Access Management (IAM).

What You’ll Gain

You will get experience working with a cross-disciplinary team shipping real-world products to our customers around the nation. You will also receive hands-on mentorship from your friendly teammates on topics ranging from design to career advice

Your Responsibilities

• Identify, validate, and resolve security vulnerabilities in Shipt’s cloud environment(s) and applications.
• Respond to, investigate, and remediate any actionable security incidents or events.
• Support, monitor, and improve Shipt’s current security controls and tooling.
• Assist in the evaluation, purchasing/procurement, and implementation of new security controls as needed.
• Automate and centralize incident response and alerting (and other manual tasks) using various APIs and other technologies.
• Help to identify any control gaps and remediate them with existing tooling or develop custom tools.
• Assist with the administration of Shipt’s HackerOne bug bounty program and triage/validate reported vulnerabilities as needed.
• Assist with the architecture and administration of Shipt’s Identity and Access Management and SSO platforms.
• Assist with completing Security Information Gathering (SIG) and Third Party Security Audit Questionnaires (TPQ) as needed.
• Help design, develop, and enforce org-wide information security standards, policies, and procedures.
• Assist with obtaining and maintaining PCI, SOC-2, and other information security regulatory/compliance requirements.
• Work independently and with a team on various applications, participating in meetings and conference calls as needed with users and internal leadership.
• Participate in SecOps on-call rotation to support users and respond to incidents after-hours.
• Communicate effectively and perform due diligence to get to the root cause of any issue.

Requirements

• You have a minimum of 3 years of on-the-job experience in an information security-focused role and at least 1 of those in AWS, GCP or other major cloud provider.
• You have experience implementing and supporting best-practice security architecture and operations in the cloud.
• You have experience with distributed architectures, and/or microservices.
• Extensive knowledge of technical security controls and technologies (e.g. IDS, IPS, traditional, NextGen and Web Application Firewalls; Data Loss Prevention; Security Information and Event Management (SIEM); Identity and Access Management and Privileged User Management; Public Key Infrastructure and Certificate management).
• You have experience and familiarity with the Kali Linux distribution, BurpSuite, OWASP ZAP, Nessus, and/or other industry-standard security assessment tools.
• You have experience with SSO and Identity Federation services and products.
• You have some experience using scripting languages like Python, Bash, Go, Powershell, etc to automate tasks.
• You have experience and familiarity with obtaining and maintaining PCI, SOX, HIPAA, or other regulatory/compliance requirements, as well as internal/external audits.
• You have significant, hands-on technical experience with Linux OS administration and hardening.

Nice to Haves

• You have a passion for security and ethical hacking.
• You can work in a fast-paced company that is changing constantly.
• You are excited to learn and master new skills.
• You have a deep love of automation and building things!
• Experience using Slack to automate and integrate security reporting and tooling.
• Experience with AlienVault USM Anywhere and/or Prisma Cloud/Twistlock
  Information security certification(s) such as CISSP, CCSP, CEH, OSCP, OSWE, etc.
• You have experience in application development and/or development operations (DevOps).
• Experience with the automation and implementation of DAST/SAST in a CI/CD pipeline.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.