EasyPost - Application Security Engineer

• The essential functions include, but are not limited to the following: • o Lead Security Architecture: Design, build, and maintain scalable security systems and infrastructure that align with the organization's evolving business goals. • o Embed Security by Design: Partner with cross-functional teams to integrate security and privacy controls into the product lifecycle, from project inception to final delivery. • o Scale Security Operations: Build automated systems and programs that allow security at EasyPost to scale efficiently in both breadth and depth of coverage. • o Drive DevSecOps Adoption: Champion "shift-left" methodologies, utilizing Infrastructure-as-Code and CI/CD design patterns to move security feedback to the earliest phases of development. • o Product Innovation: Architect and build competitive customer-facing security features that support business growth and appeal to security-conscious markets. • o Intelligent Notifications: maintain high-fidelity alerting/notification infrastructure that delivers timely, relevant, and actionable intelligence to internal staff and customers. • o Enablement & Education: Create self-service documentation, training materials, and knowledge base resources that empower developers to write safer code and increase productivity. • o M&A Integration: Collaborate directly with M&A entities to assess risks, integrate products, and unify diverse environments under our security standards. • Minimum Education & Experience Qualifications: • o Bachelor's degree in computer science, management information systems, or related field. • o 5+ years of related experience, master’s degree and 3+ years of related experience, or equivalent related work experience. • o Ability to code proficiently in at least two of the following programming languages: Python, Ruby, Go, and Rust. • o Ability to design systems that are simple to understand, maintainable, scalable, and resilient. • o Prior experience securing large-scale web applications and/or Application Programming Interfaces (APIs), including performing security design reviews, vulnerability assessments, and building testing strategies for logic flaws. • o The ability to understand and communicate concepts around threat modeling and risk management, including to both technical and non-technical stakeholders. • o Proven history of building strong partnerships with Engineering and Product teams to deliver world-class products and features. • o Working knowledge of several compliance and regulatory frameworks (SOC2, ISO 27001, SOX/ITGC, HIPAA, GDPR, CCPA, etc…) • o Experience in assessing risk and selecting key objectives during the vendor management lifecycle for software, hardware, cloud, and software-as-a-service vendors. • o Deep knowledge of how to build and maintain mixed computing environments (Linux, Windows, Mac OS, and mobile devices). • o Past experience with migrating applications and services to public cloud providers (AWS, GCP, Azure, etc…)