Logo for EasyPost

Application Security Engineer

Role overview

Qualifications

  • Bachelor's degree in computer science, management information systems, or related field
  • 5+ years of related experience or master's degree and 3+ years of related experience
  • Ability to code proficiently in at least two of the following programming languages: Python, Ruby, Go, and Rust
  • Working knowledge of several compliance and regulatory frameworks (SOC2, ISO 27001, SOX/ITGC, HIPAA, GDPR, CCPA, etc.)

Responsibilities

  • Lead Security Architecture: Design, build, and maintain scalable security systems and infrastructure
  • Embed Security by Design: Partner with cross-functional teams to integrate security and privacy controls
  • Scale Security Operations: Build automated systems and programs for efficient security
  • Drive DevSecOps Adoption: Champion 'shift-left' methodologies and utilize Infrastructure-as-Code and CI/CD design patterns

About the company

EasyPost logo

EasyPost

EasyPost is a Shipping API that solves complex logistics problems for eCommerce businesses, enabling them to deliver an online shopping experience that delights customers. Some of the biggest names in retail rely on EasyPost to ship faster, smarter, and cheaper. We manage the headaches involved with dated carrier technology so our customers can focus on what grows their business. Integrate once with EasyPost and seamlessly add carriers, generate shipping labels, track packages in near real-time, and insure your shipments. EasyPost is growing fast! Check out our jobs page and join the excitement: https://www.easypost.com/jobs

Company details

Company typeSME
Company size51 - 200

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

🧡📦💙Founded in 2012, EasyPost is a YC unicorn whose mission is to make shipping simple for businesses—from garage startups to the Fortune 500. Shipping, now more than ever, is the backbone of the global economy, but integrating the technology-enabled operations of a modern business with the low-tech and complex shipping industry has always been a challenge. EasyPost solves this problem with the first developer-friendly REST API for shipping, and we continue to push boundaries and discover new ways to simplify shipping for all. Our team is rapidly growing, and this is the perfect time to get on board. Join us and help build the shipping infrastructure of the future. We’re builders, problem-solvers, and “there has to be a better way” people. We like elegant architecture, fast decisions, and shipping (pun intended) improvements that power millions of deliveries every day. We stay scrappy, we move fast, and we don’t wait for permission to innovate in an industry that desperately needs it. If you want to work on systems that actually move the world—literally—you’re in the right place. 🚚✨

Position Summary: 
 
The Application Security Engineer III will serve as a technical leader dedicated to helping us build an even more secure software ecosystem for our customers. Beyond identifying and mitigating vulnerabilities, you will architect comprehensive defense strategies and embed security into the fabric of our development lifecycle. Your efforts will help drive our application security posture forward, safeguarding sensitive data and ensuring compliance with industry standards while also preserving engineering velocity.
 
 
Essential Duties and Responsibilities:
 
The essential functions include, but are not limited to the following:
 
o Lead Security Architecture: Design, build, and maintain scalable security systems and infrastructure that align with the organization's evolving business goals.
o Embed Security by Design: Partner with cross-functional teams to integrate security and privacy controls into the product lifecycle, from project inception to final delivery.
o Scale Security Operations: Build automated systems and programs that allow security at EasyPost to scale efficiently in both breadth and depth of coverage.
o Drive DevSecOps Adoption: Champion "shift-left" methodologies, utilizing Infrastructure-as-Code and CI/CD design patterns to move security feedback to the earliest phases of development.
o Product Innovation: Architect and build competitive customer-facing security features that support business growth and appeal to security-conscious markets.
o Intelligent Notifications: maintain high-fidelity alerting/notification infrastructure that delivers timely, relevant, and actionable intelligence to internal staff and customers.
o Enablement & Education: Create self-service documentation, training materials, and knowledge base resources that empower developers to write safer code and increase productivity.
o M&A Integration: Collaborate directly with M&A entities to assess risks, integrate products, and unify diverse environments under our security standards.
 
 
Minimum Education & Experience Qualifications:
 
o Bachelor's degree in computer science, management information systems, or related field.
o 5+ years of related experience, master’s degree and 3+ years of related experience, or equivalent related work experience.
o Ability to code proficiently in at least two of the following programming languages: Python, Ruby, Go, and Rust.
o Ability to design systems that are simple to understand, maintainable, scalable, and resilient.
o Prior experience securing large-scale web applications and/or Application Programming Interfaces (APIs), including performing security design reviews, vulnerability assessments, and building testing strategies for logic flaws.
o The ability to understand and communicate concepts around threat modeling and risk management, including to both technical and non-technical stakeholders.
o Proven history of building strong partnerships with Engineering and Product teams to deliver world-class products and features.
o Working knowledge of several compliance and regulatory frameworks (SOC2, ISO 27001, SOX/ITGC, HIPAA, GDPR, CCPA, etc…)
o Experience in assessing risk and selecting key objectives during the vendor management lifecycle for software, hardware, cloud, and software-as-a-service vendors.
o Deep knowledge of how to build and maintain mixed computing environments (Linux, Windows, Mac OS, and mobile devices).
o Past experience with migrating applications and services to public cloud providers (AWS, GCP, Azure, etc…)
 
Core Competencies Required: 
 
o Knowledge and Application: Complete knowledge and full understanding of areas of specialization, principles and practices within a professional discipline. Assesses unusual circumstances and uses sophisticated analytical and problem solving techniques to identify causes. Resolves and assesses a wide range of issues in creative ways and suggests variations in approach. This job is a fully qualified, experienced professional, journey-level position.

o Complexity & Problem Solving: Works on problems of diverse scope where analysis of information requires evaluation of identifiable factors. Devises solutions based on limited information and precedent and adapts existing approaches to resolve issues. Uses evaluation, judgment, and interpretation to select the right course of action. Work is done independently and is reviewed at critical points.

o Collaboration & Interaction: Enhances relationships and networks with senior internal/external partners who are not familiar with the subject matter, often requiring persuasion. Adapts style to different audiences and often advises others on difficult matters.
 
What We Offer:

o Comprehensive medical, dental, vision, and life insurance
o Competitive compensation package and equity
o Monthly work from home stipend of $50
o Flexible work schedule and paid time off
o Collaborative culture with a supportive team
o A great place to work with unlimited growth opportunities
o The opportunity to make massive contributions at a hyper-growth company
o Make an impact on a product helping ship millions of packages per day

Data Privacy Notice for Job Applicants:
For information on personal data processing, please see our Privacy Policy: https://www.easypost.com/privacy

"EasyPost is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law."

To be considered for this position, you must be authorized and based in the United States.

If you have any questions or concerns you can reach out to me directly on LinkedIn @KristinaPerna :).

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Security Engineer Related jobs

Other jobs at EasyPost

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.