Qualys VMDR (advanced)
About us :
Every day, the complex challenges of global shipping and logistics bring growing pains that fast-growing online brands struggle to negotiate.
Getting products into the hands of customers quickly and affordably is a challenge for most. At Auctane, we serve and champion these merchants every day.
Our software stack solves shipping and logistics problems that arise as merchants scale, so they can focus their time, energy, and resources on what matters most.
Auctane is a team of shipping and software experts with a passion for helping merchants move their ideas, dreams and innovations around the globe.
The Auctane family includes ShipStation, ShipWorks, ShipEngine, ShippingEasy, Stamps, Endicia, Metapack, Shipsi, GlobalPost, and Packlink.
Our partners include Amazon, UPS, USPS, eBay, BigCommerce, Shopify, WooCommerce, and Walmart.
Why would I want to be a Senior Security Engineer at Auctane?
The role sits within the infosec team which is part of the larger R&D Tech function who work at scale, pace and with the latest architecture patterns and tech.
The role would currently be an 80 / 20 split looking at Auctane’s corporate security / Auctane’s cloud env’s.
Full Ownership of protecting our corporate environment (people & assets) through industry standard tools, control, training and awareness.
To be part of the team driving forward securing our AWS environment using industry leading security tools / services with regards to towards security by design’ / security as code’ / 'Shifting Left’ to help Metapack’s journey from a DevOps to a DevSecOps culture.
We have a flat and open engineering culture where data, & evidence beats opinion and hierarchy, backed by honest and frank discussions.
We passionately believe in forming autonomous, cross functional teams who are empowered to deliver our ambitious strategy.
What would I be doing?
Assuring that Auctane has best of breed industry standard’ security tooling in place to protect the business’s assets.
Aligning existing tooling or mitigating gaps by choosing new appropriate tooling throughout our Auctane’s entities / brands.
Responding swiftly to new and emerging security threats and vulnerabilities, investigate suspected attacks and be an integral part of the Information security incident process
Being part of the internal Infosec / cyber security incident process - investigate suspected attacks and help manage security incidents, including providing post-mortem analysis, identify causes, develop solutions and preventive measures
Managing the development, refresh and continued implementation of the Auctane’s Information Security Management System
Performing regular security reviews, vulnerability, risk assessments and audits
Building relationships with all staff to promote Security by Design throughout the business.
Working with outside consultants as appropriate for independent security reviews and compliance audits
What key skills and experience do I need?
As a trusted technical authority, you’ll be the go-to person for all things Security engineering with a Corporate Environment who can demonstrate and apply the following;
Detailed technical knowledge of vulnerabilities, threats, attack methods and infection vectors within Corporate Environments which are SaaS first..
Significant experience of Email Protection, Vulnerability / compliance, End Point Protection, Access Control / Identity management.
eg Proofpoint, Crowdstrike, Qualys VMDR, OKTA, Lastpass)
Experience of Providing infosec Staff Training / Awareness and Phishing campaigns via SaaS platforms such as Proofpoint.
Experience of running Threat Modelling for teams and products with reference to secure engineering principles, and standards (eg OWASP CIS NIST)
Experience in securing Google workspace Implementations.
A solid foundation in computer networking fundamentals & security controls, firewalls, WAFs, IDS, IPS technologies.
Able to balance the demands of delivering high quality and demanding timescales.
Hold yourself accountable to delivering on your commitments.
Your every action demonstrates that collaboration is the best way to deliver awesome products
It would be great if you also could bring
Working knowledge of Security in AWS / GCP cloud environments
Security Hub, GuardDuty and Detective) and the use of Config
Knowledge of EC2, S3, ECS and Fargate security best practices.
Ability to visualise the security posture of our AWS environment and prioritisation of associated risks.
Hands on experience with a Cloud Security Posture Management (CSPM) tool.
The desire to move into a more DevSecOps culture
Willing to attend conferences, webinars and meet-ups and share the learning.
Experience of using automation to solve complex problems.
A desire to constantly challenge the norm
What are the perks?
The opportunity to cooperate with representatives of the world's largest brands,
experience built in cooperation with teams from Great Britain and the USA,
Open and transparent career paths inside the organization,
Up to 30 days of vacation per year (additional days are granted along with seniority at AUCTANE) + an additional free day for volunteering once a year,
Free private medical care,
Attractive life insurance offer,
Co-financing for sports and recreational activities - the greater, the longer you stay with us,
Free English, German and Spanish language courses,
Comfortable working conditions - support for the team and superiors, relaxation rooms, sweets, fresh fruits, integration events,
Possibility to work in a home-office using equipment provided by AUCTANE, or in our office prepared in accordance with all safety requirements during a pandemic.
Please submit an English version of your resume.