Senior SecDevOps Engineer

San Francisco, Austin, or Remote

Full Time Senior-level / Expert
Shippo logo


Shippo is the best multi-carrier shipping software for e-commerce businesses. Find the best shipping rates, integrate with e-commerce platforms, print shipping labels, track package delivery, and verify addresses with either our shipping API or...
Apply now Apply later

Before you read on, take a look around you. Chances are, pretty much everything you see has been shipped, often multiple times, in order to get there. E-commerce and parcel shipping volumes are exploding but so are customer expectations about shipping speed and cost. Managing shipping and logistics operations to meet increasingly exacting demands is an extremely hard endeavor, especially for SMBs who can be left in the dust by larger and far more sophisticated competitors. But this does not have to be so.
At Shippo, our goal is to level the playing field by providing businesses with access to shipping tools and terms that would not be available to them otherwise. We lower the barriers to shipping for businesses around the world, and move shipping from a pain point to a competitive advantage.
Through Shippo, e-commerce businesses, from fast-growing brands to mom-and-pop shops are able to connect to multiple shipping carriers around the world from one API and dashboard, and seamlessly run every aspect of their shipping operations, from checkout shipping options to returns.
Join us to build the foundations of something hard yet meaningful, roll up your sleeves, and get important work done everyday. Founded in 2013, and funded by top-tier investors likeD1 Capital Partners, Bessemer Venture Partners, Union Square Ventures, Uncork Capital, VersionOne Ventures, FundersClub, we are a fast-growing and proudly distributed Unicorn with hubs in San Francisco and Austin. We are also featured in Wealthfront’s Career Launching List  and Forbes’ Cloud 100 list of fast growing startups.
About the Role
As a Senior SecDevOps Engineer at Shippo, you will help secure our systems by designing and creating software, infrastructure, automation, processes and policies, and championing their adoption across engineering and the rest of the company. You are part of a team that is responsible for ensuring that Shippo’s corporate and production systems exceed industry security and compliance standards by implementing safeguards to protect and monitor sensitive data and systems. 


  • Analyze, assess, and respond to cybersecurity threats
  • Perform cyber risk assessments, security architecture reviews, and threat modeling, to identify gaps, recommend solutions, and drive the gaps to completion
  • Draft and maintain information security standards, policies and best practices
  • Develop processes, code, or systems that mitigate and prevent vulnerabilities
  • Implement secure software development measures into CI/CD pipelines and collaborate with dev teams to apply a shift-left security strategy in the development lifecycle
  • Select, implement and maintain security tools, infrastructure, and automation
  • Respond to security audits and security assessment requests
  • Conduct regular security assessments, application security testing and penetration tests
  • Set-up secure access to cloud production services for administration, deployment, configuration, and debugging
  • Conduct in-depth security reviews of code and infrastructure as code
  • Conduct in-depth security reviews of corporate and production infrastructure
  • Manage the security bug backlog with dev teamsManage Shippo’s bug bounty program
  • Advise teams on developing pragmatic solutions that achieve business requirements and also maintain acceptable levels of risk
  • Evangelize security best practices across the organization


  • Minimum 5 years of experience in a combination of risk management, information security and security engineering roles
  • BS or MS degree in Computer Science or equivalent experience
  • Relevant experience with application security, secure software development, and building security into software development workstreams
  • Relevant experience managing security on cloud computing platforms (e.g. AWS, Azure, GCP)Proven expertise in system and network security including authentication and security protocols, cryptography, intrusion detection systems (IDS), firewalls, VPNs, common security weaknesses/vulnerabilities/attack points, and both wireless and wired security
  • Proven expertise in application security with a strong understanding of common software security flaws and hands on experience in identifying and resolving such issues Experience building security programs and developing policies, standards and procedures
  • Experience with handling incident response and leading Security Incident Response Teams
  • Certification in one or more technical information security disciplines (e.g. CISSP, SSCP, CCSP, GIAC) is highly desired
  • Relevant experience working in the SaaS industry with a deep understanding of regulatory and audit frameworks such as ISO, GDPR, SOC2 etc. is highly desired
  • Experience with bug bounty programs
  • Deep understanding of customer needs and passion for customer success
  • Exceptional verbal, written, and interpersonal communication skills
Benefits and Perks
Medical, dental, and vision healthcare coverage for you and your dependents. Pets coverage is also available!Flexible policy for PTO and work arrangement 3 VTO days for ShippoCares volunteering events $2,500 annual learning stipend for your personal and professional growthCharity donation match up to $100Free daily catered lunch, drinks, and snacksFun team events outside of work hours - happy hours, “escape room” adventures, hikes, and more!
Job region(s): North America
Job stats:  0  0  0
  • Share this job via
  • or

Explore more Remote Work and WFH career opportunities