Security Engineer

Security Engineer

Location: Austin, TX 78701, hybrid environment, ability to be on-site a few days a week required.
Salary: $120-135k base salary ($140-155k estimated total comp)

uShip is seeking a motivated Security Engineer to join our team full-time and help protect our systems, infrastructure, and data. You will contribute to implementing and supporting security controls to defend against current threats and maintain compliance with relevant standards and industry best practices. As a trusted resource in our collaborative, fast-paced environment, you will partner with IT, Development, and Product teams to proactively identify vulnerabilities, assist with incident response, and support ongoing enhancements to our security systems, processes, and practices.

• 3+ years of demonstrated experience in systems (On-Prem, Hybrid, and Cloud) and application security, including infrastructure hardening and secure software development using security frameworks and best practice methodologies
• 3+ years of demonstrated security engineering within complex AWS environments as a primary focus
• 3+ years of demonstrated knowledge in common web application and infrastructure vulnerability detection, mitigation, remediation, and reporting with related security / penetration testing tools
• 2+ years of experience with EDR, Zero-Trust, Email, and SIEM security toolset deployment with Crowdstrike as a focus
• 2+ years working with a Security Operations Center internal and external
• 2+ years with securing virtual servers / services, CI/CD Pipelines (Github / Git Hub Actions / Git Hub Advanced Security), and microservices environments (including serverless) via Infrastructure as Code deployment methods (Terraform)
• Attention to detail and a commitment to delivering high-quality, secure applications, systems, and platforms
• Keeping current with information security news and provide updates to the team and business as needed

• Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or CompTIA Security+ / Pro
• Security Engineering and Administration within Azure / GCP environments.
• Cloudflare-based networking security and administration.
• Demonstrated experience with AI security and best practices
• Familiarity with secure coding practices in languages (including JavaScript, Node, C#, SQL) and Dev Sec Ops  practices such as SAST and DAST scanning.
• Possesses a solid understanding of authentication and authorization mechanisms and best practices (OAuth, SSO, SAML, JWT, MFA, Zero Trust with Okta and Zscaler as focuses)
• Strong analytical and problem-solving skills within a team environment
• Excellent communication skills, both written and verbal, including the ability to clearly articulate security risks to non-technical stakeholders
• Experience with weekly security communications and presentations to leadership

• Security Assessment & Testing: Participate in regular security assessments of applications and systems, including static and dynamic analysis, penetration testing, and code reviews, to identify and mitigate vulnerabilities
• Security Integration in SDLC: Collaborate with development and product teams to integrate security measures throughout the software development lifecycle (SDLC), from design to production
• Vulnerability Management: Help identify, prioritize, and track security vulnerabilities; provide remediation recommendations, such as patching or secure coding fixes. Monitor threat intelligence feeds and assist in applying relevant protections.
• Threat Modeling: Work with development teams to perform threat modeling and risk assessments for new applications and features to identify potential security issues early in the development process to protect our systems, data, and users from advanced persistent threats
• Security Tooling & Automation: Assist in implementing and maintaining security tools and automation to detect vulnerabilities and monitor security posture.
• Incident Response & Investigation: Respond to security incidents and application breaches, conducting root cause analysis and guiding corrective measures to prevent future incidents
• Security Documentation & Reporting: Document security findings, communicate risks to relevant stakeholders, and generate reports for leadership on the status of application security across the organization
• Compliance & Best Practices: Support compliance with standards (ISO, NIST, OWASP, PCI-DSS, GDPR, and others as applicable) and contribute to security guidelines.
• Training & Awareness: Share secure coding practices, threat awareness, and vulnerability mitigation techniques with development teams.
• Vendor Risk Assessments: Understand, measure, and mitigate security and other risks that come with relying on external vendors.
• Work Schedule: Monday through Friday, 9am - 5pm with flexibility. Hybrid environment, ability to be on-site a few days a week. On-call team rotation. Occasional night and weekend work may be required.

• We are…