Rust Jobs for Rustaceans

Key Responsibilities:

• Lead the design, building and maintenance of security systems and infrastructure that support the organization's evolving business and security goals
• Collaborate with other teams to integrate security and privacy controls and technology into the company’s overall planning and development process from project inception to project delivery
• Build systems and programs that help security at EasyPost to scale efficiently in both breadth and depth of coverage
• Embrace “shift-left” DevSecOps patterns, including infrastructure-as-code and Continuous Integration/Continuous Delivery design patterns that move security feedback to the earliest phases of product development and provide faster feedback to partner teams
• Design and build key competitive security features within the product itself that will support continued business growth among security-conscious customers
• Build and maintain security alerting infrastructure that delivers timely, relevant, and actionable alerts directly to internal staff, customers, and users
• Create and maintain self-service documentation, training material, and knowledge base resources that help developers be more productive and write safer code
• Work directly with M&A entities to integrate their products and improve the overall security posture of their existing development and support environments

Requirements:

• Bachelor's degree in computer science, management information systems, or related field
• 8+ years of related experience, master’s degree and 6+ years of related experience, or equivalent related work experience
• Comfortable writing production-ready code daily in at least two of the following languages: Python, Ruby, Go, or Rust
• Ability to design systems that are simple to understand, maintainable, scalable, and resilient
• Prior experience securing large-scale web applications and/or Application Programming Interfaces (APIs), including performing security design reviews, vulnerability assessments, and building testing strategies for logic flaws
• The ability to understand and communicate concepts around threat modeling and risk management, including to both technical and non-technical stakeholders
• Proven history of building strong partnerships with Engineering and Product teams to deliver world-class products and features
• Working knowledge of several compliance and regulatory frameworks (SOC2, ISO 27001, SOX/ITGC, HIPAA, GDPR, CCPA, etc…)
• Experience in assessing risk and selecting key objectives during the vendor management lifecycle for software, hardware, cloud, and software-as-a-service vendors
• Deep knowledge of how to build and maintain mixed computing environments (Linux, Windows, Mac OS, and mobile devices)
• Past experience with migrating applications and services to public cloud providers (AWS, GCP, Azure, etc…)