Location:  Austin, TX 78701, hybrid environment, ability to be on-site a few days a week required.  
Salary:  $120-135k base salary ($140-155k estimated total comp)

uShip is seeking a motivated Security Engineer to join our team full-time and help protect our systems, infrastructure, and data. You will contribute to implementing and supporting security controls to defend against current threats and maintain compliance with relevant standards and industry best practices. As a trusted resource in our collaborative, fast-paced environment, you will partner with IT, Development, and Product teams to proactively identify vulnerabilities, assist with incident response, and support ongoing enhancements to our security systems, processes, and practices.

Requirements

• 3+ years of demonstrated experience in systems (On-Prem, Hybrid, and Cloud) and application security, including infrastructure hardening and secure software development using security frameworks and best practice methodologies 
• 3+ years of demonstrated security engineering within complex AWS environments as a primary focus 
• 3+ years of demonstrated knowledge in common web application and infrastructure vulnerability detection, mitigation, remediation, and reporting with related security / penetration testing tools
• 2+ years of experience with EDR, Zero-Trust, Email, and SIEM security toolset deployment with Crowdstrike as a focus
• 2+ years working with a Security Operations Center internal and external
• 2+ years with securing virtual servers / services, CI/CD Pipelines (Github / GitHub Actions / GitHub Advanced Security), and microservices environments (including serverless) via Infrastructure as Code deployment methods (Terraform)
• Attention to detail and a commitment to delivering high-quality, secure applications, systems, and platforms 
• Keeping current with information security news and provide updates to the team and business as needed 

Preferred Experience

• Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or CompTIA Security+ / Pro
• Security Engineering and Administration within Azure / GCP environments.
• Cloudflare-based networking security and administration. 
• Demonstrated experience with AI security and best practices
• Familiarity with secure coding practices in languages (including JavaScript, Node, C#, SQL) and DevSecOps practices such as SAST and DAST scanning.
• Possesses a solid understanding of authentication and authorization mechanisms and best practices (OAuth, SSO,  SAML, JWT, MFA, Zero Trust with Okta and Zscaler as focuses) 
• Strong analytical and problem-solving skills within a team environment
• Excellent communication skills, both written and verbal, including the ability to clearly articulate security risks to non-technical stakeholders
• Experience with weekly security communications and presentations to leadership 

Responsibilities

• Security Assessment & Testing: Participate in regular security assessments of applications and systems, including static and dynamic analysis, penetration testing, and code reviews, to identify and mitigate vulnerabilities 
• Security Integration in SDLC: Collaborate with development and product teams to integrate security measures throughout the software development lifecycle (SDLC), from design to production 
• Vulnerability Management: Help identify, prioritize, and track security vulnerabilities; provide remediation recommendations, such as patching or secure coding fixes. Monitor threat intelligence feeds and assist in applying relevant protections.
• Threat Modeling: Work with development teams to perform threat modeling and risk assessments for new applications and features to identify potential security issues early  in the development process to protect our systems, data, and users from advanced persistent threats 
• Security Tooling & Automation: Assist in implementing and maintaining security tools and automation to detect vulnerabilities and monitor security posture.
• Incident Response & Investigation: Respond to security incidents and application breaches, conducting root cause analysis and guiding corrective measures to prevent future incidents 
• Security Documentation & Reporting: Document security findings, communicate risks to relevant stakeholders, and generate reports for leadership on the status of application security across the organization 
• Compliance & Best Practices: Support compliance with standards (ISO, NIST, OWASP, PCI-DSS, GDPR, and others as applicable) and contribute to security guidelines.
• Training & Awareness: Share secure coding practices, threat awareness, and vulnerability mitigation techniques with development teams.
• Vendor Risk Assessments: Understand, measure, and mitigate security and other risks that come with relying on external vendors.
• Work Schedule:  Monday through Friday, 9am - 5pm with flexibility.  Hybrid environment, ability to be on-site a few days a week.  On-call team rotation.  Occasional night and weekend work may be required.

Location:  Austin, TX 78701, hybrid team environment

Salary:  $120-135k base salary ($140-155k estimated total comp)

  *We are unable to employ remote workers in New York City, Massachusetts, Montana, Hawaii, Alaska, California, or any location outside the U.S.
  *We are unable to consider candidates requiring visa sponsorship or transfer, including OPT and H-1B, now or in the future.
 *We are not accepting applications from agencies or independent contractors at this time.

Why uShip?

uShip offers big-company benefits in a small-sized company because we really value and are committed to our people. There are even some extras that will surprise you.

• Remote or hybrid work options
• Monthly Wellness Reimbursements
• Home office Reimbursements
• Company paid meal delivery pass
• 100% Paid Health and Dental available
• 401(k) matching, no vesting
• Stock Options
• Pet Insurance
• Dog-friendly downtown office

Company Overview

uShip is the world’s first and largest shipping marketplace, making it quicker, easier, and more affordable to ship large or bulky items. Consumers and businesses can compare and book bids from hundreds of thousands of customer-reviewed transportation service providers, ranging from independent owner-operators to the largest freight carriers and brokers. From cars to cranes and furniture to freight, our straightforward and transparent platform helps people, businesses, e-commerce sellers, and multinational logistics companies ship with greater speed and efficiency. Customers save money and service providers make money using their empty cargo space – everyone wins!

We welcome diversity in all its forms, and believe we’re better collaborators, strategizers, and thinkers because of it. uShip is an equal opportunity employer. We are inspired to find candidates who embody our Core Values. uShip prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, gender identity, age, parental status, national origin, disability, or veteran status. We celebrate our differences and are committed to creating an inclusive environment for all employees.