Shipium is on a mission to solve the ‘Prime problem’ that modern retailers face today—how to make fast, free and on-time delivery promises a cornerstone of the customer’s shopping experience. We’re building tech that connects previously fragmented systems and automates complex supply chain decisions to deliver speed and value across operations.
Shipium was founded in 2019 by supply chain leaders from Amazon and Zulily, and recently raised the largest Series A in logistics tech history backed by world-class investors like Insight Partners, Trilogy Ventures, and Pioneer Square Labs.
Job Title:Senior DevSecOps
Shipium is looking for DevSecOps Engineer to help deliver cutting edge mission enablement apps.
We are looking for candidates with established experience with cloud platform services, DevOps practices such as build/release management, secure SDLC/DevSecOps practices such as automating security processes in CI/CD pipeline, and general automation.
The DevSecOps Engineer is also responsible for maintaining the security, technology, wellness, and integrity of Shipium.
The ideal candidate will assist Shipium’s engineering team in building a comprehensive software 'factory' in addition to instituting a fully integrated and secure systems architecture available to Shipium and its Customers.
Join us in:
- Help to build our DevSecOps Strategy and Practice to integrate cybersecurity into the organizational adoption and improvement of agile practices.
- Partnering with the Engineering team leads to create, implement and apply DevSecOps principles, processes and culture that are consumed by delivery teams across our company.
- Provide subject matter expertise in various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle.
- Advocate for software engineering practices such as unit testing, code reviews, full build testing, quality engineering practices and requirements capturing techniques to the teams to improve end to end secure delivery practices.
- Advocate for and ensure appropriate security practices are communicated and implemented within their projects.
- Be a trusted automation and tooling advisor for DevSecOps initiatives by providing objective, practical and relevant ideas, insights and advice.
- Assist application teams with on-boarding to the adopted security tools/technologies; working with vendors to troubleshoot the platform and issues related to such integrations..
- Work with teams to bring continuous improvement to DevSecOps processes and tools.
- Securing the SDLC process via automation and security processes in CI/CD pipeline
- Architecting and continuously improving infrastructure for cloud-based services and client interfaces
- Analyzing security systems, audits, and seeking improvements on a continuous basis
- Integrating DevSecOps tools and services (code repository, artifact repository, source code analyzer, security scanning, testing tools, and an orchestrated integration and delivery platform) to enable automated application building, testing, and securing of our deployments
- Creating and designing IaC solutions to promote services through the development, test, and production environments.
- Conducting technical Root Cause Analysis on vulnerabilities and identifying areas for further research, education, or testing
- Leading CVE Vulnerability Triage meetings: track, assess, and document vulnerabilities
- Leading teams through threat modeling exercises
- Providing occasional on-call support
- 5+ years of software development or DevOps experience (full life-cycle object-oriented development a plus
- Must have extensive experience with production cloud environments on AWS, Azure, or GCP
- Must have experience with automation/configuration management using either Ansible, Puppet, Chef, Terraform, or an equivalent
- Building, testing, and administering highly available Container Platform cluster (AWS, Kubernetes)
- Experience building and maintaining AWS infrastructure (VPC, EC2, Security Groups, IAM, ECS, EKS, RDS, S3, SQS, ELK).
- Must have strong experience with at least one programming language: Python, C#, Java, etc.
- Must have experience with development operations of continuous integration, automated testing, and automation of the dev process
- Design and roll out scalable infrastructure using container orchestration systems like Kubernetes
- Experience with Jenkins or GitLabs is preferred
- Strong experience with relational databases / SQL queries / NoSQL databases is a plus
- Must possess strong oral and written communications skills and emotional intelligence
- Must have a strong background in Linux/Unix Administration
Shipium is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. Shipium makes hiring decisions based solely on qualifications, merit, and business needs at the time.