uShip · 9 hours ago
Security Engineer
Austin, TX
Full-time
Hybrid
Mid Level
$120K/yr - $135K/yr
3+ years expuShip is the world’s first and largest shipping marketplace, and they are seeking a motivated Security Engineer to join their team. The role involves protecting systems, infrastructure, and data by implementing security controls, identifying vulnerabilities, and supporting incident response efforts.
Freight ServiceMarketplaceShipping
No H1B
Hiring Manager
Angie Meier
Responsibilities
Security Assessment & Testing: Participate in regular security assessments of applications and systems, including static and dynamic analysis, penetration testing, and code reviews, to identify and mitigate vulnerabilities
Security Integration in SDLC: Collaborate with development and product teams to integrate security measures throughout the software development lifecycle (SDLC), from design to production
Vulnerability Management: Help identify, prioritize, and track security vulnerabilities; provide remediation recommendations, such as patching or secure coding fixes. Monitor threat intelligence feeds and assist in applying relevant protections
Threat Modeling: Work with development teams to perform threat modeling and risk assessments for new applications and features to identify potential security issues early in the development process to protect our systems, data, and users from advanced persistent threats
Security Tooling & Automation: Assist in implementing and maintaining security tools and automation to detect vulnerabilities and monitor security posture
Incident Response & Investigation: Respond to security incidents and application breaches, conducting root cause analysis and guiding corrective measures to prevent future incidents
Security Documentation & Reporting: Document security findings, communicate risks to relevant stakeholders, and generate reports for leadership on the status of application security across the organization
Compliance & Best Practices: Support compliance with standards (ISO, NIST, OWASP, PCI-DSS, GDPR, and others as applicable) and contribute to security guidelines
Training & Awareness: Share secure coding practices, threat awareness, and vulnerability mitigation techniques with development teams
Vendor Risk Assessments: Understand, measure, and mitigate security and other risks that come with relying on external vendors
Work Schedule: Monday through Friday, 9am - 5pm with flexibility. Hybrid environment, ability to be on-site a few days a week. On-call team rotation. Occasional night and weekend work may be required
Qualification
Required
3+ years of demonstrated experience in systems (On-Prem, Hybrid, and Cloud) and application security, including infrastructure hardening and secure software development using security frameworks and best practice methodologies
3+ years of demonstrated security engineering within complex AWS environments as a primary focus
3+ years of demonstrated knowledge in common web application and infrastructure vulnerability detection, mitigation, remediation, and reporting with related security / penetration testing tools
2+ years of experience with EDR, Zero-Trust, Email, and SIEM security toolset deployment with Crowdstrike as a focus
2+ years working with a Security Operations Center internal and external
2+ years with securing virtual servers / services, CI/CD Pipelines (Github / GitHub Actions / GitHub Advanced Security), and microservices environments (including serverless) via Infrastructure as Code deployment methods (Terraform)
Attention to detail and a commitment to delivering high-quality, secure applications, systems, and platforms
Keeping current with information security news and provide updates to the team and business as needed
Preferred
Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or CompTIA Security+ / Pro
Security Engineering and Administration within Azure / GCP environments
Cloudflare-based networking security and administration
Demonstrated experience with AI security and best practices
Familiarity with secure coding practices in languages (including JavaScript, Node, C#, SQL) and DevSecOps practices such as SAST and DAST scanning
Possesses a solid understanding of authentication and authorization mechanisms and best practices (OAuth, SSO, SAML, JWT, MFA, Zero Trust with Okta and Zscaler as focuses)
Strong analytical and problem-solving skills within a team environment
Excellent communication skills, both written and verbal, including the ability to clearly articulate security risks to non-technical stakeholders
Experience with weekly security communications and presentations to leadership
Benefits
Remote or hybrid work options
Monthly Wellness Reimbursements
Home office Reimbursements
Company paid meal delivery pass
100% Paid Health and Dental available
401(k) matching, no vesting
Stock Options
Pet Insurance
Dog-friendly downtown office
Company
uShip
uShip is online transport marketplace primarily serving the freight, household goods, and vehicle shipping markets.
51-200 employees
Funding
Current Stage
Late StageTotal Funding
$69.71MKey Investors
DB SchenkerKleiner PerkinsBenchmark,DAG Ventures
2017-02-15Series D· $25M
2013-06-12Private Equity· $18.35M
2013-03-07Series C· $1.36M
Leadership Team
Heather Hoover-Salomon
Chief Executive Officer
Constantine Xeros
Head of Strategic Partnerships
Recent News
San Diego Union-Tribune
2025-07-29
San Diego Union-Tribune
2025-06-11
Company data provided by crunchbase