Staff Security Engineer
Access Control & Access Management
Confirmed live in the last 24 hours
ShipBob

1,001-5,000 employees

E-commerce fulfillment order platform
Company Overview
Shipbob's mission is to provide simple, fast and affordable fulfillment for thousands of brands with an international fulfillment network across the world. The company has developed proprietary technology that combines order and inventory management, warehouse management, predictive data and analytics, as well as optimized shipping for eCommerce companies.
Data & Analytics
Consumer Goods

Company Stage

Series E

Total Funding

$331.1M

Founded

2014

Headquarters

Chicago, Illinois

Growth & Insights
Headcount

6 month growth

9%

1 year growth

36%

2 year growth

57%
Locations
Remote in USA
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
PowerShell
Bash
Microsoft Azure
Python
Communications
Management
Salesforce
CategoriesNew
IT & Security
Cybersecurity
System Administration
Requirements
  • 6+ years of hands-on work experience with security architecture and engineering in a cyber security operations program.
  • 4+ years of experience in an access control security engineering or related role.
  • Solid knowledge and experience with access control frameworks and tools, such as IAM, RBAC, ABAC, OAuth, SAML, etc.
  • In-depth knowledge of Azure services, especially Azure Active Directory, Azure AD Identity Protection, and Azure RBAC.
  • Established experience in designing and implementing access controls in cloud environments, particularly with Azure.
  • Demonstrated track record of integrating security practices into the software development process.
  • Track record of integrating security practices into database systems such as SSMS.
  • Knowledge of cloud security, network security, endpoint security, and threat intelligence.
  • Proficiency in scripting languages such as Python, PowerShell, Go, or Bash.
  • Experience securing cloud-based infrastructures; Azure, M365, Google Workspace, Salesforce, etc.
  • Excellent fundamental knowledge of industry standard frameworks such as MITRE ATT&CK.
  • Desire to solve response challenges with automation.
  • Established ability designing and deploying security controls across all security domains such as access management, data protection, vulnerability management, incident response and management, application security, network security, preventive, detective, and offensive security solutions.
  • Excellent design and solution implementation skills for a Zero Trust Architecture.
  • Outstanding interpersonal and communication skills with the ability to influence both internally and externally, and to drive multi-functional alignment and action.
Responsibilities
  • Design and implement access control solutions for cloud-based applications and infrastructure using tools such as Azure AD, M365, Google Workspace, Salesforce, etc.
  • Monitor and audit access control activities and events for anomalies.
  • Develop and enforce access control policies and standards based on the principle of least privilege and role-based access control.
  • Develop and automate security workflows, playbooks, and tools to improve efficiency and effectiveness of security operations.
  • Develop relevant policies, procedures, and guidelines for access control and ensure compliance with, and support audits for, various standards, including but not limited to ISO270001 and SOC2.
  • Design and configure Azure Active Directory (AAD) for effective access management to be used within Azure and leveraged in other applications such as Retool and SSMS.
  • Research and evaluate emerging threats and security technologies and provide recommendations for enhancing our security posture.
  • Collaborate with other security team members and stakeholders across the organization to share knowledge and best practices.
  • Work closely with all teams to continuously provide technology requirements and use cases for enabling technologies including but not limited to SIEM, SOAR, Case Management, GRC, EDR, Intrusion Detection Systems, Web Proxy/Content Filtering, Active Directory, and PKI.
  • Proactively search for, identify, and analyze new and existing techniques to detect advanced and targeted threats.
  • Participate in risk assessments and implement controls to mitigate identified risks.
  • Additional duties and responsibilities as necessary.