Cart.com is an ecommerce software and services company on a mission to democratize ecommerce and give digital merchants the freedom to grow. We are integrating all the pieces of the ecommerce value chain brands need to thrive, creating a truly end-to-end Ecommerce-as-a-Service platform that helps third party brands move faster, grow more quickly, and deliver on their promises more completely.
The Senior Cybersecurity Software Engineer is responsible for defining robust ways to build, operate, and scale security within the full application stacks in a cloud-based computing environment. Works closely with the DevOps/development teams, product managers (PM), and third parties to securely integrate software security solutions into the environment.
- Design, implement, and advise on secure solutions for end-to-end security in a CI/CD pipeline and within the SDLC
- Evaluate secure deployment patterns for cloud workloads
- Assist product development teams adopt and integrate security capabilities into their product and software development lifecycles
- Evaluate/secure services and platforms used for deploying Docker, Kubernetes, and cloud services
- Evolve SDLC to meet modern security threats and risks
- Work with engineering teams to ensure websites and internal applications are secure by design
- Lead threat modeling sessions with development/product teams
- Serve as the application security subject matter expert, answer questions from development/product teams
- Assist in identifying, investigating, and responding to cyber threats, incidents, and anomalies
- Identify, analyze, and report application vulnerabilities
- Assists in developing standards and procedures for application security
- Develop automation scripts for Security Orchestration and Automation Reporting (SOAR)
- Develop Key Performance Indicators (KPI) and other metrics to optimize security effectiveness
- 5+ years in Information Security and/or Technology
- Expert proficiency with several high-level programming language (i.e., Python, Go, Java, etc.)
- Experience with Kubernetes or similar
- Hands-on experience building security into various products, infrastructure, and platforms
- DevSecOps experience is a plus
- Mastery knowledge of at least one security domain (i.e., Auth, PKI, SAST/DAST, Containers, etc.)
- Knowledge of Google Cloud Platform (GCP) and Microsoft Azure security is a plus
- Experience with software development practices and OWASP
- Creative problem solver and desire to learn
- Strong oral and written communication skills
- Experience working in an Agile environment preferred
- Bachelor’s degree or equivalent work experience (Information Technology, Engineering, Cybersecurity, or a related technical field)
- GIAC GWEB certifications or equivalent is a plus
OUR CORE VALUES:
These aren’t just buried somewhere in an employee manual. We live and breathe them. They are on the walls and live in our hearts. They come up constantly in conversations and actions. They govern the decisions of the newest hire all the way up to our CEO:
WE ARE OBSESSED WITH BRANDS
We live for brands and are fanatical about their success.
WE THINK BEYOND THE BOX
We explore new ideas and discover creative solutions. We think openly about how to serve brands and solve problems.
WE DON'T GIVE UP
No one expected this to be easy. We are resilient— we dig in and keep going.
WE SPEAK UP
Every person here has an obligation to question norms, voice concerns, and offer their perspective.
WE WORK TOGETHER
We work with integrity and respect, ask for help, and extend the same help to others.
WE ARE HUMAN
Our people are our biggest strength. We have fun and make real connections with one another and with the brands we serve.
Cart.com is deeply committed to building a diverse and inclusive workplace. We’re proud to be an equal opportunity employer, seeking to identify and onboard people from all walks of life. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, family status, marital status, sexual orientation, national origin, genetics, neurodiversity, disability, age, or veteran status, or any other non-merit based or legally protected grounds.