Shipt is looking to embed secure practices across the organization, protect users, empower developers, and safeguard applications by leading the charge in Application Security.
Requirements
- Understanding of least privilege and/or role-based access control principles; and the ability to analyze and make prudent decisions around access requests.
- Experience in technical project management and application delivery
- Working knowledge of relational databases, web applications and services.
- Working experience with source code version control (Git/GitHub)
- Experience building with CI/CD systems as part of the software development lifecycle
- Familiarity with containerization concepts and tools
- Experience working and deploying with cloud platforms, especially Kubernetes
Responsibilities
- Manage end-to-end vendor relationships, including execution of annual agreements, seamless onboarding processes, and consistent touchbases to ensure alignment, performance tracking, and issue resolution.
- Lead the planning, execution, and continuous improvement of PCI DSS and SOC 2 compliance programs, collaborating cross-functionally to ensure audit readiness, policy alignment, and secure operational practices
- Plan and coordinate with multiple external vendors to scope, schedule, and execute penetration testing initiatives, ensuring timely remediation and audit readiness across systems and infrastructure.
- Manage a comprehensive vulnerability management program leveraging tools such as Qualys, driving risk-based prioritization, remediation workflows, and executive-level reporting.
- Create and track key performance indicators (KPIs) for application security, driving measurable improvements in detection, prevention, and response.
- Lead post-incident reviews, ensuring root cause analysis and remediation actions are completed, and drive continuous improvement in incident response.
- Collaborate on remediation plans for discovered security vulnerabilities, collaborating with engineering leads and product teams.
Other
- Successfully managed and prioritized the workload of engineering teams, ensuring alignment with company goals and security objectives.
- Conducted regular 1:1s, performance reviews, and career development conversations while fostering a culture of growth, feedback, and accountability.
- Excellent timely communication and escalation of critical security issues to executive leadership, providing clear context and recommended actions.
- Proven track record of delivery in cybersecurity, network security, infrastructure, application, or a security focused leadership role
- Bachelor's degree or higher in a relevant field (not explicitly mentioned but implied)
