Staff Engineer
Shipt
CloudGoJavaScriptKubernetesPythonTerraformTypeScript
Engineering Manager
Shipt
full-time
Posted on:
Location Type: Hybrid
Location: San Francisco • Alabama, California, Minnesota • 🇺🇸 United States
Visit company websiteSalary
💰 $109,000 - $219,000 per year
Job Level
Mid-LevelSenior
Tech Stack
CloudCyber SecurityKubernetes
About the role
- Lead the Application Security engineering team to embed secure practices across Shipt.
- Manage a high-performing team of engineers focused on scaling security controls that protect our users, empower developers, and safeguard our applications.
- Cultivate a culture of growth, accountability, and innovation by mentoring your team, driving strategic initiatives, and shaping security practices across the organization.
- Collaborate with cross-disciplinary teams to contribute to the protection of customers and shoppers nationwide.
- Manage vendor relationships and coordinate external vendors for penetration testing and security assessments.
- Lead planning, execution, and continuous improvement of PCI DSS and SOC 2 compliance programs.
- Operate and evolve a vulnerability management program (e.g., Qualys), drive risk-based prioritization and remediation workflows.
- Create and track KPIs for application security and report to stakeholders and executives.
- Lead post-incident reviews, root cause analysis, and continuous improvement of incident response.
- Plan, research, and develop proactive incident response plans and preventive security measures.
- Collaborate on remediation plans with engineering leads and product teams and ensure timely remediation.
- Own recruitment, onboarding, retention, and resource allocation for the AppSec team.
- Represent the team in cross-functional meetings and communicate risks, achievements, and strategic priorities to stakeholders and executive leadership.
Requirements
- You have successfully managed and prioritized the workload of engineering teams, ensuring alignment with company goals and security objectives.
- You are experienced in conducting regular 1:1s, performance reviews, and career development conversations while fostering a culture of growth, feedback, and accountability.
- You have managed end-to-end vendor relationships, including execution of annual agreements, seamless onboarding processes, and consistent touchbases to ensure alignment, performance tracking, and issue resolution.
- You have led the planning, execution, and continuous improvement of PCI DSS and SOC 2 compliance programs, collaborating cross-functionally to ensure audit readiness, policy alignment, and secure operational practices.
- You have experience planning and coordinating with multiple external vendors to scope, schedule, and execute penetration testing initiatives, ensuring timely remediation and audit readiness across systems and infrastructure.
- You have experience in managing a comprehensive vulnerability management program leveraging tools such as Qualys, driving risk-based prioritization, remediation workflows, and executive-level reporting.
- You have managed vulnerability triage, remediation strategies, and continuous process improvement to elevate program maturity and resilience.
- You have created and tracked key performance indicators (KPIs) for application security, driving measurable improvements in detection, prevention, and response.
- You have led post-incident reviews, ensuring root cause analysis and remediation actions are completed, and drive continuous improvement in incident response.
- You have experience with planning, researching and developing proactive incident response plans, resolving system vulnerabilities, and strengthening incident response including preventive measures.
- You have collaborated on remediation plans for discovered security vulnerabilities, collaborating with engineering leads and product teams.
- You have owned the recruitment, onboarding, and retention efforts for the AppSec team, ensuring hiring of top talent and building a diverse, inclusive team.
- You have managed the team’s resource allocation, partnering with senior leaders to ensure adequate support for key initiatives.
- You have experience representing a team in cross-functional meetings, summarizing risks, achievements, and strategic priorities for stakeholders.
- You have excellent timely communication and escalation of critical security issues to executive leadership, providing clear context and recommended actions.
- You have a proven track record of delivery in cybersecurity, network security, infrastructure, application, or a security focused leadership role.
- You have an understanding of least privilege and/or role-based access control principles; and the ability to analyze and make prudent decisions around access requests.
- You have experience in technical project management and application delivery.
- You have excellent verbal and written communicator with the ability to speak to all levels within the organization.
- Nice to Haves: You have a CISSP, OSWE, CSSLP, GWAPT, GWEB, OSCP, CompTIA Security+ certification.
- Nice to Haves: You have experience building with CI/CD systems as part of the software development lifecycle.
- Nice to Haves: You have familiarity with containerization concepts and tools.
- Nice to Haves: You have experience working and deploying with cloud platforms, especially Kubernetes.
- Nice to Haves: You have experience building APIs, automation tools, and developer-facing services.
- Nice to Haves: You have working knowledge of relational databases, web applications and services.
- Nice to Haves: You have working experience with source code version control (Git/GitHub).
Benefits
- Employees (and eligible family members) are covered by medical, dental, vision and more.
- Employees may enroll in our company’s 401k plan.
- Employees will also be eligible to receive discretionary vacation for exempt team members.
- Paid holidays throughout the calendar year.
- Paid sick leave.
- Eligibility for an annual bonus.
- Potential for restricted stock units based on role.
- Flexible work arrangements: work from home (with leader approval) or at a Shipt office (hybrid).
ATS Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
application securityvulnerability managementpenetration testingPCI DSS complianceSOC 2 compliancerisk-based prioritizationincident responseKPI trackingtechnical project managementcloud platforms
Soft skills
leadershipmentoringcommunicationcollaborationaccountabilitystrategic thinkingperformance managementteam buildingproblem-solvinggrowth mindset
Certifications
CISSPOSWECSSLPGWAPTGWEBOSCPCompTIA Security+
Similar jobs on JobTailor
Security Operations Engineer
Softheon
AzureCloudCyber SecurityDockerKubernetesLinuxPython
Senior Product Security Engineer
BeyondTrust
AWSCloudCyber Security
Staff Security Engineer
Hotel Engine
CloudDockerFirewallsJavaJavaScriptKubernetesNode.jsPythonRubySDLC
Systems Engineer, Platform
Riptide Technology
AWSAzureCloudCyber SecurityGoogle Cloud PlatformKubernetesMicroservicesOpenShiftTypeScript