Job Description

Are you passionate about security, sharing knowledge, growing your skills, and working with great people? The Shipt engineering team is growing and we are looking for extraordinary engineers who enjoy building as much as we do. So if you are self directed, enjoy autonomy in your work, and you are an excellent participant in a team, come join Shipt.

Shipt, the nation’s fastest-growing online grocery marketplace, simplifies the grocery shopping experience by providing members with unparalleled convenience and exceptional service. We partner with leading retailers and local stores to deliver groceries to members via a community of friendly shoppers. Launched in 2014, the company currently has offices in Birmingham, AL, and San Francisco, CA.

Your Responsibilities

  • Identify, validate, and resolve security vulnerabilities in Shipt’s information systems, applications, and cloud-hosted and on-premise IT infrastructure(s).
  • Support and monitor Shipt’s current security platforms.
  • Assist in the evaluation, purchasing/procurement, and implementation of new security controls.
  • Assist with the administration of Shipt’s bug bounty program and triage/validate reported vulnerabilities as needed.
  • Assist with the architecture and administration of Shipt’s Identity and Access Management provider(s).
  • Assist with the full lifecycle of Security Information Gathering (SIG) and Third Party Questionnaire (TPQ) processes and submissions.
  • Communicate effectively and perform due diligence to get to the root cause of any issue.
  • Assist with the design, development, documentation, and enforcement of new and existing information security processes, procedures, and policies.
  • Assist with obtaining and maintaining PCI, SOX, and other information security regulatory/compliance efforts.
  • Support your team through encouragement and by example.


  • You have a minimum of 5 years of on-the-job experience in an application and/or network penetration testing, vulnerability management, security consulting, or other information security-focused role.
  • You have experience and familiarity with the Kali Linux distribution, BurpSuite, OWASP ZAP, Nessus, and/or other industry-standard security assessment tools.
  • Demonstrated experience with SSO and Identity Federation services and products.
  • Extensive knowledge of technical security controls and technologies (e.g. IDS, IPS, traditional, NextGen and Web Application Firewalls; Data Loss Prevention; Antivirus, Anti-malware and Zero Day protections; Security Information and Event Management (SIEM); Identity and Access Management and Privileged User Management; Public Key Infrastructure and Certificate management).
  • You have experience and familiarity with obtaining and maintaining PCI, SOX, HIPAA, or other regulatory/compliance requirements, as well as internal/external audit requirements.
  • You have significant, hands-on technical experience with a broad range of technologies and operating systems.
  • You have a passion for security and ethical hacking.
  • You can work in a fast-paced company that is changing constantly.
  • You are excited to learn and master new skills.
  • You have a deep love of automation and building things.

Nice To Haves

  • Experience with Amazon Web Services (AWS) or other public cloud provider, distributed architectures, and/or microservices.
  • Experience with Ruby, Python, Javascript, Go, or bash scripting
  • Information security certification(s) such as GPEN, GWAPT, OSCP, CISSP, CEH, etc.
  • You have experience in application development and/or development operations (DevOps).
  • Experience with the automation and implementation of DAST/SAST in a CI/CD pipeline.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.