Back to List

Software Security Architect

Team

IT + Security

Location

San Francisco

Software Security Architect

The Opportunity:

Flexport’s Security team is seeking a Sr. Staff or Principal level Software Security Architect to help Flexport establish itself as the most trusted company in the global trade ecosystem.  As a Software Security Architect, you develop and help to drive the adoption of software security strategy, security architecture standards, design patterns, and best practices across Flexport software products and services. You are a person that builds strong relationships with Flexport’s technical teams and ensures the security strategy is aligned with the overall team and business' objectives and strategy. If you are someone who is innovative and enjoys maintaining a deep level of expertise in software security while being a security thought leader both internally and externally, then this is a great role for you.

You will:

  • Drive overall software security architecture, working closely with product and engineering specific technical architecture experts
  • Engage with product, engineering, and legal teams to design new security frameworks, APIs, and services for the current and future global trade verticals
  • Partner and help drive architecture standards and future capabilities specific to our authentication and authorization (IAM) as it relates to products and services associated with global trade 
  • Identify security gaps in product roadmaps and engineering architecture with a goal to help build innovative technology to enable trust in Flexports platform products 
  • Will own security architecture strategy/roadmap securing the global trade ecosystem
  • Provide hands on software security training to engineers and grow our security champs
  • Design and build prototype security solutions, including security specific test cases
  • Engage in hands-on, in-depth analysis, review, and design of the software, including technical review and analysis of source code with a security perspective. Will include reviews of in-house developed code, as well as review of technologies provided by third party vendors
  • Conduct ongoing security analysis of our architecture and designs, facilitate and perform various security tests and reviews of our code, products, services and infrastructure
  • Help build secure products and standards around emerging technologies and using existing standards and security practices
  • Guide our software development teams through the Secure Software Development Lifecycle (SSDL) by participating in design reviews, threat modeling, and in-depth security penetration testing of code and systems. These responsibilities extend to providing input on application design, secure coding practices,and appsec
  • Serve as a leader by promoting security awareness, mentoring other team members, and staying up-to-date on security trends related to threats, vulnerabilities and OWASP best practices

You should have:

  • Demonstrated leadership in all aspects of software security
  • Strong background in the implementation and maturity of Secure SDLC programs based on at least one industry-standard framework (OWASP SAMM, BSIMM, MS SDL)
  • Knowledge of common security standards and best practices, such as NIST 800-53/800-160, ISO 270xx, CWE, CVSS, OWASP, MITRE ATT&CK, CERT Secure Coding Standards.
  • Experience with security best practices for common authentication protocols (OpenID Connect, OAUTH, SAML, LDAP, KERBEROS, etc.).
  • Experience with the secure implementation of OAuth2 Flows: Authorization Code Flow, Client Credentials Flow, Device Code flow, etc.
  • Experience with data and application integration patterns (Domain-Driven, APIs, messaging, streaming, sync/async).
  • Extensive background in conducting threat modeling for Web, Mobile, SaaS, Enterprise, and Industrial IoT applications.
  • Security knowledge in the area of enterprise communication protocols and data exchange technologies, e.g.: AMQP (Advanced Message Queuing Protocol), MQTT, Web Sockets, etc.
  • Ability to tackle large scale security architecture problems
  • 10+ years of overall product security experience is required
  • 4+ years of experience in threat modeling and threat modeling tools is required
  • 10+ years of development experience with two or more of the following languages: C/C++, Ruby, JavaScript, Python, Java
  • Experience working with large distributed applications on heterogeneous platforms
  • Strong interpersonal and communications skills
  • Possess strong organizational skills, both for yourself and for the team while working with many people in a fast-paced environment.

About Flexport:

We believe global trade can move the human race forward. That’s why it’s our mission to make global trade easier for everyone. We aim to do this by building the Operating System for Global trade - a strategic model combining advanced technology and data analytics, logistics infrastructure, and supply chain expertise. Flexport today connects almost 10,000 clients and suppliers across 109 countries, including established global brands like Georgia-Pacific as well as emerging innovators like Sonos. Started in 2013, we've raised over $1.3B in funding from SoftBank Vision Fund, Founders Fund, GV, First Round Capital and Y Combinator. We’re excited about the three big ways we’re moving forward after our recent $1B investment from SoftBank Vision Fund in February 2019.

Worried about not having any freight forwarding experience?

  • Don’t be! We’re building the first Operating System for Global Trade. That’s why it’s incredibly important for us to bring people from diverse backgrounds and experiences together with our industry veterans to help move the freight forwarding industry forward.
  • What’s freight forwarding and why does it matter? Freight forwarding is the coordination and shipment of goods from one place to another and it’s what makes global trade possible. Flexport is on a mission to make global trade easier for everyone because we believe it can help connect the world and break down economic barriers.
  • We know this industry is complex. That’s why we invest in education starting day one with Flexport Academy, a one week intensive onboarding program designed specifically to set every new Flexport employee up for success.

At Flexport, our ability to fulfill our mission of making global trade easy for everyone relies on having a diverse, dedicated and engaged workforce. That is why Flexport is committed to creating and nurturing an environment where anyone can be their authentic self. All qualified applicants will receive consideration for employment regardless of race, color, religion, sex, national origin, age, physical and mental disability, health status, marital and family status, sexual orientation, gender identity and expression, military and veteran status, and any other characteristic protected by applicable law.

Find Your Role at Flexport
255 Openings

关注微信公众号阅读每周的航运市场动态。

立即扫描二维码关注 Flexport。

flexport-wechat
法律声明

美国清关服务由 Flexport 全资子公司且为美国持牌报关行的 Flexport Customs LLC 提供。国际海运代理服务由具有无船承运人资质 (FMC#025219NF) 的 Flexport International LLC 提供。美国内陆拖车服务由具有 FMCSA 代理牌照 (USDOT #2594279 和 MC #906604-B) 的 Flexport International LLC 提供。所有交易均适用Flexport 之标准条款 (详情请访问 cn.flexport.com/terms)。 沪ICP备16041494号

© 2021 Flexport, Inc. 版权所有

使用条款/隐私政策