Security Engineer II (Cloud Security & GRC)

As a member of the ShipBob Team, you will... 

• Grow with an Ownership Mindset: We champion continuous learning and innovation. You'll take on real problems, create tangible solutions, and drive results that move the needle for ShipBob, our merchants, and for your own professional growth. If you're ready to do the most meaningful work of your career, this is the place. 
• Collaborate with Peers and Leaders Alike: At ShipBob, leaders are accessible; feedback flows in both directions, and everyone, regardless of their seniority or role, steps up to help when needed. We hold each other to high standards because we trust each other to meet them. That combination of transparency and mutual respect is what makes the work here feel worth doing. 
• Experience a High-Performance Culture and Clear Purpose: We are results-driven and clear about what that means: our goals are specific, accountability is shared, and every team member can see how their work connects to our mission. When we hit milestones, we celebrate them together. When we fall short, we learn and move forward. 

Location: Remote - India 

Shift Timings: US Hours 7 pm- 4 am IST 

Role Description: 

As a Security Engineer II you will play a pivotal role in ShipBob’s security, governance, risk, and compliance programs. You will design, implement, and maintain access control and threat detection solutions, participate in risk assessments and audits, and collaborate across teams to ensure the confidentiality, integrity, and availability of our critical data and systems. You will also support compliance initiatives, manage third-party risk, and contribute to the continuous improvement of our security posture.This role reports to Vice President, Information Tech & Security. 

What you’ll do: 

• Design, implement, and maintain threat detection, response, and access control solutions for cloud-native environments and applications (e.g., Azure AD, M365, Google Workspace, Salesforce). 
• Develop and automate security workflows, playbooks, and tools to improve the efficiency and effectiveness of security operations. 
• Develop, enforce, and update security policies, procedures, and guidelines for access control, threat detection, and compliance with standards such as ISO 27001, SOC 2, PCI, NIST CSF, and Sarbanes-Oxley. 
• Participate in and oversee risk assessments, compliance reviews, and audits (internal and external), including evidence collection and control implementation. 
• Maintain and monitor control effectiveness and operations in GRC platforms (e.g., Vanta). 
• Communicate concerns and risks to stakeholders, document remediation plans, and proactively share information with management. 
• Conduct third-party risk reviews for SaaS tools, service providers, AI tools, and open-source software; manage the third-party audit pipeline and vendor responses. 
• Build and execute regular threat hunting campaigns focused on current, emerging, and obscure tactics, techniques, and procedures. 
• Proactively search for, identify, and analyze new and existing techniques to detect advanced and targeted threats. 
• Utilize advanced threat hunting techniques to detect anomalies and suspicious activities. 
• Guide the incident response process, from triage to closure, providing support and coordination across multiple teams. 
• Collaborate with security team members, developers, operations, and stakeholders to share knowledge and best practices. 
• Participate in security awareness initiatives (e.g., newsletters, phishing simulations, training sessions). 
• Respond to customer questionnaires about ShipBob’s security program and maintain the knowledge base. 
• Identify process improvements and provide actionable guidance. 
• Perform other duties as assigned. 

What you’ll bring to the table: 

• 4+ years of hands-on work experience with security architecture and engineering in a cybersecurity operations program. 
• 2+ years of experience in incident response, detection, threat intelligence, or access control security engineering roles. 
• 1+ years’ security experience focused on risk and compliance, including ISO 27001 and SOC 2 audits. 
• Strong knowledge and experience with access control frameworks and tools (IAM, RBAC, ABAC, OAuth, SAML), cloud security, network security, endpoint security, and threat intelligence. 
• In-depth knowledge of Azure services (especially Azure Active Directory, Azure AD Identity Protection, Azure RBAC), and experience securing cloud-based infrastructures (Azure, M365, Google Workspace, Salesforce). 
• Proficiency in scripting languages such as Python, PowerShell, Go, or Bash. 
• Excellent knowledge of industry-standard frameworks (MITRE ATT&CK, ISO 27001, SOC 2, NIST CSF, PCI, SOX, GDPR). 
• Experience with GRC tools and standard practices. 
• Proven ability to manage multiple risk and compliance projects. 
• Strong written and verbal communication; effective collaborator with outstanding interpersonal skills. 
• Excellent analytical and problem-solving skills supporting business objectives. 
• Detail-oriented, organized, and able to balance precision with big-picture thinking. 
• Quick learner who proactively drives personal and professional growth. 
• Demonstrated initiative and ownership in problem-solving. 
• Strong design and solution implementation skills for a Zero Trust Architecture. 
• Desire to solve response challenges with automation. 
• Security+, CISSP, CISA, CISM, CRISC, GCIA, GCIH, GREM, or similar certifications preferred; equivalent experience accepted. 

Perks & Benefits: 

• Medical, Term & Accidental Insurance 
• All Purpose Leave (casual & sick time): 12 days 
• Earned Leave: 15 days 
• Public Holiday: 12 days 
• Generous Maternity & Paternity Leave 
• Quarterly Wellness Day 
• Work From Home Allowance 
• See Our High-Performing Culture >>> Check us out on Instagram (@lifeatshipbob) 

#LI-VA1

We recognize that people come with a wealth of experience and talent beyond just the technical requirements of a job. If your experience is close to what you see listed here, please still consider applying. Diversity of experience and skills combined with passion is a key to innovation and excellence; therefore, we encourage people from all backgrounds to apply to our positions. 

About You: 

Building the world’s leading full-stack fulfillment platform is challenging work. The problems we solve are complex, the pace is fast, and the bar is high. That means ShipBob’s environment isn’t the right fit for everyone, and that’s okay. If you are ready to take ownership, push boundaries, and grow alongside a team that genuinely supports each other, we would love to hear from you. 

Learn more about our core values and how we perform at a high level in our day-to-day work on our Culture page (https://www.shipbob.com/careers/culture/). 

About Us:  

ShipBob is a leading global supply chain and fulfillment technology platform designed for SMB and Mid-Market ecommerce merchants to provide them access to best-in-class capabilities and to deliver a delightful shopper experience. Merchants can outsource their entire fulfillment operations, utilize ShipBob’s proprietary warehouse management system for in-house fulfillment, or take advantage of a hybrid solution across ShipBob’s dozens of fulfillment center network in the United States, Canada, United Kingdom, Europe, and Australia. ShipBob is backed by leading investors like Menlo Ventures, Bain Capital Ventures, Hyde Park Venture Partners, and SoftBank Vision Fund 2, and is one of the fastest-growing tech companies headquartered in Chicago. 

ShipBob provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. 
 
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. 

There is no deadline to apply for this position, as ShipBob accepts applications on an ongoing basis.