Application Security Engineer
Who You’ll Work With
As a modernized cloud-based technology company, our Mastery teams are disrupting the transportation market and bringing efficiency to an industry that continues to soar with complexity. On our security team, we have passion for building strategies and creative solutions to keep our customer data safe. We surround our security professionals with interesting challenges, innovative minds and emerging technologies.
Founded in 2019 to create the World’s First Lovable Transportation Management System, we’ve already grown to over 200 employees and are an impactful team passionate about what we do and who we serve.
Responsibilities:
- Partner with engineering and operations teams to provide security at every layer of the software development life cycle
- Design, implement, and operate a highly automated and scalable vulnerability management program
- Work with vendors to select and implement new security technologies
- Conduct internal risk assessments and develop mitigation strategies
- Work directly with the compliance team to implement controls that align with industry standard frameworks
- Sharing your experience and best practices with our teams and develop a security culture at Mastery to shift security left
- Working together with external teams (e.g. Pen Testers) to externally validate the security health of our platform
Requirements:
- 3+ years of practical experience in an information security role
- You are passionate about security and up to date on the latest threats and techniques
- You are used to working with Cloud infrastructures (Azure, AWS, GCP…), you understand their security principles and practices
- You have demonstrable software security experience and an In-dept understanding of SAST, DAST, IAST methods.
- Comprehensive understanding of application-level vulnerability testing and application security (OWASP, WASC, NIST)
- You performed state-of-the-art pentests & audits
- You are used to working on compliance needs (ISO/SOC…)
- Strong written and verbal communication skills and excellent analytical, decision-making, and problem-solving skills
- Strong empathy for customers AND passion for revenue and growth
Preferred Requirements:
- Strong development background with security mindset, preferably in Java, Javascript, React, Node.js, Python, Angular
- CISA, CISM, CISSP, or GIAC certifications a plus
- Ideally you have worked in an audit company or a SaaS company
Within 1 month, you will:
- Follow a thorough onboarding to understand our business, and learn our culture and work methodologies
- Discover our architecture, while also starting to perform your first vulnerability assessments in tandem with another security engineer
- Help support our objective to obtain our SOC I / SOC II certification during the audit period
- Understand the tools and technologies in our current Security Program while mastering them over the next 30-60 days
- Support Burpsuite or OWASP ZAP scanning while also assisting the security team and engineers in a code analysis tool implementation
Within 3 months, you will:
- Execute your first independent tests for vulnerabilities and work on an external pen test engagement
- Start building the security roadmap in coordination with our devops and architects to make sure that we don’t face high security risks
- Start making roadmap recommendations for the group while continuously improving our security posture at Mastery
- Spearhead a vendor RFP for dedicated DAST tools to implement within our environment
Within 6 to 12 months, you will:
- Continuously improve and update the security roadmap while partnering with Project Management on 18–24-month roadmap
- Start partnering with the software engineers to promote your first new security features and make sure they follow high security standards
- Promote security internally (R&D Teams, Software Engineering Teams, Product Teams…) and externally (blogs, articles…)
- Work on mission critical projects that will allow us to continue to grow the organization while supporting a rapid-growth mentality in customer acquisition and onboarding
- Alongside our Head of Security, define the next big steps for our organization for instance additional compliance certifications, hacker bounties programs.
About Mastery
Mastery Logistics Systems is building the world’s first lovable Transportation Management System, or TMS.
Our customers – large transportation companies and shippers who need those companies – have struggled with systems that are outdated or inadequate. As shippers or transportation service providers, our customers have in the past been forced to use multiple systems to manage dedicated fleet operations, outsourced or insourced trans management, one way trucking, truckload brokerage, LTL, and Intermodal, or to sub-optimize one or more of those functions by attempting to fit it into a TMS that is adequate at another function.
Mastermind TMS allows our customers to bring all of these functions into a single platform, providing flexibility, visibility, control, and efficiency. Today’s unprecedented global supply chain upheavals underscore how important the transportation industry is. We are building a system to allow this industry to work faster, smarter and more efficiently.
The challenges in this industry are big and exciting! We are tackling everything from fast and efficient data input to ingesting large amounts of data and applying AI to looking at blockchain to securely digitize paperwork. If you are passionate about humanizing an industry, automating in innovative ways, building for quality and scale, helping make people's lives easier and touching every part of our economy then this is the place for you.
Logistics Systems is committed to continuing to build an incredible company. We are a masterful mosaic of incredible people. We are specialists and experienced in our respective fields. We are dedicated to continuous improvement both professionally and personally. We are a collective group of really good people. We have different interests, backgrounds & talents and we work together to create really cool stuff! We believe in diversity of thought and are mindful and inclusive. We have deep respect for each other and work diligently at adding the right people to our teams.
At this moment we are all working from home and doing our part to combat the Covid 19 virus. We are creatively building our new work habits. We are respectful of each other’s time and personal life. We have flexible schedules but share in the mission that we are building and need to get it done. We offer an excellent suite of benefits. We are dedicated to finding new ways to add perks as we live and work from home.
Our team has the domain knowledge and connections to make an impact, and we’re looking for experienced and thoughtful people to who thrive on creating and building great products. We want people who have a true passion for servicing and taking care of our customers. We need people who are flexible problem solvers, thrive on collaboration and consistently know how to communicate their solutions well. We are small and nimble – which is evident in how quickly we could pivot to our new reality. Each member of the team can make a tremendous impact both technically and culturally. While a start-up, we are well-funded, have an initial paying customer with which to test and launch, and are founded by top experts and veterans in the logistics industry.
Join us – you’ll love it – let’s build a masterpiece
Benefits
Mastery takes great pride in providing our employees a robust and highly competitive benefit package. Our benefits include Medical, Dental and Vision insurance covering 90% of premium costs. Company paid life insurance for 1x salary. Legal, AD&D, Additional Life and other employee assistance benefits. We have a 401k savings plan with a 4% match. We provide opportunities for professional growth and development. We fully support our work from home initiative as we do our part to combat the Covid 19 crisis. We have a manage your life and schedule Paid Time Off program. We are fully devoted to finding creative perks and benefits since we cannot currently enjoy our cool office culture. Our philanthropic partner is St. Jude Children’s Research Hospital.
We are an equal opportunity employer and actively seek a diverse community of professionals. Veterans, Women, non-binary, people of color, LGBTQIA, we welcome all to apply!