Lead Security Engineer

Loadsmart aims to move more with less. We combine great people and innovative technology to more efficiently move freight throughout North America. Our focus is on designing and building the best tools for our team and our customers, using machine learning models to connect freight with trucks. We automate with algorithms and scale with integrations to better match supply and demand. In doing this we reduce wasted fuel and lost time, cutting out empty miles for motor carriers and providing cost savings and instant booking for shippers.

Where we are:

Loadsmart was founded in New York and is currently headquartered in Chicago, IL. Our teams operate remotely from different parts of the United States as well as in several locations across Latin America.

Who you are:

You believe in game-changing innovations and are excited about reimaging a 700 billion dollar industry. You are an analytical person with a solid understanding of business and the impact that analysis plays in a company's growth.

The role:

We are looking for a Lead Security Engineer to work remotely based in Brazil or in LATAM. You need to be obsessed about security, both technical and non technical aspects of it. You should have experience and proven ability to analyze, propose and implement safer systems and processes. You will work closely with engineering squads across platform engineering to ensure our applications are secure.

Key responsibilities:

• Take a leadership role in driving internal security projects with engineering teams
• Reduce cloud and infrastructure vulnerabilities across all cloud assets.
• Do regular risk assessment over important assets of the company
• Do regular security tests and code reviews to look for possible threats
• Seek, give, and receive constructive feedback to teammates through code and specification reviews
• Document operational procedures and protocols regarding security
• Build security plans, coordinate among involved people and execute
• Define and manage KPIs and other measurements to indicate the health of security-related programs
• Work directly with engineers and product managers to influence the product requirements
• Provide security training and outreach to internal teams

Qualifications:

• 4+ years of Security Engineering or Operations (i.e. traditional security controls and technologies, such as firewalls, intrusion detection/prevention systems, public key infrastructure, etc.) experience
• Demonstrable knowledge of Information Security attacks and analytical mindset to detect cyber adversary tactics, techniques or procedures
• Strong written and verbal communication skills; excellence in communicating business risk from cybersecurity issues
• Strong organizational and communications skills with the ability to convey complex ideas in a manner that results in a definitive direction and results.
• Experience in application security testing and releasing SaaS software in public clouds - AWS
• Deep technical understanding of the OWASP Top 10 (XSS, SQL injection, broken access control/authentication/authorization etc)
• Experience in working with AWS, Cloud environments, Containers, Kubernetes, Docker - DevOps Engineering environment with owning tests, CI/CD pipelines
• Experience automating vulnerability discovery and repetitive tasks
• Experience developing and interpreting security compliance standards and guidance
• Programming experience with Python and at least one more programming language
• BS or MS degree in Computer Science, Engineering or related field or equivalent experience