Security Software Engineer, Remote

About NEXT:

Headquartered Long Beach, CA -- NEXT is a company driven by a commitment to providing world-class service to shippers and truckers alike. We're on a mission to solve a trillion-dollar puzzle and offer painless freight.

Armed with experienced professionals from Amazon, Google, Facebook, Snap, and Salesforce, NEXT is seeking change agents who are excited to make a meaningful impact on an industry driving the U.S. economy. Forbes included us on its 2019 Next Billion-Dollar Startups list, and we've been recognized as one of Built in LA's Best Small Companies to Work For and 50 Startups to Watch. NEXT is venture-backed by leaders such as Brookfield Ventures, GLP and Sequoia Capital.

We are passionate entrepreneurs, creative thinkers, and decision-makers who will transform the freight transportation industry with modern technology. We create delightful product experiences that enable freight to move effortlessly, solving complex problems for our shippers and carriers. We collaborate with some of the best designers, engineers, and business partners to achieve our goals.

About The Role:

As a NEXT Security Software Engineer, you will be part of our infra team and will focus on cloud infra security and compliance (e.g. SOC2 and CCPA), while providing guidance to application teams on building & defining libraries, frameworks, tooling, and policies. While your focus is on security, you will also participate in other cloud infra work.

You will gain understanding of our current infra & security systems to provide guidance & solutions for continuous improvement of our security stack. Further, you will collaborate closely with our application platform teams to plan and drive security work at the platform level, which can be leveraged by application development teams to implement.

We will consider candidates from the following states: California, Arizona, Georgia, Illinois, New Jersey, New York, South Carolina, Texas, and Washington.

What You'll Do:

• Be a champion for "SecDevOps" and work with engineering leadership to "shift left" application security.
• Ensure the security of our cloud infrastructure including WAFs, load balancers, kubernetes+service mesh, VPN tunnels, IAM, and overall account structure in AWS and GCP.
• Stay up to date with the latest threats and keep our systems secure from 0-day vulnerabilities and software supply chain attacks.
• Work with our IT team to drive compliance program such as SOC2 and CCPA
• Create "SecOps" runbooks for procedures to identify and respond to security attacks.
• Work with external security vendors to meet compliance requirements and ensure successful third-party security audits & penetration tests.
• Develop infra-as-code projects to continuously improve our cloud infra in AWS and GCP
• Collaborate with backend and frontend engineer to drive our application & API security

What You'll Need to Have:

• A strong background in software engineering (5+ years) with recent focus on both multi-tenant SaaS application security and infrastructure security.
• A desire to lead changes to security operations and SDLC.
• Experience in responding to security incidents and defending against malicious threats.
• Familiarity with Zero Trust and SecDevOps security principles.
• Familiarity with compliance program is highly desirable
• Understanding and ability to articulate application attack vectors and best practices to protect against them.
• Hands-on security experience with our core tech stack of Spring Boot, React, AWS, and Kubernetes is a plus.

What You'll Receive:

• Competitive Base Salary + Equity
• Full Medical, Dental and Vision Benefits
• 401K w/ company match
• Vacation and Holidays
• Join a rapidly growing technology company disrupting the trucking industry