Staff Engineer

Impact

As a Staff Engineer on our Application Security team, you will be instrumental in leading and driving secure practices across Shipt. You’ll be responsible for development practices across our engineering organization and building software systems to make secure development easier. In this role, you will design, implement, and scale security controls and processes that protect Shipt’s users, empower Shipt developers, ensure the safety of our applications, and protect user data. As a Staff Engineer, you are expected to operate at a high level of technical proficiency, provide technical leadership, mentor other team members, and influence security culture at all levels of the company.

If you are enthusiastic about cybersecurity, enjoy sharing your knowledge, and thrive on personal and professional growth, you're exactly the kind of engineer we're looking for. Our Shipt Cybersecurity team is growing, and we're looking for talented individuals who can work both independently and collaboratively, with a passion for mentoring and developing their colleagues. You will gain valuable experience collaborating with cross-disciplinary teams, contributing to the protection of customers and shoppers nationwide.

What You’ll Need to Be Successful

• You have extensive software engineering experience with focus on developer tooling or infrastructure
• You have strong programming skills in Go, Python, and/or JavaScript/TypeScript
• You have experience building with CI/CD systems as part of the software development lifecycle
• You have familiarity with containerization concepts and tools
• You have experience working and deploying with cloud platforms, especially Kubernetes
• You have experience building APIs, automation tools, and developer-facing services
• You have knowledge of common security vulnerabilities and remediation approaches
• You have knowledge or training with compliance programs such as PCI DSS and SOC2
• You have experience with Infrastructure as Code tools, such as Terraform
• You have strong system design and architecture skills
• You have experience translating business requirements into practical development solutions
• You have experience with OWASP Top 10, SANS CWE Top 25, and common security design flaws
• You have led the design, implementation, and validation of secure coding practices, application security controls, and integration of security platforms.
• You have an understanding of tools and techniques leveraged to breach networks, server systems, cloud workloads or applications
• You have experience leading threat modeling and security design reviews

Nice To Haves

• You have a CISSP, OSWE, CSSLP, GWAPT, GWEB, OSCP, CompTIA Security+ certification
• You have proficiency in Terraform
• You have familiarity with open-source software and dependency management
• You have experience managing, configuring and troubleshooting CDN & WAF technologies

Skills & Education

This list includes key skills used in this job but is not inclusive of all skills needed for the role. Please see any required education below.

• Application Security, Go Programming Language, Python (Programming Language)

Bachelor's Degree or equivalent experience | Required

Work Arrangement

Shipt considers candidates located near a Shipt office or workspace in Birmingham, San Francisco, or Minneapolis to be hybrid, which means that they have the flexibility to work from home (with leader approval) or at a Shipt office in order to facilitate the ability to innovate, collaborate, and spark team connections. In-office expectations will vary by role and leader. Certain roles may require in-office presence on a full-time basis. Please work with your recruiter to learn more about the classification of this role.

About Shipt

Shipt is a retail tech company that connects people to reliable, high-quality delivery with a personal touch. Shipt connects customers to the things they want from the stores they love, retail businesses to more satisfied customers, and workers to new earning opportunities.

At Shipt, we aim to put our team first to boost a sense of belonging, spark opportunities for growth, provide unique benefits and commit to giving back to our communities in ways that make life better, both personally and professionally. We understand that our service, our culture, and our connection to our communities are only made better by every single person who shows up to work here every day. Learn More.

Shipt is an independently operated, wholly owned subsidiary of Target Corporation and available in more than 5,000 U.S. cities. Shipt was founded and is headquartered in Birmingham, Alabama. For more information, please visit Shipt’s company site at Shipt.com.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, color, national origin, ethnicity, religion or religious belief, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, military or veteran status, disability, or any other characteristic protected by law.

Please inform your recruiting contact upon initial connection if you need a reasonable accommodation. If you need assistance filling out a job application, please complete this form.

For technical interviews, Shipt uses an online coding platform. In the event you may need a reasonable accommodation to use the online coding platform, please connect with your recruiter.

Employees (and eligible family members) are covered by medical, dental, vision and more. Employees may enroll in our company’s 401k plan. Employees will also be eligible to receive discretionary vacation for exempt team members, paid holidays throughout the calendar year and paid sick leave. Other compensation includes eligibility for an annual bonus and the potential for restricted stock units based on role.

Key skills/competency

• Application Security
• Cybersecurity
• Secure Development
• Go Programming
• Python Programming
• Kubernetes
• CI/CD
• Terraform
• OWASP Top 10
• Threat Modeling