Senior Security Engineer

About us

At Auctane, we are united by a passion to help businesses deliver — whatever their size, wherever they are, and however they operate. We make it possible for businesses to meet the ever-changing requirements of their industry and customer expectations. Auctane products enable hundreds of thousands of businesses to annually mail and ship billions of items — over $200 billion worth — to recipients around the globe.

The Auctane family of mailing and shipping software products includes ShipStation, Stamps.com, ShipStation API, Metapack, GlobalPost, and Packlink. Our partners include Amazon, UPS, USPS, eBay, BigCommerce, Shopify, WooCommerce, and Walmart.

Our values

Win as One. Delight Customers. Deliver Great Outcomes.

About the role

The focus of this role is to bolster Auctane's global engineering and operations within the Information Security Group. This position reports directly to the CISO and entails the leadership of several security programs within the engineering and operations teams.

The successful candidate will be instrumental in defining and developing the technology and processes governing cybersecurity practices to secure Auctane's global infrastructure. The role will specifically concentrate on securing the Enterprise and Cloud Infrastructures, alongside managing security operations responsibilities.This critical role requires a successful candidate to be a key contributor in establishing and evolving the technology and processes that define Auctane's global cybersecurity practices. The primary focus of this position is to secure the Enterprise and Cloud Infrastructures while also managing core security operations.

The Infosec group operates as part of the broader R&D Tech function, which utilizes modern architectural patterns and technologies, including AI, at scale and pace. This is a fully on-site position located in Manila, Philippines, with the primary shift scheduled between 10 pm and 7 am PHT, and flexibility to support other hours.

Travel Requirements: Up to 10% travel required.

About the team

We have a flat and open engineering culture where diverse opinions and perspectives are valued, data and evidence beats opinion and hierarchy, backed by honest and frank discussions. We passionately believe in forming autonomous, cross functional teams who are empowered to deliver our ambitious strategy. Our engineering culture is characterized by its flat and open structure, where diverse opinions and perspectives are highly valued. Decisions are driven by data and evidence, superseding opinion and hierarchy, and are supported by candid and transparent discussions. We are strong advocates for the formation of autonomous, cross-functional teams who are fully empowered to execute our ambitious strategy. We strongly support cross-collaboration and mission driven autonomous teams that are given full authority to implement our ambitious strategy. Our ambitious strategy is implemented by autonomous, mission-driven teams that are fully empowered to act and strongly encouraged to cross-collaborate.

What will you be doing?

ReviewWorking to review and enrich playbooks and see opportunities for automation efficiencies in our Security detection and response capabilities.

Liaising with the Engineering teams on incident response, vulnerability management and remediation actions

Responsible for providing technical expertise in the support of security incidents using a plethora of leading security tools, coupled with continuous learning and training

Working with AWS & GCP Cloud-native security tooling such as GuardDuty, Security Hub, GCP Security Command Center to ensure a level of protection & monitoring of threats in Auctane Public Cloud environments.

Following up on regular security reviews, vulnerability, risk assessments and audits utilising our CSMP tool Wiz and Endpoint vulnerability tool Crowdstrike.

Building relationships with all staff to promote “Security by Design” throughout the Engineering Teams and wider business.

Being part of the internal Infosec / cyber security incident process - investigate suspected attacks and help manage security incidents, including providing post-mortem analysis, identify causes, develop solutions and preventive measures

Responding swiftly to new and emerging security threats and vulnerabilities, investigate suspected attacks and be an integral part of the Information security incident process

Learning and training, to enhance knowledge of Security Orchestration and Automation.

What are we looking for?

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related technical field

8+ years of progressive experience in cybersecurity, with at least 3-5 years in leading large scale cyber security implementations

Experience defining and leading several cyber security programs for large scale organizations

Advanced level experience at least in one or two security domains within the Enterprise and Cloud Infrastructures to develop threat detections and mitigation strategies

Experience leading projects and programs while defining the roadmap and milestones, and communicating with to technical and non-technical stakeholders while advising senior management

Experience leading other engineers and analysts while collaborating with the external team members

Able to balance the demands of delivering high quality and demanding timescales.

Relevant industry certifications (e.g. CISSP, CISM, CRISC, AWS Security, GCP Security)

What will make you stand out?

Expert-level knowledge of AWS, Azure, and/or GCP security

Expertise in vulnerability and risk management across public cloud and enterprise environments

Expertise in leading advanced threats detection and prevention programs in a cross-functional environment

Expertise in developing security patterns with architectural recommendations

Advanced experience in software development practices, automation with basic knowledge of AI

The Tech

AWS, GCP, SaaS, and Enterprise

Artificial Intelligence Solutions (Gemini, Claude, internal)

CNAPP, DSPM, and Cloud Security Solutions

Application Security Technologies (DAST, SAST, SCA, ASM)

Email Security Technologies

SIEM Solutions and Detection Technologies

Google Workspace

Vulnerability Management Solutions

Application Security

Python, PowerShell, Bash

• What do we offer?
• 🌿 1. Health & Well-being
• Auctane prioritizes the health and well-being of our employees and their families.

🩺 HMO Medical Insurance

• Tiered Maximum Benefit Limit (MBL) based on job level.
• Comprehensive coverage for the employee and up to two (2) dependents.

🦷 Dental Insurance

Coverage for essential dental care services.

🧠 Mental Health & Employee Assistance Program (EAP)

Access to confidential counseling and support services for mental health and personal challenges.

🏃 Wellness Program

Initiatives and resources designed to promote physical and mental well-being.

1. Financial Security & Compensation Enhancements

We offer benefits aimed at providing financial stability and enhancing your overall compensation.

❤️ Life Insurance

Financial protection for your loved ones.

⚠️ Accidental Death and Dismemberment (AD&D) Insurance

Additional financial protection in the event of accidental death or dismemberment.

🍽️ Meal and Clothing Allowance

Up to 3,000 PHP per month for meal and clothing expenses.

🎯 Bonuses and Supplemental Income

Opportunity to earn extra wages through company contests and incentives.

1. Time Off & Work-Life Balance

Auctane recognizes the importance of rest and personal time for a healthy work-life balance.

🌴 Paid Vacation Days

15 paid vacation days per year, with additional days increasing with tenure.

🤒 Paid Sick Days

15 paid sick days per year.

🎉 Paid Holidays

Observation of statutory national and local holidays.

💐 Bereavement Leave

Supportive leave in times of personal loss.

1. Professional Development & Recognition

We invest in your continuous growth and acknowledge your contributions to Auctane's success.

📚 Education Benefits

Support for continuous learning and professional development.

🤝 Referral Program

Incentives for recommending great talent to join the team.