Welcome to Cimpress, the world leader in mass customization.
We are audacious, innovative and growing.
As the Lead Security Engineer, you will be responsible for working with Senior IT Security staff and multiple IT organizations across the globe on to reduce risk and exposure of Cimpress and related brands infrastructure. This position requires broad IT background, knowledge of Information Security concepts, control and compliance as well as strong communications skills to effectively manage processes and projects with cross-functional teams.
This is a hands-on position requiring a person with a great deal of system management experience together with a thorough understanding of various security principles.
- Interact with Governance, Risk and Compliance groups as required to help prioritize risk and assess compliance status.
- Tool Development – develop or leverage open source tools to automate tests in CI/CD pipeline
- Assessment of tools for vulnerability management and penetration testing. Ability to conduct Proof of Concepts (PoC) or Request for Proposal (RFP) to determine best solution.
- Preform threat and risk analysis using FAIR methodology
- Work with business owners and developers to explain the associated risks of vulnerabilities to their specific environment or product.
- Experience developing in Python, Ruby, Go, or similar languages.
- Experience deploying Infrastructure as Code (IaC) via Terraform.
- Create integrations between security tools, or write new plugins as needed for existing tools.
- Experience with commercial and open source application and network/infrastructure vulnerability testing tools.
- Manage large amounts of threat and vulnerability data and create tool integrations.
- In-depth understanding of testing web-services (REST, SOAP, and Swagger) a big plus.
- Experience with PCI, SOX regulatory standards.
- Keep up to date on the latest and most advanced offensive security techniques and frameworks.
- Collaborate with “Blue Team” members to help test and prioritize defenses.
Ideal candidate would have:
- DAST or SAST experience, OWASP ZAP, Checkmarx, Burp Suite or equivalent,
- Experience in cloud services (AWS, GCP, Azure)
- Experience with various security tools and products (Tenable, Metasploit, etc…)
- Good understanding of the components of a secure SDLC
- Vulnerability analysis and application reversing skills
- Understanding of cryptography principles
We produce millions of affordable, highly customized, personalized physical products for small businesses and consumers. We're boldly going where no one has gone before here at Cimpress: the scale, complexity and sheer scope of what we do requires us to innovate and solve problems that haven't been solved before. With over $2.1BB in revenue and 40+ offices and manufacturing facilities across the globe creating more than 46 million uniquely designed items annually that serve over 17 million customers worldwide, we're a unique combination of stability, strength, growth and innovation. We're also a place where ideas matter, whether they come from our newest or most senior team members. There's also a lot of fun that goes with doing things no one has ever done before and you can feel it.