Postmates runs one of the largest real-time delivery fleets in the country. Building a software platform that is reliable, scales, and stays agile under demanding product needs is a serious technical challenge. Postmates isn’t just another ad platform or mobile app for delivering static user-generated content: We have real customers paying real money for a real service, all in minutes.
As a Security Engineer - Infrastructure, you will be responsible for securing the Postmates platform and infrastructure. We’re looking for an engineer who is well versed in current cryptographic techniques, authentication, and other aspects of network/cloud infrastructure security.

Security Engineering

• Work with various engineering teams and technical stakeholders to perform security reviews, define security requirements and provide recommendations for the enhancement of Postmates web and mobile services (Platform) as well as third party vendor services.
• Help harden our infrastructure to avoid exploits and privilege escalation.
• Design and deploy infrastructure for authentication/encryption key management, protocol config and library management, secure networking, logging, threat detection, etc.
• Instrument systems and the network infrastructure to understand network flow / traffic flow, and detect intrusions.
• Build reusable, testable, scalable, efficient, and economic security automation tooling.
• Identify architectural deficiencies and develop/implement vulnerability mitigation strategies to address them.
• Enhance, implement and maintain vulnerability management tooling and programs.
• Identify use cases that can be built with existing tooling (SIEM, IDS, FIM etc.) to enhance both security automation and risk posture.
• Assist in conducting routine network and application penetration testing using familiar tooling such as (Nmap, Nessus, Burp suite, etc.)
• Familiarity with common compliance standards, such as CIS Benchmarks, PCI-DSS 3.2, NIST 800-53 and SOC 2.
• Experience in using REST and gRPC APIs to integrate security technologies, CI/CD and Git/Github (GitOps) DevSecOps workflows.

Cloud security experience:

• Google Cloud Platform (GCP) / Amazon Web Services (AWS)
• Configuration & Analysis (VPC, IAM, NACLs, Security Groups, Cloud Audit Logs, etc.)
  

Containerization & Secure Configuration Management:

• Hands-on experience working with Docker and Kubernetes and securing K8s deployments according to “hard multi-tenancy” guidelines and methods.
• Development of secure configuration baselines using tools such as Terraform, Saltstack, Ansible, CloudFormation etc.
• Experience developing Linux Hardening standards: (e.g., Debian, Ubuntu) following community consensus practices such as CIS/Center For Internet Security.

Incident Response:

• Provide support for security incident response function and rotation as needed.
  

Coding Languages:

• Python, Go, Javascript, etc.

Required Experience/Qualifications:

• 5+ years’ experience working with cloud infrastructure, IAM, network and security policies.
• 5+ years’ experience in security code review (Python and related web frameworks, Go, JavaScript etc.)
• 5+ years in automating security testing and developing security tooling.
• Knowledge of cloud security concepts and architecture (GCP, AWS)
• Knowledge of current cryptographic algorithms, cipher suites, threats and mitigations.
• Bachelor's degree (or equivalent experience) required.
• An ability to work independently on complex projects.

Preferred Experience/Qualifications:

• Familiarity working within a team scrum / kanban workflow to manage time and improve work efficiency.
• CISSP, CCSP, CPT, CEH certified.