Application Security Specialist

It's our time to scale. It's your time to be part of something big.

Tulip's mission is bold. We're a team of experts who have worked with and for retailers over the past 20 years. We are driven to disrupt an entire industry and enable one of the world's largest job markets.

Tulip has built a retail mobile software platform that empowers leading retailers such as Mulberry, Chanel, Saks Fifth Avenue, Kate Spade, Coach, and Michael Kors to give mobile devices to their store associates so they can elevate service, sell more and provide a personalized experience.

Tulip is a place you come to make an impact, working with like-minded people to build something meaningful using the best technology. We are growing, and while lean is great, we need more people, energy, innovation and talent.

As an Application Security Specialist, you will be planning, implementing and monitoring information security measures designed to measure and protect our information infrastructure. You will be communicating with developers to identify vulnerabilities. Your goal will be to keep us deploying our applications safely and to proactively find and fix problems before they become an issue.

Our security tools include LogRhythm SIEM; AWS CloudWatch Logs; AWS CloudTrail; Google Cloud Platform; osquery; Falco; SonarQube; Rapid7 Insight; BurpSuite, OWASP ZAP. We support a diverse stack including PHP, MySQL, Go, React, Docker, Kubernetes and more

What you’ll do:

• You will be an information resource for application security for developers - helping them architect and design systems and identify, remove and test vulnerabilities through manual and automated systems
• You will operate our static and dynamic application scanning systems
• You will interact with our external pentesters and respond to their reports
• You will take charge of specific projects to improve monitoring and security systems, seeing them through to completion
• You will work with our Cloud Platform DevOps team to improve
• You will run threat modeling sessions with developers and product owners
• You will participate in incident response and post-mortems

What you bring:

• 4-6 years of experience in Information Security and Secure Software Development
• Strong development knowledge - you must be able to talk the language of developers and be able to help them grow their security knowledge
• Security architecture fundamentals and best practices experience - identity, authentication, authorization, mobile application security
• Strong technical security knowledge - the OWASP Top Ten; dynamic and static vulnerability scanning; monitoring and alerting; Linux; Apache; nginx; MySQL; Kubernetes; Docker; BurpSuite
• Knowledge of best practices, including security incident handling best practices, application security “shift left” mentality, threat modeling, and secure software development lifecycle practices

BONUS SKILLS

• Experience with Amazon Web Services and Google Cloud Platform is an asset
• Experience with Terraform is an asset
• Security certifications (CISSP, OSCP, etc) are an asset

Tulip has perks, career progress, and an intimate culture. We have:

• Embraced remote culture! Work remotely, permanently, and full-time.
• Ability for employees in many roles to choose to work a 4½ or 4-day week.
• A “workcation” benefit that’ll let you work reduced hours in order to extend your vacations
• An excellent healthcare plan with no wait time, paid parental leave, and corporate gym rates.
• A culture of openness and idea generation. We have weekly all-hands and quarterly town halls. We pride ourselves on our transparency and keeping it real. From the most senior to the newest team member, we give you access to decision makers and career-building work.
• The opportunity to grow and apply new skills be it hands-on or leadership. We prioritize diversity, inclusion, and building a community. We're a little weird but in a good way.

Why we are awesome.

Tulip is hungry and humble. When you join Tulip, you'll be part of a strong, thriving, diverse group of people who come from different disciplines, countries, and experiences. We do what we love and it shows in our unrelenting pursuit of affecting real change. We believe in investing in our people, building positive relationships with our customers, and treating our work like our craft.

Tulip is at the cutting edge of technology. We work with big-name retailers. It's a chance to step up to solving complex technical problems and develop a deeper understanding of the retail world while being part of a niche startup style company. We don't fear failure; we embrace challenges. We're excited about taking the lesser known paths, using the open source tools and keeping up with the pace of evolving tech solutions. It's fun, it's fast, and it's future-focused.

Tulip gives back. Inspired, passionate, and committed people helped make us the successful company we are today. We challenge norms and put people before profits. We believe we can build a great company that changes the technical space while simultaneously giving back to society and the community.

Join us.

Feel like you can't tick all the boxes? If you have some of the skills and experience that we're looking for and are willing to use your talent to learn the rest, we encourage you to apply.

Tulip Retail is strongly committed to equal opportunities in employment. We welcome applications from all minority group members, women, Aboriginal persons, persons with disabilities, members of sexual minority groups, and others who may contribute to the further diversification of Tulip Retail.

Tulip Retail welcomes and encourages applications from people with disabilities. Accommodations are available by request for candidates taking part in all aspects of the selection process.