Security Engineer II

Vancouver or Toronto
Engineering /
Salaried FTE /
Who we are: 
We are a brilliant team making our history to evolve the commerce industry. fabric is the next-generation commerce platform that is designed to provide the commerce services customers expect so they can build world-class experiences, anywhere. 

fabric is on a mission to revolutionize commerce for everyone, and we empower businesses that are striving to deliver commerce that drives conversion and customer outcomes. Leading retailers, including Chico’s, Brooklinen, and Ashley’s Furniture, trust fabric to run their modern commerce business. Headquartered in San Francisco, fabric was founded in 2017 by a group of industry veterans determined to bring the same technical principles found at Amazon to retail.

No matter what field you are in, fabric has exciting opportunities for people passionate about making a difference and skilled at what they do!

Here are four questions you should ask yourself:
- Do I believe in fabric's mission?
- Am I eager to build cool things?
- Am I excited to collaborate with brilliant people?
- Am I motivated to disrupt e-commerce?

If the answer is yes, we want to talk to you!

Where we hire:
Canada (Toronto & Vancouver)

Your next career:

Your next career move should be bold and we have the experience you are seeking. We build and ship products & solutions that enable merchants to compete and deliver a world-class differentiated shopping experience online.

The successful candidate will have prior experience in application security in the retail/ecommerce industry and is a hands-on technologist. This person is comfortable with multiple priorities in a fast-paced environment and is responsible for the ownership of key projects within the security space. You will also be responsible for driving for secure code design and integration of our software stack to keep our customers’ data safe while focusing on mitigating attack risks, securing cloud transformation, and fostering a culture of security and reliability within the company.

Your responsibilities:
- Ability to work independently and as part of a team.
- Collaborate with IT, engineering and operations teams to integrate security best practices into our systems and software development lifecycle.
- Design, deploy, and maintain centralized security tools, technologies, and controls to monitor and protect our infrastructure and applications.
- Develop and maintain security metrics to track progress toward security goals.
- Conduct security reviews for new and existing software systems, integrations, and operational processes, which includes security testing and vulnerability scanning.
- Build and manage services, tools, and integrations that will automate security controls within CI/CD pipelines.
- Assess, identify, and monitor security risks, vulnerabilities, and threats, and develop effective mitigation strategies with engineering stakeholders to ensure timely remediations.
- Participate in security detection, incident response, and post-response activities.
- Support and drive compliance programs with relevant regulations and industry standards (e.g., PCI DSS, SOC2, NIST).

What you bring to the table: 
- 5+ years of prior experience in security engineering/applications security
- 2+ years of experience with AWS
- Experience with scripting languages such as Python or JavaScript.
- Experience working with OWASP and NIST security standards and frameworks. 
- Experience within DevSecOps, CI/CD processes, SDLC, and related tools such as Jira, Jenkins, Artifactory, Bitbucket, GitHub, GitLab, etc.
- Ability to establish and report metrics and KPIs to the executive leadership team to measure the effectiveness of Security Engineering

Preferred Skills:
- Excellent written and verbal communication skills
- Previous experience as a DevOps/DevSecOps Engineer supporting applications and platforms running in private or public cloud (such as Rancher, Anthos, AWS, GCP, VMWare)
- Hands-on knowledge of AWS security tools e.g., AWS WAF, AWS Cloudtrail, AWS Guard Duty, AWS Security Hub.
- Prefer AWS Security Speciality certification.
- Experience with SIEM tools like Grafana, Datadog
- Proven experience in information security, with a focus on ecommerce or web applications.
- Strong knowledge of security architectures, cloud deployment paradigms, and common security principles.Experience integrating security solutions into CI/CD workflows and toolsets.

The base salary for this role will be between CAD $109K to 145K
$109,000 - $145,000 a year
What we bring to the table:
- Competitive compensation packages
- PTO and Holiday plans
- Benefits packages which include Medical, Dental, Life, and Vision
- Wellness & Technology Programs 
- Retirement Savings Plan
- Fast-paced, fun and collaborative environment 
- A team invested in you both personally and professionally