Share this Job

Lead Application Security Engineer

Date: Jul 31, 2019

Location: Waltham, MA, US

Company: Cimpress/Vistaprint

Do you enjoy…

Working with, and educating others on building robust and reliable software?


Breaking down and analyzing software design?


Identifying software patterns and designing creative solutions for them?


If so, read on!


Cimpress Security

Cimpress is the world leader in mass customization. You’ve probably heard of our brands, including Vistaprint, WIRmachenDRUCK, Pixartprinting and others. Cimpress Security is looking for a Lead Application Security Engineer who will help build a secure Software Development Lifecycle(SDLC) to secure Cimpress and all of its brands.


In this role, you will focus on delivering a secure SDLC, working with our development community to develop and implement secure coding practices. As a member of the Cimpress Application Security team, you will be working directly to shape our security vision and have a real impact on a large and ever increasing number of developers. 


This is a great opportunity for innovative, entrepreneurial-minded individuals looking to make a large impact in a challenging, highly creative, and ever-evolving culture. Come join us and make your mark!


Lead Application Security Engineer

As a Lead Application Security Engineer, you will provide the architectural expertise and leadership to help drive our secure SDLC to ensure robust and resliant software. You will also have a critical role in ensuring we are providing the right training, development frameworks, and enable our developers the freedom to experiment. We’re seeking someone who is passionate about software developmet and looks for opportunities to improve it.

In this role, you will help Cimpress to succeed by...
... identifying, selecting, designing and integrating tools, frameworks, and processes into our secure SDLC
... identify threats within system architecures, communicate risk via effective use of threat models, and consult on proper mitigations.
... documenting and coaching developers in proper operations and developmement practices



  • Ensure the CI/CD pipeline supports the implementation of secure coding practices and is, itself, secure
  • Identify and develp secure frameworks and patterns to empower our developers to concentrate on delivering new service features not security overhead
  • Work as part of a team of engineers to coach, train, and implement secure coding practices across the Cimpress development communities
  • Design, build, automate and integrate tooling to support our SDLC
  • Ensure the CI/CD pipeline supports the implementation of secure coding practices and is, itself, secure
  • Identify opportunities for automation and implement solutions accordingly


Required Abilities

  • Critical thinker with demonstrated problem solving skills.
  • Excellent communication skills for presenting solutions and sharing knowledge
  • Ability to identify security vulnerabilities from source code reviews/testing and provide security guidance to development teams.
  • Develop and implement technical solutions to help mitigate security vulnerabilities
  • A high degree of initiative required with the ability to work independently or as part of a team.


Required Knowledge

  • Experience developing microservice architectures
  • Expert level understanding of modern web technologies, mobile, and web application security
  • Broad awareness of security engineering concepts and practices across all phases of the software development lifecycle
  • Cloud technologies (AWS, GCP, Azure)
  • Experience providing secure design advice for web based environments
  • Experience of continuous delivery/continuous integration processes and procedures including critical security considerations in automated workflows


Desired Skills/Knowledge/Experience

  • Development experience (Node.JS, Ruby, Python, .NET, Go)
  • Idendity and Access Management (OAuth2, OpenID Connect)
  • Ability to effectively organize, prioritize, multi-task and manage time
  • Security experience not required, but preferred


Equal Opportunity Employer

Cimpress is an Equal Employment Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, sex, national or ethnic origin, nationality, age, religion, citizenship, disability, medical condition, sexual orientation, gender identity, gender presentation, legal or preferred name, marital status, pregnancy, family structure, veteran status or any other basis protected by human rights laws or regulations. This list is not exhaustive and, in fact, in many cases we strive to do more than the law requires.


Nearest Major Market: Waltham
Nearest Secondary Market: Boston

Job Segment: Application Engineering, Medical, Engineer, Developer, Engineering, Security, Healthcare, Technology

Find similar jobs: