Convoy is transforming the $800 billion trucking industry. Our mission is to transport the world with endless capacity and zero waste. The industry is huge and so is the opportunity to fundamentally change the way freight moves across America and beyond for the better.

We are passionate about thinking big and solving really complex problems to make the lives of truck drivers, shippers, and other people in the freight industry easier through our innovation and technology. There will always be a better, more efficient way to transport goods, and we won’t ever stop inventing it.

Founded in 2015, we’re a mission-driven, well-funded, fast-growing startup, backed by world-class investors, including CapitalG, the growth equity investment fund of Google, and leading industry disruptors, including the founders and CEOs of Amazon, Salesforce, eBay, Linkedin, Expedia, Dropbox, KKR, Starbucks, and others. We were named one of Washington State’s top places to work, a LinkedIn Top Startup and were the recipient of the GeekWire Next Tech Titan in 2018.

The Engineering Security team is responsible for the overall application and data security of Convoy’s services. We are focused on finding, fixing, and preventing application vulnerabilities as well as continually improving the secure software development lifecycle followed by all of Engineering at Convoy.

What you'll do:

• Instill and empower a culture of secure development and deployment across Engineering through static and dynamic code review, threat modeling, and penetration testing.
• Supply subject matter expertise during system design and implementation on topics like encryption in transit and at rest, least privilege access control, and secure-by-default configuration.
• Develop automation, tooling, and tests to validate best practices.
• Respond to security incidents and responsible disclosures.
• Work side-by-side with every development and operations team inside the company.

Desired skills and experience:

• 3+ years of industry experience in a security or software engineering role.
• Web or mobile application penetration testing.
• Broad security domain knowledge in common application vulnerabilities (OWASP Top 10) and their mitigations.
• Proficient in any common scripting language.
• An understanding and continued interest in common attacker techniques, tools, and behaviors.
• The ability to dive deep into new technologies and learn quickly.
• Strong written and verbal communication skills to communicate with all levels of the organization.

Convoy is an equal-opportunity employer and we welcome applicants from all backgrounds. If you’re a passionate team player who wants to have an outsized impact on a diverse and dynamic team, we’d love to hear from you!

Candidates must be eligible to work at Convoy HQ in Seattle.