Security Manager

At Shippo, our vision is bold and clear: we are the shipping layer of the internet. Our mission is to make every merchant successful through excellent shipping, delivering world‑class logistics technology and infrastructure. We’re building the backbone of global e‑commerce — connecting merchants to carriers worldwide through a single API and intuitive dashboard.

As a remote‑first and globally distributed team , we believe flexibility fuels trust, autonomy, and performance. Our diverse perspectives — across continents, cultures, and time zones — drive our innovation and enable us to build solutions used by businesses everywhere. We invest in modern, scalable technology so our teams can build, ship, and iterate with confidence.

Your impact starts here: every person at Shippo plays a direct role in shaping the infrastructure that powers global commerce and makes shipping simpler for businesses around the world.

We’re looking for a Security Manager (Head of Security) to lead and evolve Shippo’s security function.

This role is the single accountable owner for security outcomes at Shippo today. You will define and execute Shippo’s security strategy, drive a focused and impactful security roadmap, and personally lead critical security initiatives hands‑on. You’ll manage a small, high‑leverage security team, while partnering closely with Engineering, Product, Legal, IT, and Leadership to ensure security is built into how Shippo operates and scales.

This is a player‑leader role: deep technical execution, clear ownership, strong judgment, and influence without relying on large team scale.

• Define and own Shippo’s security strategy, translating business goals, customer trust needs, and regulatory requirements into a clear, prioritized security roadmap.
• Plan and execute quarterly security initiatives that deliver meaningful risk reduction and enable business growth.
• Continuously assess Shippo’s threat landscape and adjust priorities as the company, product surface area, and customer needs evolve.

• Secure Shippo’s cloud and application environments, with deep ownership of AWS security architecture and controls.
• Partner with Engineering teams to embed security into the SDLC, including application security reviews, SAST/DAST, dependency management, and secure design practices.
• Own security architecture decisions within your domain, balancing risk, cost, developer velocity, and long‑term maintainability.
• Review infrastructure‑as‑code (Terraform) and cloud configurations to ensure secure‑by‑default standards.

• Own Shippo’s security operations, including incident readiness, response, and post‑incident learning.
• Lead security incidents end‑to‑end – from investigation and containment to postmortems and long‑term remediation – partnering across Engineering, IT, Legal, and Leadership as needed.
• Proactively identify operational gaps, toil, and failure modes; drive automation and process improvements to reduce risk and operational overhead.
• Ensure strong documentation, runbooks, and knowledge sharing across security‑related systems and processes.
• Lead SOC 2 Type II readiness and ongoing compliance, including control design, implementation, evidence collection, audits, and continuous improvement.
• Conduct security risk assessments across applications, infrastructure, vendors, and processes; clearly communicate findings and recommendations to stakeholders.
• Own third‑party and vendor security risk management, ensuring critical vendors meet Shippo’s security expectations.
• Partner with Legal and other stakeholders on data protection, privacy, and regulatory requirements, ensuring security and compliance are built in – not bolted on.

• Serve as the primary security point of contact for customer and partner security inquiries, audits, and escalations.
• Develop and maintain clear, accurate customer‑facing security documentation (e.g., security overviews, questionnaires, trust materials).
• Work with Sales, Support, and Partnerships to ensure security strengthens—not slows—customer trust and growth.

• Act as Shippo’s internal security leader, influencing teams through expertise, clear communication, and strong partnerships rather than hierarchy.
• Make data‑informed security decisions that balance customer impact, business priorities, and long‑term risk.
• Clearly articulate tradeoffs and elevate risks appropriately when decisions exceed your scope or require executive alignment.
• Represent security in planning, reviews, and cross‑functional discussions, ensuring security is considered early – not reactively.
• Lead, coach, and support a small security team, setting clear expectations, providing actionable feedback, and fostering a culture of learning and ownership.
• Hire deliberately as the team grows, prioritizing high‑impact skills and alignment with Shippo’s values.
• Model Shippo’s values – Drivers Not Packages, Ship to Learn, Compassionate Candor, and Our Customers Win – in how you lead and operate.

• Proven experience leading security at a high‑growth technology company, in a role combining hands‑on execution with functional ownership.
• Strong hands‑on expertise in cloud security (AWS), application security, and modern SaaS architectures.
• Practical experience leading SOC 2 Type II compliance and audits.
• Experience owning or leading incident response for real‑world security incidents.
• Ability to translate technical security risks into clear business context for non‑technical stakeholders.
• Strong judgment, ownership mindset, and comfort operating with ambiguity and limited team scale.

• Experience with CSPM tools, WAFs, EDR solutions, and modern AppSec tooling.
• Background in e‑commerce, fintech, logistics, or platform companies.
• Experience building early security functions or scaling security practices alongside company growth.

• Healthcare coverage for medical, dental, and vision (90% covered by the company, incl. dependents). Pets coverage is also available!
• Take‑as‑much‑as‑you‑need vacation policy & flexible workinghours
• One week‑long company wide winter slow down
• WFH stipend to set up your home office
• Charity donation match up to $100
• Dedicated programs, coaching, tools, and resources for your professional and career growth as well as an individual learning stipend for your personal and focused growth
• Fun team in person time through our Shippos Everywhere program which includes regular team and company off‑sites throughout the year as well as local Shippos gatherings

We believe compensation is a custom experience and are commited to fair and equitable compensation practices. The standard base pay range for this role is min is $175k to a max $235k annual salary (we tend to anchor our offers at the mid point $207k). Since we are focused on hiring Shippos Everywhere, we have 2 US pay ranges, a standard compensation range for the majority of the US and a standard +1 compensation range for those who live in areas where the cost of labor is higher, such as NYC and California.

The actual base pay is dependent upon many factors, such as: financial budgets, work experience, training, transferable skills, business needs, and market value. The base pay salary ranges are subject to change and may be modified in the future. Total compensation for this role will include, equity, medical, dental, vision and other benefits noted in our Shippos “package” section.

Sail through the process:

Here at Shippo, we celebrate inclusivity and are committed to creating equal access to opportunities for people from all backgrounds, perspectives and geographies. These values define who we are and everything we do. All qualified individuals are encouraged to apply. If you need assistance, or a reasonable accommodation during the application and recruiting process, please contact us at accommodations@goshippo.com

Shippo’s in the wild:

Our people, much like the packages we help ship, are all over the world. This means, through our remote‑first program, “Shippos Everywhere”, our roles can be based anywhere in the US with the exception of Delaware, Nevada, Ohio, Oregon, Hawaii, New Mexico and West Virginia and many roles can be based internationally.

For locations outside of the US and Ireland, the employment contracts are powered by Remote.com (all Shippo perks still apply – including equity!). What we want to emphasize is that you can be successful at Shippo regardless of location.