It's our time to scale. It's your time to be part of something big.
Tulip's mission is bold. We're a team of experts who have worked with and for retailers over the past 20 years. We are driven to disrupt an entire industry and enable one of the world's largest job markets.Tulip has built a retail mobile software platform that empowers leading retailers such as Mulberry, Chanel, Saks Fifth Avenue, Kate Spade, Coach, and Michael Kors to give mobile devices to their store associates so they can elevate service, sell more and provide a personalized experience.Tulip is a place you come to make an impact, working with like-minded people to build something meaningful using the best technology.
We are growing, and while lean is great, we need more people, energy, innovation, and talent.Working on the Security Team, as a Senior Information Security Analyst, you will be planning, implementing and monitoring information security measures designed to measure and protect our information infrastructure. Your goal will be to keep us deploying our applications safely and to find and fix problems before they become an issue. Your focus will be compliance and policies, but you’ll have a hand in technical issues and application security testing as well. You will work in a small team, but will interact with the whole company.
You are passionate about learning and growing your skills along with the rest of the team. You find security fascinating and endlessly interesting.Our security tools include LogRhythm; AWS CloudWatch Logs; AWS CloudTrail; GCP StackDriver; osquery; Veracode; InsightVM by Rapid7; BurpSuite, OWASP ZAP. We support a diverse application stack including PHP, MySQL, Go, React and moreWhat you will do:
- You will be a security advocate to the rest of the organization - you will be an information resource for users, helping them identify and avoid security threats
- You will participate in specific projects to improve monitoring and security systems, seeing them through to completion.
- You will help operate the Security Information and Event Management (SIEM) system
- You will help maintain and operate dynamic scanning processes for Tulip Retail’s products and systems
- You will take ownership of our existing PCI compliance program and work on assessments
- You will help evaluate and triage vulnerabilities reported through automated and manual testing and other sources
- You will participate in incident response and post-mortems
- You can help us continue to improve our security incident handling practices, security policies and procedures, and secure software development lifecycle practices
What you bring:Must Have:
- You have 4-8 years of Information Security or Risk Management/Compliance experience
- Experience with SOC type 2 certification and PCI audits
- Security architecture fundamentals and best practices experience - identity, authentication, authorization, mobile application security
- You understand how security standards, including the PCI DSS, ISO 27002 and related standards, can build consensus around security and focus efforts
- Strong technical security knowledge - the OWASP Top Ten; dynamic and static vulnerability scanning; monitoring and alerting; Linux; Apache; nginx; MySQL; Kubernetes; Docker; BurpSuite
- Knowledge of best practices, including security incident handling best practices, application security “shift left” mentality, threat modeling, and secure software development lifecycle practices
Nice to Have:
- Experience with Amazon Web Services, Google Cloud Platform, Docker and similar cloud technologies
- Additional technical skills are helpful but not required - Linux, programming, SQL, networking
- Security certifications (CISSP, etc) will be considered, but are not required
Tulip has perks, career progress, and an intimate culture. We have:
- Embraced remote culture! Work remotely, permanently, and full-time.
- A “workcation” benefit that’ll let you work reduced hours in order to extend your vacations
- An excellent healthcare plan with no wait time, paid parental leave, and corporate gym rates.
- A culture of openness and idea generation. We have monthly all-hands and quarterly town halls. We pride ourselves on our transparency and keeping it real. From the most senior to the newest team member, we give you access to decision makers and career building work.
- The opportunity to grow and apply new skills be it hands-on or leadership. We prioritize diversity, inclusion, and building a community. We're a little weird but in a good way.
Why we are awesome.Tulip is hungry and humble. When you join Tulip, you'll be part of a strong, thriving, diverse group of people who come from different disciplines, countries, and experiences. We do what we love and it shows in our unrelenting pursuit of affecting real change. We believe in investing in our people, building positive relationships with our customers, and treating our work like our craft.Tulip is at the cutting edge of technology. We work with big-name retailers. It's a chance to step up to solving complex technical problems and develop a deeper understanding of the retail world while being part of a niche startup style company.
We don't fear failure; we embrace challenges. We're excited about taking the lesser known paths, using the open source tools and keeping up with the pace of evolving tech solutions. It's fun, it's fast, and it's future-focused.Tulip gives back. Inspired, passionate, and committed people helped make us the successful company we are today. We challenge norms and put people before profits. Our founder, Ali Asaria, created The Tulip Foundation, a charity controlled by all of us, the employees. We believe we can build a great company that changes the technical space while simultaneously giving back to society and the community.Join us.Tulip Retail is strongly committed to equal opportunities in employment.
We welcome applications from all minority group members, women, Aboriginal persons, persons with disabilities, members of sexual minority groups, and others who may contribute to the further diversification of Tulip Retail.Tulip Retail welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.Feel like you can’t tick all the boxes above? If you have some of the skills and experience that we’re looking for and are willing to use your talent to learn the rest, we encourage you to apply.
