Parcel Perform

Overview of job

Parcel Perform is looking for our first dedicated security specialist to lead a hardening program inspired by Anthropic's Project Glasswing.

You have 5+ years of hands-on security experience with time on the offensive side, you can red team across web, API, AWS, Kubernetes, and identity layers, and you're as comfortable writing Terraform and shipping hardening MRs as you are writing a pen test report? You're self-directed, drawn to AI and agent security as the next frontier, and ready to operate as the only security specialist on the team (not because you're alone, but because no one above you will tell you what to look at next)? Help us build a platform we can be proud of and join our team. We are looking for you!

WE NEED YOU ON OUR TEAM!

You will lead Parcel Perform's security hardening program. You will be the only security specialist on the team, working closely with our Infrastructure team and the CTO Office to find vulnerabilities before others do and build the preventive controls that close them.

• Red team Parcel Perform's own systems. Probe our web applications, APIs, cloud infrastructure (AWS), Kubernetes clusters, identity and access layers, and network boundaries. Find what an external attacker would find, but first.
• Own a living vulnerability backlog. Triage, prioritize, and drive remediation. Connect findings to the tech debt budget so they get fixed, not just filed.
• Build preventive controls hands-on. Write the Terraform, ship the IaC, configure the security tooling, and push hardening MRs directly into service repos. This is a builder role first; enablement and standards-setting are the growth direction as the program matures.
• Own foundational security infrastructure: Tailscale rollout, secrets management, vulnerability scanning, dependency hygiene, supply chain controls. Decide what we need, then build it.
• Partner with the Infrastructure team on platform hardening and with squad developers on service-level remediation. You won't be alone, but you will be the specialist.
• Report security posture to the CTO Office on a regular cadence. Surface risks honestly. Recommend trade-offs when perfect security isn't affordable.
• Shape our external pen test engagement. Decide what we keep in-house and what we contract out, and run that program.
• Create and maintain security documentation, runbooks, and incident response playbooks for security events.
• Grow into Parcel Perform's AI and agent security lead. As our agentic systems mature (Claude Code, MCP, internal agents), the attack surface expands into prompt injection, agent exploitation, and LLM data exfiltration. This is where we are heading, and where you will eventually lead.
• Stay current on threats relevant to our stack and our customers. Translate what is happening in the wider security world into actions we should take.

This role is for someone who is genuinely curious about how systems break and equally interested in building the systems that don't. It is a one-person team in the sense that there is no senior security person above you to defer to. You set the agenda, defend it, and execute it. We aren't here for ease anyway. We are here for people who want to operate at the next level.

WHAT YOU WILL RECEIVE IN RETURN!

We at Parcel Perform are dedicated to being a platform for growth for all our team members, regardless of function and location.

• The opportunity to work in a fast-growing, super exciting and innovative business that will revolutionize the e-commerce logistics industry. You will be the needle of success on the growth of a global product that will become a key platform behind successful e-commerce logistics worldwide.
• Fully sponsored Claude usage — As part of our commitment to AI-first ways of working, we provide sponsored access to Claude (Desktop, CoWork, and Code) to support smarter, more efficient workflows across the team.
• Submerge in the bleeding-edge of Agentic Development — We don’t simply supplement an existing process with AI tools, we rework every aspect of the software development life cycle, from requirement gathering, implementation, to testing. We believe the productivity multiplication of AI doesn’t just come from individual applications but also from an entire system that embraces it into every fabric.
• An environment where everybody never stops growing and focuses on succeeding – we continuously work with you on your strengths and weaknesses across many important dimensions and look at ways for you to address them and further your development.
• Join a passionate, global team at Parcel Perform where you can continuously develop your skills and actively drive our missions and international success.

OUR BENEFITS!

Parcel Perform is committed to providing a comprehensive and competitive benefits package that supports the wellbeing, growth, and performance of our employees.

• Competitive compensation package
• 13th month salary and ESOP
• Private health insurance and annual health check-up
• Hybrid working, flexible hours, and unlimited leave
• Learning support fund for professional development
• Access to AI tools, innovation initiatives, AI Training Support Fund
• Company-provided laptop & monitor
• Complimentary lunch and daily snacks
• Employee care programs and engagement activities

WHO WE ARE AT PARCEL PERFORM!

Parcel Perform is built on one of the largest logistics data infrastructures in delivery experience, processing billions of shipment events across 1,100+ carriers.

We help customers optimize every stage—from EDD at checkout through post-purchase, returns, and logistics operations. Now the benchmark in delivery experience, Parcel Perform is the strategic partner that enables global e-commerce businesses to thrive in the age of AI Commerce.

As AI shopping assistants reshape how consumers discover and buy, brands face a new imperative: get found by AI, then consistently deliver on promises. Parcel Perform helps e-commerce brands achieve AI visibility, then provide the cost-efficient delivery experience that turns every successful shipment into proof of reliability—building the trust that earns repeat AI recommendations. 

The platform handles enterprise complexity with the agility to go live in weeks—built for the speed of AI without sacrificing customization.

We at Parcel Perform believe in innovation, energy, and resourcefulness for everything we do. Security is no different. We won't stop hardening a platform we can be proud of, and we need you to help us get there. You need to feel the same way about the offering and bring along the following:

• Educational background, preferably in computer science, engineering, or a closely related field. A strong self-taught track record is equally welcome.
• 5+ years of hands-on security experience, with meaningful time on the offensive side. Senior to Staff level profiles both welcomed; budget supports Staff.
• Full-stack offensive security capability: web application and API pen testing, cloud (AWS) exploitation, Kubernetes attack paths, IAM and SSO weaknesses, network lateral movement. Comfortable thinking like an attacker across the whole stack, not just the part you know best.
• Hands-on builder skills. Comfortable writing Terraform, building CI/CD security pipelines, shipping code into service repos, and operating infrastructure-as-code workflows. You will spend real hours in an IDE and a terminal, not just in reports.
• Strong programming ability. Python preferred, given our stack; familiarity with Go or Rust welcome.
• Genuine curiosity about AI and agentic system security. You don't need to have done it yet, but you should be drawn to the questions: how does an agent get compromised, how does prompt injection escalate, how do we contain an LLM that can call tools.
• Comfortable operating as the only security specialist on the team. You are not alone, but you will not have a senior security person above you to whom you can escalate. Self-direction, prioritization, and judgment are required from day one.
• Familiarity with relevant standards and frameworks (SOC 2, ISO 27001, OWASP). Practical application matters more than certification, but OSCP, OSCE, CISSP, or equivalent is a plus.