Zip Co

Senior Security Engineer

Zip Co β€’ $160K β€” $240K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Production-quality coding experience with security tools and services
  • Strong written and verbal communication with various stakeholders
  • Understanding of security risks and balancing security with business needs
  • Experience with web applications, APIs, and cloud environments (Python, React, GraphQL, Kubernetes, AWS)

Responsibilities

  • Design and implement security controls to mitigate vulnerabilities
  • Support secure product development through reviews and assessments
  • Validate and coordinate security findings from bug bounty and pentests
  • Mentor analysts on security best practices

Benefits

  • Start-up equity
  • Full health, vision & dental coverage
  • Catered lunches & dinners for SF employees
  • Commuter benefit
  • Team building events & happy hours
  • Flexible PTO
  • Apple equipment plus home office budget
  • 401k plan
Full Job Description
Your Role

The Security team at Zip is responsible for protecting the confidentiality and integrity of our customers' data. As a Security Engineer, you'll take on a dynamic, high-impact role focused on securing the cloud infrastructure that Zip runs on. You'll lead efforts to harden our AWS environment, build foundational security guardrails, and launch key initiatives that solidify the trust customers place in us. Your contributions will be pivotal to the success of Zip's rapid growth as we launch new products, such as AI Agents and an App Marketplace, and enter new markets. We move quickly to solve a wide range of complex technical challenges. While we're an experienced team that provides constant guidance and mentorship, we value engineers who can autonomously scope and solve hard problems.

You Will
  • Design, harden, and operate Zip's AWS architecture - multi-account structure, VPC networking, IAM, and KMS, to eliminate or mitigate entire classes of misconfiguration and vulnerability.
  • Build and maintain golden images and a patch management program across our compute fleet (EC2, containers, and Kubernetes nodes) so infrastructure stays current and secure by default.
  • Codify security into infrastructure as code and CI/CD pipelines through secure baselines, drift detection, and policy-as-code.
  • Lead cloud security initiatives spanning workload identity, secrets management, vulnerability management, and logging and detection across our AWS footprint.
  • Partner on secure design through architecture reviews, threat models, and hands-on assessments of cloud services and infrastructure.
  • Validate, triage, and coordinate security findings from bug bounty, third-party pentests, and cloud security posture scans.
  • Mentor security analysts and security champions on cloud security best practices and techniques.


Qualifications
  • Hands-on experience designing and securing AWS environments, including IAM, VPC networking, KMS, and core services.
  • Experience writing production-quality code for security tooling, automation, and infrastructure as code. At Zip, our stack includes Python, Terraform, Kubernetes, and AWS.
  • Familiarity with containers and Kubernetes security.
  • Strong written and verbal communication with internal and external stakeholders.
  • A solid understanding of security risk and the ability to balance security with business requirements.
  • Has to be a US citizen or permanent resident.


Nice to haves
  • Familiarity with compliance frameworks such as SOC 2, ISO 27001, and ISO 42001
  • Hands-on experience in offensive security (eg, through bug bounty programs or CTFs)

The salary range for this role is $160,000 - $240,000. The salary for this position is determined based on a variety of job-related factors that may include location, relevant experience, education, or particular skills and expertise.

Perks & Benefits

At Zip, we're committed to providing our employees with everything they need to do their best work.
  • Start-up equity
  • 🦷 100% health, vision & dental coverage options
  • Catered breakfast, lunch, & dinner
  • Flexible PTO
  • πŸ‹ ClassPass membership
  • 🚍 Monthly commuter benefit
  • 🚠 Team building events & happy hours
  • Home office stipend
  • πŸ›œ Phone/internet reimbursement
  • Paid parental leave
  • πŸ§’πŸ§’ Fertility stipend
  • 401k plan
  • Unlimited AI token usage


About Zip Co

Zip Co Limited previously known as ZipMoney Limited is an Australian public limited financial technology company. The company was founded in 2013 and is headquartered in Sydney. In September 2020, Zip acquired the US-based β€˜Buy Now, Pay Later’ company Quadpay to grow its American footprint. The company now has operations in Australia, Canada, Czech Republic, India, Mexico, New Zealand, the Philippines, Poland, Saudi Arabia, Singapore, South Africa, UAE, the United Kingdom and the USA. It currently has around 81,000 retail partners and over 9,900,000 customers. As of March 2021, Zip Co's market cap was $5.83 billion.
Learn more about Zip Co

Similar Jobs

More Jobs at Zip Co

More Information Technology Jobs

Find similar Senior Security Engineer jobs: