Your RoleThe Security team at Zip is responsible for protecting the confidentiality and integrity of our customers' data. As a Security Engineer, you'll take on a dynamic, high-impact role focused on securing the cloud infrastructure that Zip runs on. You'll lead efforts to harden our AWS environment, build foundational security guardrails, and launch key initiatives that solidify the trust customers place in us. Your contributions will be pivotal to the success of Zip's rapid growth as we launch new products, such as AI Agents and an App Marketplace, and enter new markets. We move quickly to solve a wide range of complex technical challenges. While we're an experienced team that provides constant guidance and mentorship, we value engineers who can autonomously scope and solve hard problems.
You Will- Design, harden, and operate Zip's AWS architecture - multi-account structure, VPC networking, IAM, and KMS, to eliminate or mitigate entire classes of misconfiguration and vulnerability.
- Build and maintain golden images and a patch management program across our compute fleet (EC2, containers, and Kubernetes nodes) so infrastructure stays current and secure by default.
- Codify security into infrastructure as code and CI/CD pipelines through secure baselines, drift detection, and policy-as-code.
- Lead cloud security initiatives spanning workload identity, secrets management, vulnerability management, and logging and detection across our AWS footprint.
- Partner on secure design through architecture reviews, threat models, and hands-on assessments of cloud services and infrastructure.
- Validate, triage, and coordinate security findings from bug bounty, third-party pentests, and cloud security posture scans.
- Mentor security analysts and security champions on cloud security best practices and techniques.
Qualifications- Hands-on experience designing and securing AWS environments, including IAM, VPC networking, KMS, and core services.
- Experience writing production-quality code for security tooling, automation, and infrastructure as code. At Zip, our stack includes Python, Terraform, Kubernetes, and AWS.
- Familiarity with containers and Kubernetes security.
- Strong written and verbal communication with internal and external stakeholders.
- A solid understanding of security risk and the ability to balance security with business requirements.
- Has to be a US citizen or permanent resident.
Nice to haves- Familiarity with compliance frameworks such as SOC 2, ISO 27001, and ISO 42001
- Hands-on experience in offensive security (eg, through bug bounty programs or CTFs)
The salary range for this role is $160,000 - $240,000. The salary for this position is determined based on a variety of job-related factors that may include location, relevant experience, education, or particular skills and expertise.
Perks & BenefitsAt Zip, we're committed to providing our employees with everything they need to do their best work.
- Start-up equity
- π¦· 100% health, vision & dental coverage options
- Catered breakfast, lunch, & dinner
- Flexible PTO
- π ClassPass membership
- π Monthly commuter benefit
- π Team building events & happy hours
- Home office stipend
- π Phone/internet reimbursement
- Paid parental leave
- π§π§ Fertility stipend
- 401k plan
- Unlimited AI token usage