Senior Application Security Engineer

Remote Engineering

Hi there!

We're looking for someone to join our Engineering team at Zapier as an Application Security Engineer. Are you interested in helping build and secure a powerful automation tool? Yes? Then read on..

To help share a bit more about life at Zapier, here are a few resources:

Zapier is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.

 

About You

You have security chops. You have 3+ years of experience with threat modeling, security architecture, and security reviews is essential for this role.

You have web application security experience.You have experience building and securing software for a SAAS company.  

You have used frameworks to build security in. You believe using standards will give you a head-start. You have used security development frameworks like MS SDL, OpenSAMM, OWASP ASVS, or BSIMM.

You know what makes browsers and sites secure. The web browser is practically the operating system of the internet; these days nearly everything that happens online, happens in a browser.  You’ll have experience keeping customer data safe by ensuring implementations have solid security testing.

You know how security mechanisms work. You're knowledgable with techniques, standards, and state of the art capabilities for authentication (JWT, OpenID, SAML2.0) and authorization (OAuth 2.0). 

You know how to implement a security testing toolchain. You always look for solutions that will automate security testing to avoid manual work (SAST, DAST, SCA, IAST).

You have worked with teams before on large Python, AWS, & Kubernetes projects. You’ve worked in the not too distant past with common frameworks like Django or Flask (React/Backbone.js would be a nice bonus!). You've also worked extensively in cloud providers like AWS.

You love learning. Engineering is an ever-evolving world. You enjoy playing with new tech and exploring areas that you might not have experience with yet.

You love to set your own direction. We have one team meeting and one-on-ones each week. We also like to hang out on video for a few minutes every day to chat with one another. Between those, we chat in Slack and then go make things happen

 

Things You Might Do

Zapier is a small, fast-growing, and remote-first company, so you'll likely get experience on many different projects across the organization. That said, here are some things you'll probably do:

  • Help establish and evangelize our Security Development Lifecycle
  • Grow our Security Champion Program
  • Implement new ways to make it harder to introduce security bugs, through automation, security tooling, and reviews
  • Implement security best practices
  • Create automation to implement security best practices
  • Identify where we can add more layers of defense in depth and implement them
  • Help build internal tooling to ensure safe data access patterns for Zapier employees
  • Review code and design across Zapier's product and infrastructure.
  • Locate weak points across Zapier and strengthen them.
  • Experiment: this is a startup so everything can change
  • As part of our All Hands Support initiative, help customers have the best experience with Zapier as possible.

 

How To Apply

We have a non-standard application process. To jump-start the process we ask a few questions we normally would ask at the start of an interview. This helps speed up the process and lets us get to know you a bit better right out of the gate.

After you apply, you are going to hear back from us, even if we don't seem like a good fit. In fact, throughout the process, we strive to make sure you never go more than seven days without hearing from us.

 

About Zapier

For the past nine years, Zapier has been helping people across the world automate the boring and tedious parts of their job. We do that by helping everyone connect the web applications they already use and love.

We believe that there are jobs a computer is best at doing and that there are jobs a human is best at doing. We want to empower businesses to create processes and systems that let computers do what they are best at doing and let humans do what they are best at doing.

We believe that with the right tools, you can have big impact with less hassle.

We believe in small teams. Small teams are fast and nimble. Small teams mean less bureaucracy and less management and more getting things done.

We believe in a safe, welcoming, and inclusive environment. All teammates at Zapier agree to a code of conduct.

 

The Whole Package

We're currently hiring for the following locations:

  • Europe
  • North America

Compensation:

  • Competitive salary (we don't use remote as an excuse to pay less)
  • Great healthcare + dental + vision coverage*
  • Retirement plan with 4% company match*
  • Profit sharing
  • 2 annual company retreats to awesome places
  • 14 weeks paid leave for new parents of biological or adopted children
  • Pick your own equipment. We'll set you up with whatever Apple laptop + monitor combo you want plus any software you need.
  • Unlimited vacation policy. Plus we require you to take at least 2 weeks off each year. We see most employees take 4-5 weeks off per year. This isn't a vague policy where unlimited vacation means no vacation.
  • Work with awesome companies around the world. We partner with great software companies all over the world and you'll constantly get to interact with people from these great companies

*While we take care of our international folks as best we can, currently, healthcare and retirement plans are only available to US, Canada, and UK based employees.

Optional: Share anonymously some demographic information about yourself to help us better track trends related to the backgrounds of candidates interested in working at Zapier in order for us to build a team that represents the users at Zapier and the broader world population.

Zapier is an equal opportunity employer. We're excited to work with talented and empathetic people no matter their race, color, gender, sexual orientation, religion, national origin, physical or mental disability, or age. Our code of conduct provides a beacon for the kind of company we strive to be, and we celebrate our differences because those differences are what allow us to make a product that serves a global user base.


Zapier

zapier.com

Zapier makes you happier by automating away the tedious, time-consuming tasks that eat up productivity. With Zapier, you can connect over 1400 different apps.


View all jobs
Apply now