Senior Application Security Engineer

📋 Description

• • Zip is at the forefront of revolutionizing modern business operations through its innovative AI-powered procurement platform. In an era where enterprise purchasing has become exceedingly complex, Zip offers a streamlined, consumer-grade user experience, addressing a critical need in a market exceeding $50 billion. The company has rapidly established itself as a leader in this new category, trusted by industry giants like OpenAI, Snowflake, and JPMorgan Chase to manage billions in spend.
• • The Security team at Zip plays a crucial role in safeguarding the confidentiality and integrity of customer data. As the Senior Application Security Engineer, you will be instrumental in building foundational security guardrails, spearheading key security initiatives, and reinforcing the trust our customers place in us. This role is pivotal to Zip's accelerated growth, supporting the launch of new products such as AI Agents and an App Marketplace, and expansion into new markets including EMEA and the Federal government sector.
• • You will be responsible for designing and implementing robust technical controls to proactively identify and mitigate a wide spectrum of security vulnerabilities across our applications and infrastructure. This involves a deep dive into secure coding practices, vulnerability management, and the development of automated security solutions.
• • A core aspect of your role will be to champion secure product development throughout the entire software development lifecycle. This includes conducting thorough design reviews, performing comprehensive threat modeling exercises, integrating and analyzing results from static and dynamic security scanning tools, and executing hands-on security assessments to uncover potential weaknesses.
• • You will play a key role in managing and responding to security findings. This involves validating, triaging, and coordinating the remediation efforts for vulnerabilities reported through our bug bounty program and from third-party penetration tests, ensuring timely and effective resolution.
• • Beyond technical implementation, you will act as a mentor and subject matter expert for security analysts and designated security champions within engineering teams. You will share your expertise on security best practices, emerging threats, and effective mitigation techniques, fostering a culture of security awareness and ownership across the organization.
• • The role requires a proactive approach to identifying and addressing security risks, with a strong ability to balance security requirements with business objectives and development velocity. You will collaborate closely with engineering, product, and other cross-functional teams to embed security seamlessly into our processes and products.
• • You will contribute to the development and maintenance of security tooling and services, writing production-quality code to automate security checks, enhance monitoring capabilities, and improve our overall security posture. This includes working with our technology stack, which comprises Python, React, GraphQL, Kubernetes, and AWS.
• • You will be expected to stay abreast of the latest security threats, vulnerabilities, and industry best practices, continuously evaluating and recommending improvements to our application security program. This includes researching and implementing new security technologies and methodologies to stay ahead of evolving threats.
• • This is a high-impact, hands-on role where you will have the opportunity to shape the future of application security at a rapidly growing, category-defining company. Your work will directly contribute to protecting our users and ensuring the continued success and trustworthiness of Zip's platform.