Key skills
Application SecuritySecurity Tooling DevelopmentSecurity Risk AssessmentWeb ApplicationsAPIsCloud EnvironmentsPythonReactGraphQLKubernetesAWSCompliance Frameworks - SOC 2Compliance Frameworks - ISO 27001Compliance Frameworks - FedRAMPOffensive SecurityAICommunicationCollaboration
About this role
Zip is an AI platform for enterprise procurement, focused on enhancing collaboration between humans and AI agents. The Senior Application Security Engineer will lead the development of security measures, ensuring the protection of customer data and supporting secure product development.
Responsibilities:
- Design and implement technical controls to eliminate or mitigate classes of security vulnerabilities
- Support the development of secure products through design reviews, threat models, static/dynamic scans, and hands-on security assessments
- Validate, triage, and coordinate security findings from bug bounty and third party pentests
- Mentor security analysts and security champions on security best practices and techniques
Requirements:
- Experience writing production-quality code for security tooling and services
- Strong written and verbal communication with internal and external stakeholders
- A solid understanding of security risks and the ability to balance security with business requirements
- Experience with web applications, APIs, and cloud environments. At Zip, our stack includes Python, React, GraphQL, Kubernetes, and AWS
- Familiarity with compliance frameworks such as SOC 2, ISO 27001, and FedRAMP
- Hands-on experience in offensive security (eg, through bug bounty programs or CTFs)