Senior Application Security Engineer at Zip

ABOUT ZIP Here at Zip, we're reimagining how modern businesses function in the age of AI. The simple task of buying software, services, or tools at work has become hopelessly complicated at even the most innovative companies in the world. Today, enterprises spend $120T+ per year globally (>30 times larger than annual consumer e-commerce spend) and rely on vendors more than ever before to run their businesses. Our co-founders started Zip in 2020 to address this seemingly universal problem with a purpose-built procurement platform that provides a simple, consumer-grade user experience. Within the last 5 years, Zip has created a new category and developed the leading solution in this $50B+ TAM space. Today, the world’s leading companies like OpenAI, Snowflake, Anthropic, Coinbase, and JPMorgan Chase rely on Zip to manage billions of dollars in spend. We have a world-class team coming from category-defining companies like Airbnb, Meta, Stripe, Salesforce, Apple, and Google. With a $2.2 billion valuation and $370 million in funding from Y Combinator, Tiger Global, BOND, DST Global, and CRV, we’re focused on developing cutting-edge technology, expanding into new global markets, and—above all–driving incredible value for our customers. Join us! The Security team at Zip is responsible for protecting the confidentiality and integrity of our customers’ data. As our first Application Security Engineer, you will take on a dynamic and high impact role. You will lead our efforts to build foundational security guardrails, launch key security initiatives, and solidify trust customers place in us. Your contributions will be pivotal to the success of Zip’s rapid growth as we launch new products, such as AI Agents and an App Marketplace, and enter into new markets, including EMEA and the Federal government space. We move quickly to solve a wide range of complex technical and product challenges. While we are an experienced team that can provide constant guidance and mentorship, we value engineers who can autonomously scope and solve complex technical challenges. You will - Design and implement technical controls to eliminate or mitigate classes of security vulnerabilities. - Support the development of secure products through design reviews, threat models, static/dynamic scans, and hands-on security assessments. - Validate, triage, and coordinate security findings from bug bounty and third party pentests. - Mentor security analysts and security champions on security best practices and techniques. Qualifications - Experience writing production-quality code for security tooling and services - Strong written and verbal communication with internal and external stakeholders - A solid understanding of security risks and the ability to balance security with business requirements - Experience with web applications, APIs, and cloud environments. At Zip, our stack includes Python, React, GraphQL, Kubernetes, and AWS Nice to haves - Familiarity with compliance frameworks such as SOC 2, ISO 27001, and FedRAMP - Hands-on experience in offensive security (eg, through bug bounty programs or CTFs) The salary range for this role is $160,000 - $220,000. The salary for this position is determined based on a variety of job-related factors that may include location, relevant experience, education, or particular skills and expertise. PERKS & BENEFITS At Zip, we’re committed to providing our employees with everything they need to do their best work. - 📈 Start-up equity - 🦷 100% health, vision & dental coverage options - 🍽️ Catered breakfast, lunch, & dinner - 🌴 Flexible PTO - 🏋️‍♀️ ClassPass membership - 🚍 Monthly commuter benefit - 🚠 Team building events & happy hours - 💻 Home office stipend - 🛜 Phone/internet reimbursement - 🍼 Paid parental leave - 🧑‍🧑‍🧒‍🧒 Fertility stipend - 💸 401k plan - 🤖 Unlimited AI token usage We're looking to hire Zipsters and that means hiring people who take ownership, communicate openly, have an underdog mindset, and are excited to increase the pace of innovation for every business in the world. We encourage all candidates to apply even if your experience doesn't exactly match up to our job description. We are committed to building a diverse and inclusive workspace where everyone (regardless of age, religion, ethnicity, gender, sexual orientation, and more) feels like they belong. We look forward to hearing from you!