Lead Application Security Engineer

ABOUT ZIPLINE

Zipline is at the forefront of a logistics revolution: We design, manufacture, and operate our own fleet of autonomous drones, and all ground-based equipment that supports flight, to deliver critical and lifesaving medicine to thousands of hospitals serving millions of people on multiple continents. Our mission is to provide every human on Earth with instant access to vital medical supplies. Do you want to change the world? Join Zipline and help us make this a reality for billions of people.

ABOUT YOU AND THE ROLE

Zipline builds and operates fleets of delivery drones to get medicine to those who need it, fast, regardless of where they live. To power this, the software team is building out the long term scalable solutions to expand rapidly while empowering our world class distribution centers to serve their customers as fast as possible.

In this role, you will be responsible for partnering with Zipline’s software teams to own and maintain the security of our cloud environments. You will directly partner with our engineering teams to help discover vulnerabilities in process, architecture, and the software we build. The Application Security team will be responsible for helping define data classifications and ensuring the proper access control measures are in place for the compliance requirements of that data. 

As the lead of Zipline’s growing AppSec team - you will be responsible for prioritizing the work of the team members, helping craft security policy for our development teams, defining/following incident response plans for potential breaches, and foundational responsible for incrementally improving the security of Zipline’s systems. 

Our ideal candidate works well in startup environments, is comfortable wearing many hats, and can motivate a team to produce impressive results while collaborating with partner teams.

WHAT YOU'LL DO

• Lead the team responsible for securing Zipline’s software and cloud infrastructure 
• Partner with engineering teams to build functional and pragmatic security policy 
• Work with the rest of the AppSec team to build tools and frameworks for the engineering team
• Build out and improve the security incident response frameworks
• Support the growth and development of the members of the Application Security team
• Deeply understand and secure the services running in Zipline’s cloud infrastructure
• Help manage and maintain Zipline’s compliance with well established security standards (SOC2, ISO 27001, …)
• Support third party pen tests 

WHAT YOU'LL BRING

• Experience as an engineering manager or tech lead of a Security or Software team
• Experience working with complex distributed software systems that support production loads
• Strong fundamentals in microservice design principles
• Expertise in Python, C++, Golang, or another object oriented languages
• A Strong Generalist Engineering mindset, ready to dive in and contribute to improve Zipline’s security - across many systems
• Excited to be a technical lead and mentor others
• A pragmatic approach to security - and experience incrementally improving systems

Nice to haves: 

• Industry experience supporting multi-domain engineering teams (WebApp, Cloud Infra, Embedded Systems)
• Experience being a security evangelist in an industry context, helping socialize best practices (not just enforcing policy)
• Experience as a software engineer, and a deep understanding of healthy SDLC practices

WHAT ELSE YOU NEED TO KNOW 

The starting cash range for this role is $170,000 - 210,000. Please note that this is a target, starting cash range for a candidate who meets the minimum qualifications for this role. The final cash pay for this role will depend on a variety of factors, including a specific candidate's experience, qualifications, skills, working location, and projected impact. The total compensation package for this role may also include: equity compensation; discretionary annual or performance bonuses; sales incentives; benefits such as medical, dental and vision insurance; paid time off; and more.

Zipline is an equal opportunity employer and prohibits discrimination and harassment of any type without regard to race, color, ancestry, national origin, religion or religious creed, mental or physical disability, medical condition, genetic information, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity, gender expression, age, marital status, military or veteran status, citizenship, or other characteristics protected by state, federal or local law or our other policies.

We value diversity at Zipline and welcome applications from those who are traditionally underrepresented in tech. If you like the sound of this position but are not sure if you are the perfect fit, please apply!