Security Engineer - remote

Zipline
Posted 2 years ago
Zipline is 100% remote and accepts applicants from Canada, US &internationally.

Hi. We’re Zipline! We’re helping put technology into the hands of those that need it most - - retail workers. If you have worked in a store, you know the drill. You’re helping customers, ringing up orders, and trying to do the 30 tasks that HQ wants you to do. Some pertain to you. Some don’t. But that’s for you to figure out… all while putting out fires and keeping shelves tidy.

That’s where we come in! We turn the grind of retail communications into an engaging, effective, aha solution. The Zipline platform ensures that the right people get the right information in the right way. Everyone is on the same page, tasks are tracked and life feels less like a perpetual game of hair-on-fire.

With Zipline, employees feel more connected, understand the role they play in the brand’s mission and can feel good about the work they’re doing. This is important to us because retail is one of America's most populous workforces but also one of the most underserved. Through Zipline, we can touch on one in four American workers who are often minority, women, and working part-time while studying or taking care of the family.

We love helping retailer workers love their jobs because we know how much better life is when you love your work. This year, Retail Zipline became a Great Place to Work-Certified. 97 percent of our employees say Zipline is a great place to work, compared to 59% of employees at a typical U.S.-based company. What’s even more impressive is that 100% of employees say, “I can be myself around here”, “I am treated as a full member here regardless of my position” and “People here are willing to give extra to get the job done.” 100 percent! You can’t beat the Zipline culture.

We are looking to hire a security engineer to cover the technical aspects of the application and cloud security.

You will be joining as the first security engineer in a security team of three people, therefore you will have complete freedom and responsibility to influence our tooling, processes, and direction.

You will work closely with our product, engineering, and infrastructure teams to collaborate on security-related topics and evangelize security best practices.

You will be reporting to Zipline’s Director of Security and Compliance who oversees everything related to our security, privacy, and compliance obligations.

Here are some of the projects you’ll be working on:

  • Investigate web application security vulnerabilities found by penetration testers and automated scanning tools. Reproduce the issues, determine the business impact, implement a fix, and respond to the original report.
  • Scope and manage our third-party penetration tests and HackerOne bug bounty program
  • Build on our current application security scanning tools of Brakeman, Dependabot, and Beagle Security to increase test coverage and accuracy of findings
  • Consult on engineering projects before work begins to ensure security, privacy, and compliance considerations are scoped into the work. Provide guidance and best practices for the secure implementation of features.
  • Improve our monitoring and logging capabilities to enhance our ability to detect suspicious behavior, and decrease incident response time
  • Respond to potential incidents by analyzing logs using tools such as Datadog and working with our customer success team to communicate the correct message to customers
  • Review cloud infrastructure deployments and configuration changes for security issues in platforms such as AWS, Heroku, and GCP
To be successful in this role you will have:

  • Excellent communication skills, in writing and verbally. You’ll be able to work asynchronously and summarize complex concepts for non-technical people to understand. You’ll be confident in creating short videos to explain ideas and share security knowledge with others in the company.
  • Experience writing and reviewing ruby, rails, and javascript code to find and fix security issues
  • Implemented new security features within applications, and have experience building and using security automation and monitoring tools
  • A strong understanding of security architecture, risk analysis, network security, identity management, and security monitoring
  • Worked with engineering teams to provide guidance and best practices for the secure implementation of new features
  • Experience of penetration testing and looking for vulnerabilities in applications
  • A keen interest in staying up to date with the latest application security vulnerabilities, tools, and best practices, and sharing your knowledge with others
Employee Benefits

  • Stock Options
  • Paid Flexible and Sick Time Off (including time off to care for family members)
  • Paid Parental Leave
  • Group Health Insurance (Medical, Vision, and Dental) with a variety of PPO &HMO plans and a flexible spending account
  • 401(k) Retirement Plan
  • 100% Paid Life and Long-Term Disability Insurance
The “Extras”

  • Remote Work: Join a flexible, effective remote team and work where you’re comfortable- literally anywhere! We’ve had Zipliners join us from vans, RVs, sailboats, and AirBnBs around the globe.
  • Computer accessories and office setup: There’s a science to being effective at home and we help you get there with the right equipment and accessories that you need.
  • Company off-sites: Every year we come together (IRL!). Past retreats were held in Santa Cruz, New York, Mexico City, and Costa Rica.
  • Education stipends: We believe in perpetual learning! If there’s a class that you want to take or a book that will help you expand your horizons, we’ll support it!
  • Wellness allowance: To encourage breaks and a change of scenery, we provide a small stipend each month to get you out of the house and relax at your favorite coffee spot.
We value diversity of all kinds and are committed to building a diverse and inclusive workplace where we learn from each other. We are an equal opportunity employer and welcome people of all different backgrounds, experiences, abilities, and perspectives.

Want to learn more about us?

How do we work? Remotely. We have been 100% remote since the company was founded and we have it down to a science - - a people science. We huddle as a team weekly and as a company 3 times a week. On Fridays, we come together to learn from each other. One week it might be about opossum rescue. Another week it might be an update on our product roadmap or the results of our customer satisfaction survey. We are all masters of Zoom and love the freedom of working from home - - or vans - - or sailboats.

With Zipline, employees feel more connected, understand the role they play in the brand’s mission and can feel good about the work they’re doing. This is important to us because retail is one of America's most populous workforces but also one of the most underserved. Through Zipline, we can touch on one in four American workers who are often minority, women, and working part-time while studying or taking care of the family.

Sound too good to be true? We haven’t even gotten to our customers! Think about the best retail brands, from your favorite tennis shoes to yoga pants. They’re customers. And, in addition to dozens of specialty retailers, this year we added grocery store, pharmacy, and convenience store brands. In fact, we more than doubled our customers in 2020.

And, the word is getting out. We are featured regularly in the press, mostly because of the results we get from our customers. Here’s a look at just some of the articles published recently. We also picked up some awards in 2020. CBInsights ranked us one of the 100 most promising B2B retail tech companies in the world. And, our CEO was a TechTrailblazer finalist. (Check out her articles on Forbes to see her passion for retail and solving its biggest challenges.)

We have made incredible progress but changing the industry is hard. We are well funded by leading venture capital firms like Emergence Capital and ready to scale. We need your help to improve the way that this 4.4 trillion dollar industry communicates with its store employees. Cumbersome, slow, and inefficient systems should not be the status quo. Help us retool retail!