Engineer, AppSec

ABOUT ZAPIER We're humans who simply think computers should do more work. At Zapier https://zapier.com/about, we're not just making software—we're building a platform to help millions of businesses globally scale with automation and AI https://zapier.com/ai. Our mission is to make automation work for everyone by delivering products that delight our customers https://zapier.com/customer-stories. You'll collaborate with brilliant people, use the latest tools, and leverage the flexibility of remote work. Your work will directly fuel our customers' success https://zapier.com/zapconnect, and as they grow, so will you. Job Posted: April 3, 2025 Location: Americas (EST or CST working hours required) Hi there! We're looking for an Application Security (AppSec) Engineer to join our Security team at Zapier. We're on a mission to democratize automation, while ensuring the security and privacy of millions of users worldwide by protecting sensitive data and building trust through robust security measures. This role combines hands-on software development for our core security services (60-70%) with security engineering responsibilities (30-40%). As a member of the AppSec team within the Security organization, you will: - Shape security practices across development teams. And empower them to build and ship secure products. - Own critical security services protecting sensitive data at scale. - Our Commitment to Applicants https://zapier.com/jobs/our-commitment-to-applicants/ - Culture and Values at Zapier https://zapier.com/jobs/culture-and-values-at-zapier/ - Zapier Guide to Remote Work https://zapier.com/learn/remote-work/ - Zapier Code of Conduct https://zapier.com/jobs/zapier-code-of-conduct/ - Diversity and Inclusivity at Zapier https://zapier.com/jobs/working-on-diversity-and-inclusivity/ ABOUT YOU - You have strong Python backend development expertise, and have experience building and maintaining production services. - You have hands-on experience with Redis and PostgreSQL, and proficiency with distributed systems and cloud platforms (AWS). - You have a strong understanding of cryptographic principles. You have knowledge of authentication mechanisms, authentication / authorization patterns, and secure key management practices. - You have experience with security architecture and threat modeling. You have strong written and verbal communication skills to deliver constructive feedback regarding security matters to engineers and product designers, and an ability to balance security requirements with operational or business needs. - You understand secure development lifecycle and secure coding practices. You have knowledge of common web / API vulnerabilities and mitigations (e.g. OWASP Top 10). You think about your job as not just identifying individual vulnerabilities but also finding effective ways to eliminate whole classes of them. - Collaboration is second nature to you, and you're known for your willingness to roll up your sleeves and work alongside colleagues to achieve common goals. - You're adaptable. You've been in fast-growing companies and know how to build, change, and adapt to the needs of a company as it grows. THINGS YOU'LL DO - Security Services Development: - Develop core security infrastructure services focusing on key management, encryption, and authentication. 1. Build robust distributed systems leveraging Redis, PostgreSQL, and AWS services. 2. Maintain high code quality standards through comprehensive testing, monitoring, and documentation. 3. Design and operate scalable processes and build paved-path tooling that enable our engineers to ship secure products. - Security Threat Identification: Partner with development teams to conduct design reviews and threat modeling sessions. - Vulnerability Management: Support our public bug bounty program and leverage application testing tools (SAST, SCA) to identify, triage, and drive remediation of vulnerabilities. - Collaborative Security Support: Work closely with various other Security teams and partner with engineering teams to provide general ad hoc security support and technical/operational guidance.

We're humans who simply think computers should do more work. At Zapier, we're not just making software—we're building a platform to help millions of businesses globally scale with automation and AI. Our mission is to make automation work for everyone by delivering products that delight our customers. You'll collaborate with brilliant people, use the latest tools, and leverage the flexibility of remote work. Your work will directly fuel our customers' success, and as they grow, so will you.