Sr. Engineer, Infrastructure Security

Job Posted: 5/21/24

Location: NAMER

Hi There!

We’re looking for a Sr. Engineer, Infrastructure Security to join our Security team at Zapier. We’re on a mission to democratize automation, while ensuring the security and privacy of millions of users worldwide by protecting sensitive data and building trust through robust security measures.

As a member of the Infrastructure Security team, you’ll be responsible for maintaining and raising the security bar across our production environments. We’re looking for motivated, passionate experts in cloud security architecture and operations who can help us maintain and scale highly defensible infrastructure, and embody the “builder” mindset to reduce toil for our team and our internal customers.

If you’re interested in advancing your career at a fast-growing, profitable, impact-driven company, then read on…

We know applying for and taking on a new job at any company requires a leap of faith. We want you to feel comfortable and excited to apply at Zapier. To help share a bit more about life at Zapier, here are a few resources in addition to the job description that can give you an inside look at what life is like at Zapier. Hopefully, you'll take the leap of faith and apply.

• Our Commitment to Applicants

• Culture and Values at Zapier

• Zapier Guide to Remote Work

• Zapier Code of Conduct

• Diversity and Inclusivity at Zapier

Zapier is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.

Even though our job description may seem like we're looking for a specific candidate, the role inevitably ends up tailored to the person who applies and joins. Regardless of how well you feel you fit our description, we encourage you to apply if you meet these criteria:

About You:

• You're an experienced cloud security professional with a proven track record of securing SaaS products and maintaining compliance with industry standards such as SOC2, ISO27001, or HIPAA/HITRUST.

• You have an understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.

• You have expertise in Python, AWS, Kubernetes, and popular frameworks like Django or Flask, enabling you to navigate complex cloud environments with ease.

• You’re adept at identifying and remedying cloud security risks, having an understanding of common attack patterns and their mitigations.

• You have experience deploying and customizing security tools to address threats and lower risk: CSPM, vulnerability scanners, web application firewalls, IDS/IPS, endpoint security monitoring, etc.

• You thrive in autonomous roles, having managed intricate cloud security infrastructures with minimal guidance, and are eager to take ownership of critical security initiatives.

• Collaboration is second nature to you, and you're known for your willingness to roll up your sleeves and work alongside colleagues to achieve common goals.

• You're adaptable. You've been in fast-growing companies and know how to build, change, and adapt to the needs of a company as it grows.

Things you’ll do:

• Security Threat Identification: Identify and mitigate security gaps and threats in our infrastructure, setting standards and leading initiatives to address them.

• Infrastructure Hardening: Implement secure-by-default designs and features in our infrastructure endpoints, tooling, and processes.

• Scalable Security Processes: Design and operate scalable processes and build paved-path tooling that enable our engineers to interface with the cloud while enforcing least-privilege and audited access.

• Infrastructure as Code (IaC): Develop, audit, and enhance IaC configurations (Terraform/CloudFormation) for security, scalability, and ease of deployment.

• Vulnerability Management: Operate and maintain infrastructure vulnerability discovery tools, ensuring systems are hardened, vulnerabilities are patched, and threats are detected.

• Collaborative Security Support: Work closely with various other Security teams and partner with teams across our internal platform group to provide general ad hoc security support and technical/operational guidance.

• Metrics and Reporting: Develop and report on metrics related to our cloud security posture to drive continuous improvement.

Nice-to-Have:

• Zero Trust Experience: Knowledge or experience in implementing zero trust security models.

How to Apply

At Zapier, we believe that diverse perspectives and experiences make us better, which is why we have a non-standard application process designed to promote inclusion and equity. We're looking for the best fit for each of our roles, regardless of the type of education or companies in your background, so we encourage you to apply even if your skills and experiences don’t exactly match the job description. All we ask is that you answer a few in-depth questions in our application that would typically be asked at the start of an interview process. This helps speed things up by letting us get to know you and your skillset a bit better right out of the gate. Please be sure to answer each question; the resume and CV fields are optional.

After you apply, you are going to hear back from us—even if we don’t see an immediate fit with our team. In fact, throughout the process, we strive to never go more than seven days without letting you know the status of your application. We know we’ll make mistakes from time to time, so if you ever have questions about where you stand or about the process, just ask your recruiter!

Zapier is an equal-opportunity employer and we're excited to work with talented and empathetic people of all identities. Zapier does not discriminate based on someone's identity in any aspect of hiring or employment as required by law and in line with our commitment to Diversity, Inclusion, Belonging and Equity. Our code of conduct provides a beacon for the kind of company we strive to be, and we celebrate our differences because those differences are what allow us to make a product that serves a global user base. Zapier will consider all qualified applicants, including those with criminal histories, consistent with applicable laws.

Zapier is committed to inclusion. As part of this commitment, Zapier welcomes applications from individuals with disabilities and will work to provide reasonable accommodations. If reasonable accommodations are needed to participate in the job application or interview process, please contact [email protected].

Application Deadline:

The anticipated application window is 30 days from the date job is posted, unless the number of applicants requires it to close sooner or later, or if the position is filled.

Even though we’re an all-remote company, we still need to be thoughtful about where we have Zapiens working. Check outthis resource for a list of countries where we currently cannot have Zapiens permanently working.