Security Engineer

Hi there!   We're looking for an ambitious, hands-on Security Engineer to join our Security Detection and Response team at Zapier. Zapier is on a mission to democratize automation. Over 5 million professionals already use Zapier to save more time, but there are millions more to reach. We owe it to our customers to be a responsible steward of their data and keep it safe and private.   We are looking for someone who is ready to take their security analyst role to the next level. Someone who wants to contribute to building the tools that turn “eyes on glass” into automation. Someone who’s capable of owning the vulnerability management program that helps secure our customers and infrastructure. This is the perfect opportunity to take your first step into the “engineering” part of security engineering. If being the next member of our Detection and Response team sounds exciting to you, then read on.   To help share a bit more about life at Zapier, here are a few resources:

• Our Commitment to Applicants
• Culture and Values at Zapier
• Zapier Guide to Remote Work
• Zapier Code of Conduct
• Diversity and Inclusivity at Zapier

Zapier is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.  

About You

You could write the playbook for alert triage. Knowing what makes a good alert and how to break down alert response into discrete steps is key when it comes to automating that response. You have spent time in the trenches of a SOC, responding to alerts and kicking off the investigative process. You understand typical alert workflows, but can improvise when the need arises. You’ve written SOPs/playbooks/runbooks responding to many different alert sources.   Your head’s in the cloud. Zapier is cloud-native, so comfort when digging into provider logs is a must. You’re at home analyzing AWS Cloudtrail, Google Audit Logs, or the equivalent. You’re comfortable investigating and tracking activities of user accounts, access keys, and the like.   You're not afraid to get your hands dirty. Improving tools and processes means more to you than “staying in your lane”. If you don’t like an SOP, you improve it. If you think detection logic can be improved, you go for it. Sometimes this means you might break something, but you’re not afraid of owning up to it and growing from the experience.   You’re interested in vulnerability management. We are looking to expand our vulnerability management coverage and better integrate with teams throughout the organization. You’re keen on owning this part of our program, and the phrases “auto-remediating updates” and “redeploy, don’t patch” sound good to you. Your idea of a well run vulnerability management program involves automation and never tracking a spreadsheet.   You love learning. While traditional SOCs keep you staring at the same alert screen all day, that’s not what we’re about. You’re the sort of person who is excited to go beyond simple queries and into the realm of Python and SQL. You may not have gotten through the “Hello, World” tutorial yet, but you’re not going to let that stop you. You want to help the team grow alerts into automation.   You are friendly and patient, welcoming, considerate, and respectful. Learn more about these attributes in our code of conduct.  

Things You Might Do

Zapier is a fast-growing remote-first company, so you'll likely interact with many different teams and projects across the organization. That said, here are some things you'll probably do:  

• You will be a key member of the Detection and Response Team, primarily responsible for alert triage, building SOPs, and helping design useful alert automation.
• This is a hands-on role, so you’ll be responding to alerts, leveling up your Python and SQL skills by modifying existing logic, and working across teams to improve the overall response process.
• You will learn about our infrastructure and tech stack in order to own and grow the Vulnerability Management program, working with AWS, terraform, docker images, and kubernetes clusters.
• Learn (and improve!) our Incident Response process so you can help guide teams through security incidents when they occur.

  You’ll also have the opportunity to collaborate with and grow in any area of security that interests you, whether it’s detection engineering or cloud security. This is a great role for getting away from being siloed, allowing you to dig into the guts of a modern, agile security team as an important contributing member.  

About Zapier

Zapier helps people across the world automate the boring and tedious parts of their job. We do that by helping everyone connect the web applications they already use and love. We believe that there are jobs a computer is best at doing and that there are jobs a human is best at doing. We want to empower businesses to create processes and systems that let computers do what they are best at doing and let humans do what they are best at doing. We believe that with the right tools, you can have big impact with less hassle. We believe in small teams. Small teams are fast and nimble. Small teams mean less bureaucracy and less management and more getting things done. We believe in a safe, welcoming, and inclusive environment. All teammates at Zapier agree to a code of conduct.  

The Whole Package

We're currently hiring for the following locations:

• US
• Canada
• Europe

Compensation:

• Competitive salary (we pay based on the norms of your country)
• Great healthcare + dental + vision coverage*
• Retirement plan with 4% company match*
• Profit-sharing
• 2 annual company retreats to awesome places
• 14 weeks paid leave for new parents of biological or adopted children
• Pick your own equipment. We'll set you up with whatever Apple laptop + monitor combo you want plus any software you need.
• Unlimited vacation policy. Plus we require you to take at least 2 weeks off each year. We see most employees take 4-5 weeks off per year. This isn't a vague policy where unlimited vacation means no vacation.
• Work with awesome companies around the world. We partner with great software companies all over the world and you'll constantly get to interact with people from these great companies

*While we take care of our international folks as best we can, currently, healthcare and retirement plans are only available to US, Canadian-, and UK-based employees.   How To Apply We have a non-standard application process. To jump-start the process we ask a few questions we normally would ask at the start of an interview. This helps speed up the process and lets us get to know you a bit better right out of the gate.   After you apply, you are going to hear back from us, even if we don't seem like a good fit. In fact, throughout the process, we strive to make sure you never go more than seven days without hearing from us.   Optional: Share anonymously some demographic information about yourself to help us better track trends related to the backgrounds of candidates interested in working at Zapier in order for us to build a team that represents the users at Zapier and the broader world population. Zapier is an equal opportunity employer. We're excited to work with talented and empathetic people no matter their race, color, gender, sexual orientation, religion, national origin, physical or mental disability, or age. Our code of conduct provides a beacon for the kind of company we strive to be, and we celebrate our differences because those differences are what allow us to make a product that serves a global user base.