Engineer, Cloud Security

Hi there!

We're looking for an experienced, hands-on Cloud Security Engineer to join our Security Zone at Zapier and help us to build a comfy stronghold. Zapier is on a mission to democratize automation. Over 5 million professionals already use Zapier to save more time, but there are millions more to reach. We owe it to our customers to be a responsible steward of their data and keep it safe and private.

Are you interested in working with a team that thrives on ownership where you go default to action on your ideas and own them from start to finish? And you are happy to grab the keyboard and implement your ideas? Do you want to be part of a growing cloud security program for a fast-growing and powerful automation tool, called Zapier? Then read on…

To help share a bit more about life at Zapier, here are a few resources:

• Our Commitment to Applicants
• Culture and Values at Zapier
• Zapier Guide to Remote Work
• Zapier Code of Conduct
• Diversity and Inclusivity at Zapier

About You

You have deep cloud infrastructure security experience. Keeping the cloud resources that support our core Zapier application secure is at the heart of this role. Zapier is a SaaS product, so experience building software and administering cloud infrastructure under a similar model is a must. Working in a SOC2 and/or ISO27001 or HIPAA/HITRUST compliant environment is a plus.

You have worked with teams before on large Python, AWS, & Kubernetes projects. You’re also familiar with some common frameworks such as Django, Flask, or Rails. You've also worked extensively in AWS. Deep knowledge in working with Kubernetes or other containerization technologies are a big plus.

Maybe you’re not a security engineer, but an experienced cloud infrastructure engineer or devops engineer with security in your heart. You have deep cloud infrastructure experience, have hands-on knowledge about the tech mentioned above and would like to move to the security field.

You're a doer. You have managed complex cloud security infrastructures with minimal guidance. Familiarity with the AWS (or other cloud infrastructure) security best practices frameworks and how to utilize it for enhancing the security of a cloud environment.

You love to collaborate, give a hand when needed. In this role you're not going to be just an advisor, you can and will get your hands dirty. You love to work with others, to give and take feedback and work together on a vision to raise the security maturity.

You are friendly and patient, welcoming, considerate, and respectful. Learn more about these attributes in our code of conduct.

Things You Might Do

Zapier is a fast-growing, and remote-first company, so you'll likely get experience on many different projects across the organization. That said, here are some things you'll probably do:

• You will take ownership of parts of the CloudSec Program, focused around an ever evolving security maturity model that help us to prioritize our work and improve our cloud security. If you like this or this, you will find this role very interesting.
• lYou will take ownership of the AWS organizations setup, the SSO permissions model and connected areas (eg. terraform), but not exclusively work in this area
• For cross-team projects you might work shoulder to shoulder embedded into our SRE team.
• This is a hands-on role, so you'll write some python and work within terraform, AWS and more. If you love automation, you will love this role.
• Identify where we can add more layers of defense in depth and implement them.
• Build internal tooling to ensure safe data access patterns for Zapier employees.
• Locating weak points across Zapier and strengthening them.

You’ll also have the opportunity to specialize in a variety of areas of the Zapier IaC codebase, including core platform development. Focusing on a specialization will not limit your area for growth at Zapier as each engineer brings a unique perspective and can contribute differently in all areas. We encourage participation and will frequently have engineers contribute across teams to assist in projects.

Things We've Done Recently:

• Implemented a comprehensive Cloud Security Posture Management system
• Rolled out a training platform for our Security Champions
• Deleted all our IAM users to rely on SSO instead
• Implemented a successful bug bounty program
• Conducted dozens of threat modeling sessions

Zapier Compensation Guiding Principles

We believe all Zapiens should be rewarded competitively and equitably, using practices that are simple and transparent. This philosophy ensures we’re able to find, grow, and retain exceptional people from a broad range of backgrounds. Here’s how we define our compensation principles:

• Competitive: Zapier pays well among the technology sector.
• Equitable: Consistent pay practices; competency-based pay.
• Simple: Pay is well understood, and pay practices are built for scale.
• Transparent: Zapiens know how pay works, including how their pay is determined.

The pay ranges for this role are:

United States: 138,300-207,500 USD

Canada: 138,300-207,500 CAD

United Kingdom: 86,900-130,300 GBP

A Candidate's compensation package is finalized once the interview process is concluded and accounts for experience, competencies (job knowledge, skills and abilities) and internal equity.

For more information on Zapier’s Total Rewards please click here.

How to Apply

At Zapier, we believe that diverse perspectives and experiences make us better, which is why we have a non-standard application process designed to promote inclusion and equity. We're looking for the best fit for each of our roles, regardless of the type of education or companies in your background, so we encourage you to apply even if your skills and experiences don’t exactly match the job description. All we ask is that you answer a few in-depth questions in our application that would typically be asked at the start of an interview process. This helps speed things up by letting us get to know you and your skillset a bit better right out of the gate. Please be sure to answer each question; the resume and CV fields are optional.

After you apply, you are going to hear back from us—even if we don’t see an immediate fit with our team. In fact, throughout the process, we strive to never go more than seven days without letting you know the status of your application. We know we’ll make mistakes from time to time, so if you ever have questions about where you stand or about the process, just ask your recruiter!

Zapier is an equal-opportunity employer and we're excited to work with talented and empathetic people of all identities. Zapier does not discriminate based on someone's identity in any aspect of hiring or employment as required by law and in line with our commitment to Diversity, Inclusion, Belonging and Equity. Our code of conduct provides a beacon for the kind of company we strive to be, and we celebrate our differences because those differences are what allow us to make a product that serves a global user base.

Zapier is committed to inclusion. As part of this commitment, Zapier welcomes applications from individuals with disabilities and will work to provide reasonable accommodations. If reasonable accommodations are needed to participate in the job application or interview process, please contact jobs@zapier.com.

#LI-Remote