Lead Application Security Engineer

South San Francisco, California, USA

Applications have closed


Zipline is the world's largest autonomous delivery system, specializing in on-demand drone delivery and instant logistics.

View company page


Zipline is at the forefront of a logistics revolution: We design, manufacture, and operate our own fleet of autonomous drones, and all ground-based equipment that supports flight, to deliver critical and lifesaving medicine to thousands of hospitals serving millions of people on multiple continents. Our mission is to provide every human on Earth with instant access to vital medical supplies. Do you want to change the world? Join Zipline and help us make this a reality for billions of people.


Zipline builds and operates fleets of delivery drones to get medicine to those who need it, fast, regardless of where they live. To power this, the software team is building out the long term scalable solutions to expand rapidly while empowering our world class distribution centers to serve their customers as fast as possible.

In this role, you will be responsible for partnering with Zipline’s software teams to own and maintain the security of our cloud environments. You will directly partner with our engineering teams to help discover vulnerabilities in process, architecture, and the software we build. The Application Security team will be responsible for helping define data classifications and ensuring the proper access control measures are in place for the compliance requirements of that data. 

As the lead of Zipline’s growing AppSec team - you will be responsible for prioritizing the work of the team members, helping craft security policy for our development teams, defining/following incident response plans for potential breaches, and foundational responsible for incrementally improving the security of Zipline’s systems. 

Our ideal candidate works well in startup environments, is comfortable wearing many hats, and can motivate a team to produce impressive results while collaborating with partner teams.


  • Lead the team responsible for securing Zipline’s software and cloud infrastructure 
  • Partner with engineering teams to build functional and pragmatic security policy 
  • Work with the rest of the AppSec team to build tools and frameworks for the engineering team
  • Build out and improve the security incident response frameworks
  • Support the growth and development of the members of the Application Security team
  • Deeply understand and secure the services running in Zipline’s cloud infrastructure
  • Help manage and maintain Zipline’s compliance with well established security standards (SOC2, ISO 27001, …)
  • Support third party pen tests 


  • Experience as an engineering manager or tech lead of a Security or Software team
  • Experience working with complex distributed software systems that support production loads
  • Strong fundamentals in microservice design principles
  • Expertise in Python, C++, Golang, or another object oriented languages
  • A Strong Generalist Engineering mindset, ready to dive in and contribute to improve Zipline’s security - across many systems
  • Excited to be a technical lead and mentor others
  • A pragmatic approach to security - and experience incrementally improving systems

Nice to haves: 

  • Industry experience supporting multi-domain engineering teams (WebApp, Cloud Infra, Embedded Systems)
  • Experience being a security evangelist in an industry context, helping socialize best practices (not just enforcing policy)
  • Experience as a software engineer, and a deep understanding of healthy SDLC practices


Zipline is an equal opportunity employer and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws or our own sensibilities.

We value diversity at Zipline and welcome applications from those who are traditionally underrepresented in tech. If you like the sound of this position but are not sure if you are the perfect fit, please apply!

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Application security C Cloud Compliance Golang Incident response ISO 27001 Python SDLC SOC 2 Vulnerabilities

Perks/benefits: Startup environment

Region: North America
Country: United States
Job stats:  8  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.