divh2Application Security Engineer/h2pZip is the AI platform for enterprise procurement built for humans and agents working together. By orchestrating procurement across teams, tools, and suppliers with the help of AI agents, companies can secure the resources they need to innovate faster than ever before. The worlds most influential enterprises trust Zip, including T-Mobile, OpenAI, AMD, Mars, Dollar Tree, and more. Together theyve saved over $8 billion and processed over $500 billion in spend. Zips team includes product leaders from Apple, Airbnb, and Meta, as well as former procurement leaders from United Health, Sanofi, MGM Resorts, Discover, and NASA. Backed by Adams Street, Alkeon, BOND, CRV, DST, Tiger Global, and Y Combinator, Zip has raised $371 million, most recently at a $2.2 billion valuation and has been recognized by Forbes Fintech 50, Fast Companys Most Innovative Companies, Inc. Best in Business, and LinkedIn Top Startups./ppThe Security team at Zip is responsible for protecting the confidentiality and integrity of our customers data. As our first Application Security Engineer, you will take on a dynamic and high impact role. You will lead our efforts to build foundational security guardrails, launch key security initiatives, and solidify trust customers place in us. Your contributions will be pivotal to the success of Zips rapid growth as we launch new products, such as AI Agents and an App Marketplace, and enter into new markets, including EMEA and the Federal government space. We move quickly to solve a wide range of complex technical and product challenges. While we are an experienced team that can provide constant guidance and mentorship, we value engineers who can autonomously scope and solve complex technical challenges./ppYou will:/pulliDesign and implement technical controls to eliminate or mitigate classes of security vulnerabilities./liliSupport the development of secure products through design reviews, threat models, static/dynamic scans, and hands-on security assessments./liliValidate, triage, and coordinate security findings from bug bounty and third party pentests./liliMentor security analysts and security champions on security best practices and techniques./li/ulpQualifications:/pulliExperience writing production-quality code for security tooling and services/liliStrong written and verbal communication with internal and external stakeholders/liliA solid understanding of security risks and the ability to balance security with business requirements/liliExperience with web applications, APIs, and cloud environments. At Zip, our stack includes Python, React, GraphQL, Kubernetes, and AWS/li/ulpNice to haves:/pulliFamiliarity with compliance frameworks such as SOC 2, ISO 27001, and FedRAMP/liliHands-on experience in offensive security (eg, through bug bounty programs or CTFs)/li/ulpThe salary range for this role is $160,000 - $240,000. The salary for this position is determined based on a variety of job-related factors that may include location, relevant experience, education, or particular skills and expertise./ph2Perks Benefits/h2pAt Zip, were committed to providing our employees with everything they need to do their best work./pulliStart-up equity/lili100% health, vision dental coverage options/liliCatered breakfast, lunch, dinner/liliFlexible PTO/liliClassPass membership/liliMonthly commuter benefit/liliTeam building events happy hours/liliHome office stipend/liliPhone/internet reimbursement/liliPaid parental leave/liliFertility stipend/lili401k plan/liliUnlimited AI token usage/li/ulpWere looking to hire Zipsters and that means hiring people who take ownership, communicate openly, have an underdog mindset, and are excited to increase the pace of innovation for every business in the world. We encourage all candidates to apply even if your experience doesnt exactly match up to our job description. We are committed to building a diverse and inclusive workspace where everyone (regardless of age, religion, ethnicity, gender, sexual orientation, and more) feels like they belong. We look forward to hearing from you!/p/div