Before we dive into the role, let’s talk about flexibility. At Zip, our office is in New York City but we can hire from anywhere across the United States. Our Zipsters can choose where and when they work by taking full advantage of our hybrid-work environment.
So whether you’re fully remote, mostly in the office or a mix of the two, you’ll be empowered to do whatever brings out your best.
We are Zip, a global Buy Now, Pay Later company providing fair and seamless solutions that simplify how millions of people pay. Our journey began in Australia, has taken us to 14 countries (so far) - and we’re just getting started.
We exist to create a world where people can live fearlessly today, knowing they’re in control of tomorrow. Focused on product innovation that puts people at the centre, we put the financial well-being of our customers and merchant partners at the heart of everything that we do.
We are seeking an inquisitive and self-motivated Senior Engineer to join our Information Security team. In this role, you will report directly to the Director of Information Security and work closely with other business functions as a subject matter expert on all things related to Information Security.
Our Security team works to create and maintain the safest operating environment for Zip users and developers. You will help protect network boundaries, keep computer systems and network devices hardened against attacks, and provide security services to protect highly sensitive data like trade intellectual property and customer/merchant information. Security Engineers work hands-on with network and computer services, and actively monitor our systems for attacks and intrusions in both on-prem and cloud environments. You also collaborate with DevOps and Software Engineering to proactively identify and fix security flaws and vulnerabilities.
You use your industry experience to own and drive the resolution of complex security incidents, policy questions, and technical security issues.
Security Engineers at Zip work on a broad set of efforts focusing on scaling and automating security infrastructure and processes to safeguard our 12+ Million active customers, 90,000 active merchants, and 253 North American employees. We solve user and corporate security concerns, investigate security incidents, perform security gap analysis, build and integrate systems, conduct applied research, and implement novel technologies and architecture to deal with enterprise security across a diversity of computing platforms such as mobile and cloud.
This individual should possess an in-depth knowledge of information security principles, with a focus on a proactive approach to cyber security best practices and threat monitoring. They should have an “automate everything” attitude and value an Infrastructure as Code approach.
- Design infrastructure and services and drive its implementation to protect Zip networks and systems.
- Provide security expertise and guidance to a diverse set of Zip engineering and business teams.
- Conduct technical evaluations to identify coverage gaps in existing information security toolsets.
- Support installations of security tooling with Key Performance Indicators (KPIs) measuring performance.
- Conduct security reviews of core corporate and production infrastructure.
- Drive enterprise-focused security improvements to Zip products and services.
- Respond to and investigate security incidents.
A Few Current Projects:
- Working with teams to identify attack paths and mitigation techniques (both in-house and using commercial solutions).
- Creating service scorecards highlighting the security capabilities of individual services and products.
- Bachelor's degree in Computer Science or a related technical field, or equivalent practical experience.
- 5 years of relevant industry experience in security.
- Coding experience in one or more general purpose languages.
- Knowledge of account creation/management for various web-hosted tools.
- Experience working with Identity and Access services.
- Understanding of Single Sign On (SSO) frameworks and mechanisms such as OAuth.
- Experience integrating and tuning public cloud security infrastructure.
- Experience with attacks and mitigation methods, with experience working in two or more of the following: Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, OS X, Android); Web application and browser security; Security assessments and penetration testing; Authentication and access control; Applied cryptography and security protocols; Security monitoring and intrusion detection, Incident response and forensics; Development of security tools, automation or frameworks.
Bonus Points if you have:
- Security experience in Azure environments
- A passion for using data that scares your friends and enemies alike
We’re proud to be a values-led business. They guide us in everything we do - how we work together and create game-changing experiences for our customers and fellow Zipsters.
If you only meet some of the requirements for this role, that's okay. We value a diverse range of backgrounds and ideas and believe this is fundamental for our future success. So, if you have the curiosity to learn and the willingness to teach what you know, we'd love to hear from you.
We pride ourselves on creating an inclusive workplace that provides equal opportunities to all persons regardless of their age, cultural background, sexual orientation, gender identity and expression, disability, veteran status, or anything else.
What’s in it for you?
We offer a variety of perks and benefits to support you at both work and home. Here’s a taste of what you can expect!
● Flexible working culture
● Share incentive programs
● 20 days PTO every year
● Generous paid parental leave
● Leading family support policies
● 100% employer covered insurance
● Beautiful Midtown office with a casual dress code
● Learning and wellness subscription stipend
● Company-sponsored 401k match
● Remote First Friendly!
We want to make sure our recruitment processes are accessible and inclusive for all people. If there's any adjustments that need to be made to ensure you have a fair and equal experience in our recruitment process please let your Talent Acquisition Partner know. We are also a proud 2022 Circle Back initiative employer and commit to respond to every applicant.
Join us on our mission to be the first payment choice, everywhere and every day.