Senior Product Security Engineer

5–7 years of direct experience in security engineering
Strong experience securing distributed systems and cloud infrastructure in production environments
Deep knowledge of application security principles, with experience identifying and mitigating software vulnerabilities
Proficiency in one or more programming languages (e.g., Python, C++, Golang)
Familiarity with data classification, access control, and common compliance frameworks
A security generalist mindset—comfortable navigating web and mobile apps, APIs, cloud systems, CI/CD, and beyond
Excellent communication skills and the ability to work cross-functionally with engineers, IT, and compliance
A pragmatic approach to security—you balance strong protections with operational realities

Collaborate with software and infrastructure teams to secure Zipline’s cloud-native architecture and services
Perform design reviews, threat modeling, and code reviews to identify risks and guide teams toward secure solutions
Contribute to building tools, frameworks, and guardrails that enable secure-by-default development practices
Help develop and refine Zipline’s security incident response plans and participate in investigations when necessary
Support Zipline’s compliance efforts by mapping controls to requirements like SOC 2 and ISO 27001
Participate in third-party penetration tests and lead follow-up remediation efforts
Drive adoption of secure SDLC practices and advocate for security across engineering domains
Build frameworks with a pragmatic, risk-based mindset—focused on solving real-world problems in a high-stakes, safety-critical environment

No preferred qualifications provided.