Senior Security Engineer
Zipwhip is a Seattle-based SaaS (Software-as-a-Service) company that is changing the way businesses and consumers communicate. We invented the capability to text to and from a landline, toll-free or VoIP telephone number and have led the entire industry since. Over 35,000 businesses use our product and we are the fourth fastest-growing company in Washington state. We are backed by Goldman Sachs, Microsoft Ventures, OpenView, Voyager Capital and a host of other investors, and are seeing great growth in customer base and revenue. Zipwhip is the only business-texting provider with direct connections to all Tier 1 and 2 wireless operators in the U.S., and we've delivered billions of texts to consumers nationwide.
We are looking for someone like you to have the vision to identify areas where we can make Zipwhip more secure; then, propose, build and operate tools to accomplish this goal. You will lead our software security program that facilitates security integration into all of the products and infrastructure at Zipwhip. The responsibilities are a blend of security engineering, software engineering and project management.
- Are experienced with security throughout the software development lifecycle. This includes design/spec reviews, threat modeling, code reviews, tool selection, vulnerability scanning, and incident response.
- Have experience in software engineering at a SaaS company. Even though you may not have been coding regularly, you will need to be comfortable reviewing code with software engineers.
- Are familiar with cloud security concepts in AWS, Azure, or GCP.
- Will be working with infrastructure engineers to deploy cloud security best practices into Kubernetes clusters using automated configuration management tools.
- Will drive security best practices and awareness through a partnership with other engineering teams.
- Will bring your unique set of diverse experiences and background to our team in an open and collaborative manner so that we can all expand and grow faster.
- Have an open and honest communication style that always puts the customer first “Will the customer be delighted with this?”.
- Are comfortable dealing with ambiguity and a shifting landscape.
- Are curious, willing to learn, share and improve.
What’s the job really?
- Working closely with software development teams to implement security into everything we build in the development process.
- Constantly evaluate new tools to improve security in our code and products with an ability to build solutions when off-the-shelf software is not available or viable.
- Perform security reviews of detailed engineering specifications and technical design documents.
- Manage security engineering projects from start to end with a variety of stakeholders across the organization.
- Triage security issues and provide recommended fixes. This also includes reviewing and responding to new security threats.
What to bring:
- 5+ years of related security work in a customer facing product or service.
- 10+ years of software development or infrastructure engineering experience.
- Experience building, testing, and deploying code in a CI/CD pipeline (Git, Jenkins, Maven).
- Experience managing projects with a variety of stakeholders in the organization as well as owning the execution.
- Broad exposure to various security disciplines and deep understanding of models behind core security concepts such as data encryption, managing secrets, and vulnerability management.
- Proficiency both in a practical systems programming language and the shell of your choice. We write in Go, Python, and Shell.
- Able to efficiently collect, analyze, and parse several TB of logs across a variety of systems to identify threats, problems, or security anomalies.
- We seek a candidate eager to work across the company as we further our company values of collaboration and trust with other teams. As a security and operations team, we are actively aligned and working with the rest of engineering.
- Working in agile teams or startup environment with strong customer focus.
- We value diversity and strive to create an environment where everyone can feel safe, valued, empowered, and connected.
- A fun, lively startup culture and one of Seattle's coolest offices, with waterfront view.
- We don’t just talk the talk. Our award-winning culture stems from having a core set of values that are lived daily from the top down.
- Ample opportunities for professional growth, internal advancement and movement, and company-supported learning.
- Competitive compensation and stock options.
- Full benefits package including parental leave, a matching 401k program, PTO, and medical, dental, vision, disability, and life insurance.
- Subsidized access to a fitness center.
- Stipend for transportation and cell phone usage.
- Complimentary snacks, complimentary beverages and free lunch on Fridays catered by local chefs.
Zipwhip strives for an equitable, inclusive and welcoming culture that values and honors diverse experiences and perspectives, that fosters the constructive expression of ideas, and that promotes intellectual curiosity, creativity, and respect. Equity and inclusivity can only flourish and reach full potential with continued effort and accountability, nourished by a collective sense of responsibility and mission on the part of the entire company. We are committed to the continued development of our diverse of people, ideas, and approaches, which will strengthen our mission to make texting with businesses as natural as it is with family and friends.
We are an equal opportunity employer. In accordance with applicable law, we prohibit discrimination against any applicant or employee based on any legally-recognized basis, including, but not limited to: race, color, national origin or ancestry, citizenship status, creed, religion, sex, pregnancy, sexual orientation, gender identity or expression, age, marital status, veteran status or any other status protected by federal, state or local law.
We are an E-verify participating employer.