Engineer, AppSec

About Zapier

We're humans who simply think computers should do more work.

At Zapier, we’re not just making software—we’re building a platform to help millions of businesses globally scale with automation and AI. Our mission is to make automation work for everyone by delivering products that delight our customers. You’ll collaborate with brilliant people, use the latest tools, and leverage the flexibility of remote work. Your work will directly fuel our customers’ success, and as they grow, so will you.

Job Posted: April 3, 2025.
Location: Americas (EST or CST working hours required)

Hi there!

We’re looking for an Application Security (AppSec) Engineer to join our Security team at Zapier. We’re on a mission to democratize automation, while ensuring the security and privacy of millions of users worldwide by protecting sensitive data and building trust through robust security measures.

This role combines hands-on software development for our core security services (60-70%) with security engineering responsibilities (30-40%). As a member of the AppSec team within the Security organization, you will:

• Shape security practices across development teams. And empower them to build and ship secure products.

• Own critical security services protecting sensitive data at scale.

• Our Commitment to Applicants

• Culture and Values at Zapier

• Zapier Guide to Remote Work

• Zapier Code of Conduct

• Diversity and Inclusivity at Zapier

About You

• You have strong Python backend development expertise, and have experience building and maintaining production services.

• You have hands-on experience with Redis and PostgreSQL, and proficiency with distributed systems and cloud platforms (AWS).

• You have a strong understanding of cryptographic principles. You have knowledge of authentication mechanisms, authentication / authorization patterns, and secure key management practices.

• You have experience with security architecture and threat modeling. You have strong written and verbal communication skills to deliver constructive feedback regarding security matters to engineers and product designers, and an ability to balance security requirements with operational or business needs.

• You understand secure development lifecycle and secure coding practices. You have knowledge of common web / API vulnerabilities and mitigations (e.g. OWASP Top 10). You think about your job as not just identifying individual vulnerabilities but also finding effective ways to eliminate whole classes of them.

• Collaboration is second nature to you, and you're known for your willingness to roll up your sleeves and work alongside colleagues to achieve common goals.

• You're adaptable. You've been in fast-growing companies and know how to build, change, and adapt to the needs of a company as it grows.

Things You’ll Do

• Security Services Development:

• Develop core security infrastructure services focusing on key management, encryption, and authentication.

  1. Build robust distributed systems leveraging Redis, PostgreSQL, and AWS services.

  2. Maintain high code quality standards through comprehensive testing, monitoring, and documentation.

  3. Design and operate scalable processes and build paved-path tooling that enable our engineers to ship secure products.

• Security Threat Identification: Partner with development teams to conduct design reviews and threat modeling sessions.

• Vulnerability Management: Support our public bug bounty program and leverage application testing tools (SAST, SCA) to identify, triage, and drive remediation of vulnerabilities.

• Collaborative Security Support: Work closely with various other Security teams and partner with engineering teams to provide general ad hoc security support and technical/operational guidance.

How to Apply

At Zapier, we believe that diverse perspectives and experiences make us better, which is why we have a non-standard application process designed to promote inclusion and equity. We're looking for the best fit for each of our roles, regardless of the type of companies in your background, so we encourage you to apply even if your skills and experiences don’t exactly match the job description. All we ask is that you answer a few in-depth questions in our application that would typically be asked at the start of an interview process. This helps speed things up by letting us get to know you and your skillset a bit better right out of the gate. Please be sure to answer each question; the resume and CV fields are optional.

Education is not a requirement for our roles; however, if you receive an offer, you will need to include your most recent educational experience as part of our background check process.

After you apply, you are going to hear back from us—even if we don’t see an immediate fit with our team. In fact, throughout the process, we strive to never go more than seven days without letting you know the status of your application. We know we’ll make mistakes from time to time, so if you ever have questions about where you stand or about the process, just ask your recruiter!

Zapier is an equal-opportunity employer and we're excited to work with talented and empathetic people of all identities. Zapier does not discriminate based on someone's identity in any aspect of hiring or employment as required by law and in line with our commitment to Diversity, Inclusion, Belonging and Equity. Our code of conduct provides a beacon for the kind of company we strive to be, and we celebrate our differences because those differences are what allow us to make a product that serves a global user base. Zapier will consider all qualified applicants, including those with criminal histories, consistent with applicable laws.

Zapier prioritizes the security of our customers' information and is dedicated to adhering to all applicable data privacy laws. You can review our privacy policy here.

Zapier is committed to inclusion. As part of this commitment, Zapier welcomes applications from individuals with disabilities and will work to provide reasonable accommodations. If reasonable accommodations are needed to participate in the job application or interview process, please contact jobs@zapier.com. 

Application Deadline:

The anticipated application window is 30 days from the date job is posted, unless the number of applicants requires it to close sooner or later, or if the position is filled.

Even though we’re an all-remote company, we still need to be thoughtful about where we have Zapiens working. Check out this resource for a list of countries where we currently cannot have Zapiens permanently working.