Security Infrastructure Engineer

James Carr
James Carr / November 29, 2017

Hi there!

We're looking for someone to join our Engineering team at Zapier as a Security Infrastructure Engineer. Are you interested in helping build and secure a powerful automation tool? Then read on…

We know applying for and taking on a new a job at any company requires a leap of faith. We want you to feel comfortable and excited to apply at Zapier. To help share a bit more about life at Zapier, here are a few resources in addition to the job description that can give you an inside look at what life is like at Zapier. We hope you'll take the leap of faith and apply.

Zapier is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.

Even though our job description may seem like we're looking for a specific candidate, the role inevitably ends up tailored to the person who applies and joins. Regardless of how well you feel you fit our description, we encourage you to apply if you meet these criteria:

You care deeply about building secure products in secure ways that simplify the lives of millions of people through automation.

About You

You have web application and infrastructure security experience. Keeping the core Zapier web application secure is at the heart of this role. Zapier is a SaaS product, so experience building software and managing infrastructure under a similar model is a big plus.

You love writing software and building infrastructure. Most of what you’ll do each day is guiding, building and maintaining Zapier's infrastructure and product. You'll focus on high value, high risk portions of Zapier. You'll use code to automate and improve the more mundane parts of auditing and monitoring of internal processes, as well as in the product.

You have worked with teams before on large Python, AWS, & Kubernetes projects. You’re also familiar with frameworks for several languages like Django/Flask or React/Backbone.js. You've also worked extensively in cloud providers like AWS, GCE, or Azure as well as container automation frameworks like Kubernetes.

You love doing things efficiently. At Zapier, the work you do will have a disproportionate impact on the business. We believe in systems and processes that let us scale our impact to be larger than ourselves. You'll be in a unique position to find and eliminate "insecure and painful" experiences and replace them with "secure and joyful" experiences.

You love learning. Engineering is an ever-evolving world. You enjoy playing with new tech and exploring areas that you might not have experience with yet.

You love to set your own direction. At Zapier, we have one team meeting each week and one-on-one meetings every month. Between those we chat in Slack and then go make things happen.

You are friendly and patient, welcoming, considerate, and respectful. Learn more about these attributes in our code of conduct.


Things You Might Do

Zapier is a small, fast-growing, and remote-first company, so you'll likely get experience on many different projects across the organization. That said, here are some things you'll probably do:

  • Write some Python!
  • Build and maintain tooling to log, monitor and audit our infrastructure. You'll do this via AWS SDKs, k8s APIs, or directly.
  • Periodically embed with product teams with to help with security sensitive projects.
  • Migrate tooling to SSO/SAML providers to reduce password risk and improve UX.
  • Build internal tooling to ensure safe data access patterns for Zapier employees.
  • Review code across Zapier's product and infrastructure.
  • Locating weak points across Zapier and strengthening them.
  • Ship code to millions of users every week.
  • As part of our All Hands Support initiative, help customers have the best experience with Zapier as possible.



About Zapier

For the past six years, Zapier has been helping people across the world automate the boring and tedious parts of their job. We do that by helping everyone connect the web applications they already use and love.

We believe that there are jobs a computer is best at doing and that there are jobs a human is best at doing. We want to empower businesses to create processes and systems that let computers do what they are best at doing and let humans do what they are best at doing.

We believe that with the right tools, you can have big impact with less hassle.

We believe in small teams. Small teams are fast and nimble. Small teams mean less bureaucracy and less management and more getting things done.

We believe in a safe, welcoming, and inclusive environment. All teammates at Zapier agree to a code of conduct.



The Whole Package

Location: Planet Earth.

If you want to work remote, that's great. If you want to work near others, that's cool too. Our team of 100+ is distributed because it lets us work with the best people. You don't have to be located in the USA either. Some team members live in the United Kingdom, Thailand, India, Nigeria, Taiwan, Guatemala, New Zealand, Australia, and more! You just need the skills and drive to succeed in this role and the ability to work from anywhere.

Compensation:

  • Competitive salary (we don't use remote as an excuse to pay less)
  • Great healthcare + dental + vision coverage*
  • Retirement plan with 4% company match*
  • Profit sharing
  • 2 annual company retreats to awesome places
  • 14 weeks paid leave for new parents

Pick your own equipment. We'll set you up with whatever Apple laptop + monitor combo you want plus any software you need.

Unlimited vacation policy. Plus we require you to take at least 2 weeks off each year. We see most employees take 4-5 weeks off per year. This isn't a vague policy where unlimited vacation means no vacation.

Work with awesome companies around the world. We partner with great software companies all over the world and you'll constantly get to interact with people from these great companies.

*While we take care of our international folks as best we can, currently, healthcare and retirement plans are only available to US-based employees.



How to Apply

This is a security focused role, but we do have a global Infrastructure Engineer and Infrastructure Engineer (Western Hemisphere) you can apply to instead (please only apply once, we review candidates in the same place!).

We have a non-standard application process. To jump-start the process we ask a few questions we normally would ask at the start of an interview. This helps speed up the process and lets us get to know you a bit better right out of the gate. Please make sure to answer each question.

Complete this form with answers to the below questions. Make sure each answer stands alone as we review question-by-question instead of applicant-by-applicant.

  1. Tell us why you’d be a good fit for the role. Please reference any particular parts of the "About You" and "Things You Might Do" sections that fit you and why.
  2. Tell us about the most difficult API/library/software bug you've squashed. We love troubleshooting stories!
  3. Tell us about an engineering solution you've built that you're particularly proud of. Don't skimp on the technical details!
  4. Tell us about the largest deployment you've worked on. What was your role and what did the team look like?
  5. Tell us about your favorite technology to work with and why.
  6. Share some code (preferably Python) that you’ve written. You can include a link to a GitHub, GitLab, or other public code repository. Or provide us with a 500+ Line of Code (LOC) sample via Dropbox, gist, or other link to help us get a feeling for how you write code.
  7. How might you gradually introduce auditing and permissions into many disparate SaaS services and custom applications?
  8. What steps can you take to ensure that an average application (that might utilize AWS secret keys, database credentials, makes internal and external API calls, etc.) would have minimal negative impact on a server or the internal network if it were compromised?
  9. Optional: Share anonymously some demographic information about yourself to help us better track trends related to the backgrounds of candidates interested in working at Zapier in order for us to build a team that represents the users at Zapier and the broader world population.

Finally, wait for us to reply! You are going to hear back from us, even if we don't seem like a good fit. In fact, throughout the process, we strive to make sure you never go more than seven days without hearing from us.

Apply Here

Zapier is an equal opportunity employer. We're excited to work with talented and empathetic people no matter their race, color, gender, sexual orientation, religion, national origin, physical or mental disability, or age. Our code of conduct provides a beacon for the kind of company we strive to be and we celebrate our differences because those differences are what allow us to make a product that serves a global user base.