Senior Application Security Engineer
Updated on 2/14/2024
Self driving car robotics company
Zoox is reinventing personal transportation—making the future safer, cleaner, and more enjoyable for everyone. The company is building the infrastructure for self-driving cars.
AI & Machine Learning
Automotive & Transportation
Foster City, California
Growth & Insights
6 month growth↑ 12%
1 year growth↑ 28%
2 year growth↑ 83%
San Mateo, CA, USA
Development Operations (DevOps)
IT & Security
DevOps & Infrastructure
- 6+ years of experience across software engineering and cybersecurity
- Deep understanding of common application security issues and their mitigations
- Knowledge of high availability and large system design patterns
- Formal (threat model, attack graph, TARA) and informal ways to enumerate threats and evaluate risks
- Perform application security reviews and threat modeling exercises
- Prototype and implement security-focused features in code
- Translate Zoox policies and standards into specific implementation guidance
- Improve the developer experience of 'shift-left' application security-related systems and workflows
- Configure, integrate, modify, and develop off-the-shelf and custom security tools related to SDLC and application security
- Collaborate with feature teams and other cybersecurity teams across the company
- Maintain awareness of new developments and technologies and suggest best practices
- Knowledge of languages, patterns, and common issues in front-end applications
- Experience with AWS or other public clouds, DevOps/SRE practices, infrastructure-as-code tooling, and container-based service operation
Zoox is looking for an Application Security Engineer to join our Product Security team.
Our team works on the cybersecurity of the Zoox robotaxi service. We guide and advise software engineering teams building our flagship product while aligning our efforts with company-wide cybersecurity goals and tooling.
As a hands-on AppSec specialist, you will work closely with several software teams on topics both day-to-day (identifying code issues, offering guidance on a topic, reviewing new designs) and strategic (shaping the AppSec roadmap, keeping tabs on the ever-changing threat landscape, and building relationships).
Beyond software development and cybersecurity knowledge, an ideal candidate would also possess the passion and skills necessary to implement our “shift-left” approach (having software teams participate in and own some of the security work, enabled by education and automation).
- Perform application security reviews (design documents and security-relevant code) and threat modeling exercises. Prototype and implement security-focused features in code in partnership with engineering teams.
- Translate Zoox policies and standards into specific implementation guidance, including documentation, training, advice, and code level support.
- Work with other teams to make our application design patterns, shared libraries, and Software Development Lifecycle (SDLC)-related tooling secure-by-design.
- Improve the developer experience of “shift-left” application security-related systems and workflows. Train and support teams in using security tools on their own.
- Configure, integrate, modify, and develop off-the-shelf and custom security tools related to SDLC and application security. Triage and address issues reported by those tools. Report progress and identify interesting trends.
- Collaborate with feature teams and other cybersecurity teams across the company.
- Maintain awareness of new developments and technologies and suggest things to try as well as more substantial architectural changes as best practices evolve.
- Independently develop project briefs into actionable plans and carry them through.
- Contribute to and eventually own the application security part of our team’s long-term roadmap.
- 6+ years of experience across software engineering and cybersecurity. Deep understanding of common application security issues and their mitigations.
- 3+ years of experience in a software engineering role, reaching fluency in a compiled, statically typed language and in an interpreted, dynamically typed language while developing production-grade services of substantial scope.
- Knowledge of high availability and large system design patterns, including microservice architectures, distributed systems, principles, and practices of working with data stores, build and release management, testing, and deployment.
- Persuasion, emotional intelligence, asynchronous communication skills, and relationship-building skills enable you to achieve complex goals on short deadlines with teams that do not report to you.
- Formal (threat model, attack graph, TARA) and informal ways to enumerate threats and evaluate risks, present them in the context of common cybersecurity frameworks, and then recommend multiple mitigation strategies.
- Knowledge of languages, patterns, and common issues in front-end applications, including single page applications (SPAs).
- Experience with AWS or other public clouds, DevOps/SRE practices, infrastructure-as-code tooling, and container-based service operation.
There are three major components to compensation for this position: salary, Amazon Restricted Stock Units (RSUs), and Zoox Stock Appreciation Rights. The salary range for this position is $186,000 to $265,000. A sign-on bonus may be offered as part of the compensation package. Compensation will vary based on geographic location and level. Leveling, as well as positioning within a level, is determined by a range of factors, including, but not limited to, a candidate’s relevant years of experience, domain knowledge, and interview performance. The salary range listed in this posting is representative of the range of levels Zoox is considering for this position.
Zoox also offers a comprehensive package of benefits including paid time off (e.g. sick leave, vacation, bereavement), unpaid time off, Zoox Stock Appreciation Rights, Amazon RSUs, health insurance, long-term care insurance, long-term and short-term disability insurance, and life insurance.
Zoox is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market. Sitting at the intersection of robotics, machine learning, and design, Zoox aims to provide the next generation of mobility-as-a-service in urban environments. We’re looking for top talent that shares our passion and wants to be part of a fast-moving and highly execution-oriented team.
If you need an accommodation to participate in the application or interview process please reach out to [email protected] or your assigned recruiter.
A Final Note:
You do not need to match every listed expectation to apply for this position. Here at Zoox, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.