Senior Information Security Engineer

About Zipline

Do you want to change the world? Zipline is on a mission to transform the way goods move. Our aim is to solve the world’s most urgent and complex access challenges by building, manufacturing and operating the first instant delivery and logistics system that serves all humans equally, wherever they are. From powering Rwanda’s national blood delivery network and Ghana’s COVID-19 vaccine distribution, to providing on-demand home delivery for Walmart, to enabling healthcare providers to bring care directly to U.S. homes, we are transforming the way things move for businesses, governments and consumers. The technology is complex but the idea is simple: a teleportation service that delivers what you need, when you need it. Using robotics and autonomy, we are decarbonizing delivery, decreasing road congestion, and reducing fossil fuel consumption and air pollution, while providing equitable access to billions of people and building a more resilient global supply chain.   Join Zipline and help us to make good on our promise to build an equitable and more resilient global supply chain for billions of people.

About You and The Role  

At Zipline, we rely on secure systems to power our mission to transform the way goods move around the world. As an Information Security Engineer, you'll ensure the devices, networks, and applications our teams use every day are secure, monitored, and resilient. You’ll drive endpoint security, device management, anti-virus protection, and access control (RBAC) to safeguard our workforce while enforcing structured access policies. By proactively monitoring for threats and securing corporate infrastructure, you’ll help maintain a strong security posture without slowing down innovation.

What You'll Do  

• Drive initiatives like SOC 2 Type 2 and ISO 27001, ensuring regulatory compliance. Establish and maintain a risk management framework aligned with business goals.
• Design and implement security architectures across networks, endpoints, and applications. Conduct vulnerability assessments, penetration tests, and risk analyses to identify and remediate threats.
• Manage endpoint protection, anti-virus solutions, and access control (RBAC) to safeguard our workforce. Enforce structured access policies—no ad-hoc permissioning.
• Optimize security tools and controls, leveraging expertise in firewalls, VPNs, IDS/IPS to protect corporate environments.
• Work with Product Security, IT, and Engineering teams to integrate security into operations. Mentor junior team members on best practices.

What You'll Bring 

• A minimum of 8 years of experience in the information security field
• Compliance Expertise: Proven experience owning and managing SOC 2, ISO 27001, and other compliance frameworks from initiation to completion.
• Strong understanding of networking concepts, protocols, and tools (e.g., TCP/IP, DNS, VPNs, firewalls, IDS/IPS).
• Hands-on experience with vulnerability management tools (e.g., Nessus, Qualys, or Rapid7).
• Proficiency in endpoint protection platforms (e.g., CrowdStrike, SentinelOne) and SSO solutions (e.g., Okta, Azure AD).
• Risk Management: Demonstrated ability to identify, assess, and mitigate security risks in dynamic environments.
• Soft Skills: Excellent communication, problem-solving, and organizational skills.

Nice to haves:

• Certifications such as CISSP, CISM, or CISA.
• Experience with cloud security frameworks (e.g., AWS, GCP, Azure).
• Familiarity with automation and scripting languages (e.g., Python, Bash) to streamline security processes.

What Else You Need to Know   

The starting cash range for this role is $175,000 - $220,000. Please note that this is a target, starting cash range for a candidate who meets the minimum qualifications for this role. The final cash pay for this role will depend on a variety of factors, including a specific candidate's experience, qualifications, skills, working location, and projected impact. The total compensation package for this role may also include: equity compensation; overtime pay; discretionary annual or performance bonuses; sales incentives; benefits such as medical, dental and vision insurance; paid time off; and more.   Zipline is an equal opportunity employer and prohibits discrimination and harassment of any type without regard to race, color, ancestry, national origin, religion or religious creed, mental or physical disability, medical condition, genetic information, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity, gender expression, age, marital status, military or veteran status, citizenship, or other characteristics protected by state, federal or local law or our other policies.   We value diversity at Zipline and welcome applications from those who are traditionally underrepresented in tech. If you like the sound of this position but are not sure if you are the perfect fit, please apply!