We're looking for our next Head of Security to lead the Security organization at Zapier. We’re on a mission to make everyone more productive at work. Our product has helped millions of people build businesses through the power of automation.
As the Head of Security at Zapier, you will be responsible for continuing to evolve our security strategy and deliver on that strategy. You will report to the Senior Director of Engineering Services and be a skip level to the Head of Engineering. You will work closely with your leaders, peers, and executives to build alignment and execute a multifaceted security strategy as we operate as a flat organization.
At Zapier, security is part of how we create customer value. This group is helping our engineering organization to build security into our products on a secure-by-default infrastructure. It is a combination of hands-on Application Security, Cloud Security, and Detection & Response engineers. GRC and IT Ops round up the rest of this talented Security team.
Things we've done recently:
- Implemented a comprehensive Cloud Security Posture Management system
- Rolled out a training platform for our Security Champions Community
- Fully migrated IAM user management to an SSO infrastructure
- Automated lifecycle management with over 100 Okta Workflows
- Built an automated engine for gathering additional alert context
- Manage a bug bounty program and the lifecycle of findings
- Hardening critical key encryption systems and building robust key rotation processes
- Conducted dozens of threat modeling sessions
If you’re interested in advancing your career at a fast-growing, profitable, impact-driven company, then read on…
Our Commitment to Applicants
Culture and Values at Zapier
Zapier Guide to Remote Work
Zapier Code of Conduct
Diversity and Inclusivity at Zapier
You are a skilled, pragmatic, and engineering-oriented SaaS security leader. You’re an engineering leader with experience leading security teams for a SaaS-based product company on modern tech stacks. You have experience working at a company that ships products and features quickly and safely. You have engineering experience and approach solving security challenges through engineering means and a product lens. You have specialized in at least one security discipline and have a deep understanding of other security functions in order to be a well-rounded security expert. You have experience working with security tools, implementing detection and response mechanisms, running red team exercises, and implementing compliance controls -- even if you aren't involved in these on a day-to-day basis. You’re familiar with OWASP Top Ten and how to effectively guard against common vulnerabilities. You are very familiar with the security needs within an engineering organization. You have a pragmatic approach to security that adapts to the company’s needs by taking business context and data as inputs when making decisions.
You manage diverse, high-performing, and growth-mindset engineering organizations. You are an empathetic leader that values diversity and fosters a culture of psychological safety, inclusivity, and belonging that enables folks to be their true selves and do their best work. Diversity is a priority for you when hiring. You can forecast staffing needs, communicate clearly on those needs, and make hard staffing decisions that support the needs of the business. You led an organization that assesses performance equitably across diverse people and functions. You managed managers, tech leads, and individual contributors, and coached teams to be successfully autonomous. You have a passion for mentoring engineers and leaders while at the same time growing your skills. You have a track record of giving and receiving feedback well, both within and outside of your organization.
You can develop and deliver on an aligned security vision, strategy, and roadmap. You can develop an inspiring multi-year vision for security that aligns with and enables the company strategy. You seek feedback, learn from others, and use data and other business inputs to continuously adapt your vision to match the current and future needs of the company. You set the strategy for building security into how we build, ship, and operate our products. You have the ability to communicate your vision, strategy, and roadmap to others, gain alignment, and implement your vision with teams to get results. You define measurable outcomes and a roadmap to deliver on those outcomes. You use indicators to track progress toward outcomes and make adjustments along the way when needed. You hold yourself accountable for delivering on committed outcomes and also hold your team accountable for delivering on the roadmap. You are comfortable raising any risks to deliverables early and often. You are able to ruthlessly prioritize to prevent your teams from being oversubscribed while clearly communicating tradeoffs and prioritization decisions.
You build strong partnerships, enjoy collaborating, and have excellent communication skills. You take the time to get to know people and build strong relationships. You want to partner with Product Management to come up with product ideas and features that will help us sell to upmarket customers and attract users from the security community. You regularly work with engineers and other stakeholders from various disciplines to balance security concerns with product and business concerns. Ideally, you find solutions that address both needs, but if not, help build understanding around difficult decisions. You foster a security team culture that defaults to collaboration vs just assigning work to others. You have an excellent ability to take lots of business context and distill it down to valuable context for your teams. You’re able to communicate clearly verbally and in writing. You’re comfortable communicating to various levels up to Executives and can tailor your communication to the audience. You take complex security risks and make them relatable to anyone at any level. You understand the power of storytelling that doesn’t miss out on the “why” and the “what”.
Things You’ll Do
Zapier is a fast-growing, remote-first company. You'll likely get experience on many different projects across the organization. That said, here are some things you'll probably do:
- Protect our millions of customers from having their API credentials compromised or put at risk.
- Continually evolve and design the future of our security organization, including enhancing and communicating our security strategy for our products and company.
- Set the vision, strategy, and deliver on a roadmap that connects to the vision and strategy.
- Work closely with your engineering, design, legal, and product stakeholders to address user problems and provide solutions.
- Develop effective ways to communicate, monitor, and lead your teams
- Keep senior leadership informed on your teams’ progress and potential blockers.
- Build rapport with each member of the Security Team, and others throughout the company, and support them through coaching and mentorship to help them grow.
- Participate in security reviews, learning and spreading security and technical knowledge throughout Zapier -- moving knowledge to documentation where appropriate.
- Guide Executive leadership team by recommending information security investments
- Provide strategic leadership for secure product development and security features in our products
- Collaborate across various disciplines (Product Managers, Designers, Researchers) to help build security goals into roadmaps and maintain alignment.
- Stay current on technological advancements, like AI, the impact it has on security, and how it can be leveraged to improve efficiency
- Recruit, interview, hire, and help onboard top talent
Zapier Compensation Guiding Principles
We believe all Zapiens should be rewarded competitively and equitably, using practices that are simple and transparent. This philosophy ensures we’re able to find, grow, and retain exceptional people from a broad range of backgrounds. Here’s how we define our compensation principles:
- Competitive: Zapier pays well among the technology sector.
- Equitable: Consistent pay practices; competency-based pay.
- Simple: Pay is well understood, and pay practices are built for scale.
- Transparent: Zapiens know how pay works, including how their pay is determined.
The pay ranges for this role are (min - mid - max):
- USA: 269,400 - 336,800 - 404,200 USD
- Canada: 269,400 - 336,800 - 404,200 CAD
A Candidate's compensation package is finalized once the interview process is concluded and accounts for experience, competencies (job knowledge, skills and abilities) and internal equity. We use a competency-based approach to base pay, which means we set pay for all Zapier employees based on their competency and skills demonstrated in their role. In alignment with that philosophy, the upper half of a pay range is typically reserved for individuals who have consistently demonstrated a high level of job knowledge and skills for their current role and level while at Zapier.
For more information on Zapier’s Total Rewards please click here.
How to Apply
At Zapier, we believe that diverse perspectives and experiences make us better, which is why we have a non-standard application process designed to promote inclusion and equity. We're looking for the best fit for each of our roles, regardless of the type of education or companies in your background, so we encourage you to apply even if your skills and experiences don’t exactly match the job description. All we ask is that you answer a few in-depth questions in our application that would typically be asked at the start of an interview process. This helps speed things up by letting us get to know you and your skillset a bit better right out of the gate. Please be sure to answer each question; the resume and CV fields are optional.
After you apply, you are going to hear back from us—even if we don’t see an immediate fit with our team. In fact, throughout the process, we strive to never go more than seven days without letting you know the status of your application. We know we’ll make mistakes from time to time, so if you ever have questions about where you stand or about the process, just ask your recruiter!
Zapier is an equal-opportunity employer and we're excited to work with talented and empathetic people of all identities. Zapier does not discriminate based on someone's identity in any aspect of hiring or employment as required by law and in line with our commitment to Diversity, Inclusion, Belonging and Equity. Our code of conduct provides a beacon for the kind of company we strive to be, and we celebrate our differences because those differences are what allow us to make a product that serves a global user base. Zapier will consider all qualified applicants, including those with criminal histories, consistent with applicable laws.
Zapier is committed to inclusion. As part of this commitment, Zapier welcomes applications from individuals with disabilities and will work to provide reasonable accommodations. If reasonable accommodations are needed to participate in the job application or interview process, please contact firstname.lastname@example.org.
Even though we’re an all-remote company, we still need to be thoughtful about where we have Zapiens working. Check out this resource for a list of countries where we currently cannot have Zapiens permanently working.