×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Systems Engineer Cybersecurity AI Engineer

Security Engineer - Product Security

Job in South San Francisco, San Mateo County, California, 94083, USA
Listing for: Zipline International Inc.
Full Time position
Listed on 2026-02-23
Job specializations:
  • IT/Tech
    Systems Engineer, Cybersecurity, AI Engineer
Salary/Wage Range or Industry Benchmark: 230000 - 275000 USD Yearly USD 230000.00 275000.00 YEAR
Job Description & How to Apply Below
Position: Staff Security Engineer - Product Security

ABOUT ZIPLINE

Zipline is at the forefront of a logistics revolution:
We design, manufacture, and operate our own fleet of autonomous drones, and all ground-based equipment that supports flight, to deliver critical and lifesaving medicine to thousands of hospitals serving millions of people on multiple continents. Our mission is to provide every human on Earth with instant access to vital medical supplies. Do you want to change the world? Join Zipline and help us make this a reality for billions of people.

ABOUT YOU AND THE ROLE

Zipline builds and operates fleets of delivery drones to get medicine to those who need it, fast, regardless of where they live. To power this, the software team is building out the long term scalable solutions to expand rapidly while empowering our world class distribution centers to serve their customers as fast as possible.

Zipline’s security problems aren’t “website got pwned” problems (though those exist too). They’re “real-world autonomy + robotics + global operations + cloud software + regulated/health-adjacent workflows” problems. You’ll partner deeply with software, infrastructure, and (where relevant) embedded/autonomy teams to reduce real risk in real systems. We have a large attack surface

Our ideal candidate works well in startup environments, wears many hats, and collaborates across engineering disciplines. You’ll join a small, high-ownership security team with significant influence over how we scale.

A note on our
modern reality and agentic tooling:

Engineering teams are increasingly adopting LLM copilots and agentic tools to move faster. That’s useful, until an “assistant” becomes an unmonitored automation path to secrets, sensitive data, or privileged actions. (Think: “obedient intern with production credentials.”) Industry guidance is converging on practical frameworks like the NIST AI Risk Management Framework (including a profile for generative AI) and the OWASP Top 10 for LLM Applications, which explicitly calls out risks like prompt injection, insecure plugin design, and excessive agency.

In this role, you’ll help Zipline safely leverage these tools while containing them so they don’t quietly “rewrite the threat model”.

This is a Hybrid onsite role - you will frequently have conversations in person at our HQ in South San Francisco.

WHAT YOU’LL DO
  • Own security outcomes for critical parts of Zipline’s application and cloud ecosystem (not by writing policy docs that no one reads, but by shipping controls and enabling teams).
  • Partner with engineering teams on secure architecture, threat modeling, and design reviews for services that must be correct, reliable, and defensible under real-world operational pressure.
  • Help us build and scale a pragmatic secure SDLC – CI/CD hardening, dependency/supply-chain controls, secrets management, and code review patterns that don’t slow teams down.
  • Improve cloud security posture end-to-end: IAM and least privilege, network/service-to-service trust, key management, logging/telemetry, runtime detection, and incident-ready auditability.
  • Drive vulnerability management that actually closes risk: triage, exploitability analysis, remediation partnerships, and verification.
  • Help build and exercise incident response: playbooks, tabletop exercises, logging requirements, and “know it happened / know what changed” operational discipline.
  • Support data classification and access control models aligned to how Zipline operates (including partner/customer interfaces and global operations).
  • Support external penetration tests and turn results into durable improvements, not whack‑a‑mole patches.
  • Contribute to security compliance efforts (e.g., SOC 2 / ISO 27001) in a way that strengthens engineering
  • Secure AI-assisted and agentic engineering workflows (this is explicitly part of the job):
    • define safe patterns for copilots/LLM tools used in development and ops
    • implement guardrails for sensitive data exposure and output handling
    • prevent “agentic overreach” (over‑privileged tools, unsafe tool-calling, silent action-taking)
    • build monitoring/auditing around AI tool use where it matters
WHAT YOU’LL BRING
  • 8+ years of experience designing, building, and operating…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search