Do you want to change the world? Zipline is on a mission to transform the way goods move. Our aim is to solve the world’s most urgent and complex access challenges by building, manufacturing and operating the first instant delivery and logistics system that serves all humans equally, wherever they are. From powering Rwanda’s national blood delivery network and Ghana’s COVID-19 vaccine distribution, to providing on-demand home delivery for Walmart, to enabling healthcare providers to bring care directly to U.S. homes, we are transforming the way things move for businesses, governments and consumers. The technology is complex but the idea is simple: a teleportation service that delivers what you need, when you need it. Using robotics and autonomy, we are decarbonizing delivery, decreasing road congestion, and reducing fossil fuel consumption and air pollution, while providing equitable access to billions of people and building a more resilient global supply chain.

Join Zipline and help us to make good on our promise to build an equitable and more resilient global supply chain for billions of people.

About You and The Role

At Zipline, we rely on secure systems to power our mission to transform the way goods move around the world. As an Information Security Engineer, you'll ensure the devices, networks, and applications our teams use every day are secure, monitored, and resilient. You’ll drive endpoint security, device management, anti-virus protection, and access control (RBAC) to safeguard our workforce while enforcing structured access policies. By proactively monitoring for threats and securing corporate infrastructure, you’ll help maintain a strong security posture without slowing down innovation.

What You'll Do

• Drive initiatives like SOC 2 Type 2 and ISO 27001, ensuring regulatory compliance. Establish and maintain a risk management framework aligned with business goals.
• Design and implement security architectures across networks, endpoints, and applications. Conduct vulnerability assessments, penetration tests, and risk analyses to identify and remediate threats.
• Manage endpoint protection, anti-virus solutions, and access control (RBAC) to safeguard our workforce. Enforce structured access policies—no ad-hoc permissioning.
• Optimize security tools and controls, leveraging expertise in firewalls, VPNs, IDS/IPS to protect corporate environments.
• Work with Product Security, IT, and Engineering teams to integrate security into operations. Mentor junior team members on best practices.

What You'll Bring

• A minimum of 8 years of experience in the information security field
• Compliance Expertise: Proven experience owning and managing SOC 2, ISO 27001, and other compliance frameworks from initiation to completion.
• Strong understanding of networking concepts, protocols, and tools (e.g., TCP/IP, DNS, VPNs, firewalls, IDS/IPS).
• Hands-on experience with vulnerability management tools (e.g., Nessus, Qualys, or Rapid7).
• Proficiency in endpoint protection platforms (e.g., CrowdStrike, SentinelOne) and SSO solutions (e.g., Okta, Azure AD).
• Risk Management: Demonstrated ability to identify, assess, and mitigate security risks in dynamic environments.
• Soft Skills: Excellent communication, problem-solving, and organizational skills.

Nice to haves:

• Certifications such as CISSP, CISM, or CISA.
• Experience with cloud security frameworks (e.g., AWS, GCP, Azure).
• Familiarity with automation and scripting languages (e.g., Python, Bash) to streamline security processes.

What Else You Need to Know