Senior Application Security Engineer

Foster City, CA
Software – Product Security /
Full-time /
Zoox is looking for a Senior Application Security Engineer to join our Product Security team. 
Our team works on the cybersecurity of the Zoox robotaxi service. Your mission, should you choose to accept it, is to elevate the practice and the culture of security (as applied to critical backend services that enable robotaxi operations) to meet and exceed the demands of heightened scrutiny and adversary interest that will accompany the launch of Zoox services to the general public and the subsequent scale-up of our product.


    • You will find, fix, and verify security issues in our backend services. Perform application security reviews and threat modeling exercises. Implement security-focused features.
    • You will make our “paved path” - service design patterns and shared libraries - secure by design.
    • You will center the developer experience of “shift-left” application security-related systems and workflows. Enable engineering teams to self-serve and champion cybersecurity.
    • You will build, deploy, and operate off-the-shelf and custom security tools related to SDLC and application security. Triage and address issues reported by those tools.
    • You will help maintain awareness of new developments and technologies and suggest things to try as well as more substantial architectural changes as best practices evolve.
    • You will get to partner with cybersecurity, compliance, and engineering leadership to plan and execute long-term strategies that propel the state and the security of Zoox applications forward.


    • 1-5+ years of experience in an application security role. Deep understanding of backend services security issues and their mitigations. Practical application of secure design patterns. Formal (threat model, attack graph, TARA) and informal ways of evaluating application risks.
    • 2-4+ years of experience in a software engineering role, reaching fluency in a compiled, statically typed language and in an interpreted, dynamically typed language while developing production-grade services of substantial scope.
    • Expertise with high availability and large system design patterns, including microservice architectures, distributed systems, principles and practices of working with data stores, build and release management, testing and deployment.
    • Persuasion, emotional intelligence, asynchronous communication skills, and relationship building skills that enable you to achieve complex goals on short deadlines with teams that do not report to you.
    • Tools of the trade: static analysis (SAST), software composition and dependency tracking (SCA, SBOM), frontend/service dynamic security (ASPM), in-service assessment (DAST), single sign-on (SSO), API security, incident management, and others. 

Bonus Qualification

    • Knowledge of languages, patterns, and common security issues in front-end applications including single page applications (SPAs), low-code internal tools, and other user-facing systems.
    • Experience with AWS or other public clouds, DevOps/SRE practices, infrastructure-as-code tooling, and container-based service operation.
    • Contributions to the cybersecurity community of practice, such as developing tools, contributing original research, participating in conferences and events, etc.
There are three major components to compensation for this position: salary, Amazon Restricted Stock Units (RSUs), and Zoox Stock Appreciation Rights. The salary range for this position is $186,000 to $265,000. A sign-on bonus may be offered as part of the compensation package. Compensation will vary based on geographic location and level. Leveling, as well as positioning within a level, is determined by a range of factors, including, but not limited to, a candidate's relevant years of experience, domain knowledge, and interview performance. The salary range listed in this posting is representative of the range of levels Zoox is considering for this position.
Zoox also offers a comprehensive package of benefits including paid time off (e.g. sick leave, vacation, bereavement), unpaid time off, Zoox Stock Appreciation Rights, Amazon RSUs, health insurance, long-term care insurance, long-term and short-term disability insurance, and life insurance.

About Zoox
Zoox is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market. Sitting at the intersection of robotics, machine learning, and design, Zoox aims to provide the next generation of mobility-as-a-service in urban environments. We’re looking for top talent that shares our passion and wants to be part of a fast-moving and highly execution-oriented team.

Follow us on LinkedIn

If you need an accommodation to participate in the application or interview process please reach out to or your assigned recruiter.

A Final Note:
You do not need to match every listed expectation to apply for this position. Here at Zoox, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.