Security Engineer (Telephony/VoIP)
Security Engineer
REMOTE / PRODUCT SECURITY /FULL-TIME
Zoom is seeking a Senior Security Engineer to join our Security team. Zoom Security Engineers have their hands on every stage of the SDLC pipeline, from initial design through to ongoing penetration testing. Our engineers can identify vulnerabilities in design and implementation, prove and explain these vulnerabilities to others, and provide practical recommendations and steps not just to fix the identified issue but also to reduce similar occurrences in the future. We’re looking for well rounded engineers with a breadth of knowledge in application security and in-depth skills in one or more particular areas. Think “red that can lean blue."
Responsibilities:
Perform blackbox and whitebox application and network penetration testing.
Communicate discovered issues, how to exploit them, and how to fix them for both technical and nontechnical audiences.
Work with engineering teams in the design phase of new products and features, conducting threat modeling and security architecture, design and code reviews.
Work with external researchers through our bug bounty programs to reproduce, score, and further investigate reported issues.
Work with other groups within Zoom to better serve our customers.
Requirements:
5 years of experience performing pentests and code reviews (C/C++, Java, Python).
Have a broad range of security knowledge but can go in depth in one or more areas (e.g., Linux systems/kernel, binaries, cryptography, protocol reverse engineering, fuzzing).
Proficiency in C/C++ programming language, and can both read and understand code written by others well enough to break it (as well as develop tests and example exploits).
Familiar with VoIP protocols such as SIP/H.323.
Familiar with network protocols, like TCP/UDP/TLS/RTP/SRTP.
Have a strong command of your common pentesting tools, and know how to use them to your advantage.
Strong understanding of secure architecture and design, threat modeling, security code review, SDLC and the ability to clearly articulate best practices and mitigations for application security.
Have strong communication skills, both written and verbal: we have a lot of remote and asynchronous communication given our distributed teams and customers.
Experience with VoIP projects such as FreeSWITCH, openSIPS, PJSIP, reSIProcate, etc is a plus.
Ensuring a diverse and inclusive workplace where we learn from each other is core to Zoom’s values. We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law.
We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.
All your information will be kept confidential according to EEO guidelines.
Explore Zoom:
Hear from our leadership team
Browse Awards and Employee Reviews on Comparably
Visit our Blog
Zoom with us!
Find us on social at the links below and on Instagram