Work Styles at Zoom
In most cases, you will have the opportunity to choose your preferred working location from the following options when you join Zoom: in-person, hybrid or remote. Visit this page for more information about Zoom's Workstyles .
About Us
Zoomies help people stay connected so they can get more done together. We set out to build the best video product for the enterprise, and today help people communicate better with products like Zoom Contact Center, Zoom Phone, Zoom Events, Zoom Apps, Zoom Rooms, and Zoom Webinars.
We're problem-solvers, working at a fast pace to design solutions with our customers and users in mind. Here, you'll work across teams to deliver impactful projects that are changing the way people communicate and enjoy opportunities to advance your career in a diverse, inclusive environment.
Application Security Engineer - Mid to Senior (Multiple openings)
Full-time / US-Remote
Responsibilities:

• Multiple roles are available, all roles work closely with Engineering teams and Security Architects to validate the security posture of new features for Zoom releases prior to production deployment
• Validate new security features and updates into existing products and ensures the security of products is maintained throughout the product life cycle
• Evaluate and grow the security posture of web applications, web services, native and mobile applications
• Implement standards through your respective role such as OWASP ASVS 4.0
• Identify potential vulnerabilities (OWASP top 10, critical/high and common issues in NVD, etc.) and methods of improvement in security design or implementation
• Communicate issues to the application owners, provide meaningful remediation recommendations, and validate that they have been resolved
• Triage and validate security vulnerabilities found or reported, and relative to your role serve as a Subject Matter Expert in AppSec to the engineering team in identifying mitigation solutions
• Create security test documents that cover security feature testing, fuzzing, application penetration testing, and regression, etc
• As a Penetration Tester you will manually test web applications, web services, native and mobile applications while measuring coverage
• As a SAST/DAST Engineer you will work with development teams and perform testing using security tools such as Checkmarx, WebInspect, AFL, Burp Suite, etc
• As a Security Tooling Engineer you will develop or employ 3rd party security test automation solutions for regression and tests and select security issues
• As a Security Fuzzing Engineer you will write software and building systems that can automatically identify and root cause security vulnerabilities at scale

Requirements:

• 3 years of related experience with a Bachelor's degree (in Computer Science, Information Security, Computer Engineering or related field); OR 1 year of experience with a Master's degree
• Knowledge of the Security Development Lifecycle (SDLC)
• Experience in threat identification using threat modeling techniques
• Experience with one or more of security tools such as Kali Linux, Burp, Metasploit, Checkmarx, WebInspect, Peach Fuzzer, libFuzzer, AFL, etc.
• Deep technical understanding of security concepts and vulnerabilities, such as OWASP Top 10, as relevant to each role
• Strong development experience in one or more of the programming languages and platforms such as Java, JavaScript, Python, C/C++, Objective C, iOS, Android, Window, Mac, as relevant to each role
• Experience in security for releasing software for Web, Mobile, API, SaaS software in public cloud, or on hardware appliances is required relative to each role
• Experience in application security testing with automation is required for SAST/DAST
• Experience in automating vulnerability discovery and repetitive tasks is required for Security Tooling
• Experience in manual application security testing, creating attack plans, and reporting is required for Penetration Testing

#LI-Remote
We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. Zoom is proud to be an equal opportunity workplace and is an affirmative action employer. All your information will be kept confidential according to EEO guidelines.
We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records and any qualified applicants requiring reasonable accommodations in accordance with the law. If you need any assistance or accommodations due to a medical condition, or if you need assistance accessing our website or completing the application process, please let us know by emailing us at [email protected] .
Zoom requires all U.S. employees who will work in person at a Zoom office, attend in-person Zoom meetings or have in-person customer meetings to be fully vaccinated. Zoom will consider requests for reasonable accommodations for religious or medical reasons as required under applicable law.
At Zoom, we care about our employees, their families, and their well-being. As part of our award-winning workplace culture and commitment to delivering happiness, our benefits program offers a variety of perks, benefits, and options to help employees maintain their physical, mental, emotional, and financial health; support work-life balance; and contribute to their community in meaningful ways. To view our benefits, click here .
Explore Zoom:

• Hear from our leadership team
• Browse Awards and Employee Reviews on Comparably
• Visit our Blog
• Zoom with us!
• Find us on social at the links below and on Instagram
• View more jobs, sign up for job alerts and join our talent community. Visit the Zoom careers site .

#LI-Remote