Security Engineer, Controls Validation

The Security Engineer provides assessments, gap analysis, and recommendations around technical security control implementations across multiple software products, supporting infrastructure technologies, and business processes. In this role you will be responsible for ensuring the deep details of technical security align to Zoom's commitment to protect customers, employees, business operations, and comply with regulatory mandates. As part of the Security Assurance team, the successful candidate will also support other Offensive Security Engineers in penetration testing initiatives, depending on capabilities.

Responsibilities:

• Evaluate and assess the effectiveness of management, operational, and technical security controls.

• Work with software developers, DevOps and infrastructure teams, product owners, Legal stakeholders, and across security teams to understand the requirements for security.

• Contribute to the development and maturation of the security controls program;

• Evaluate, document, and communicate business risk in the context of control designs and gaps.

• Seek out opportunities to improve verification of controls compliance, such as through automation of tests.

Requirements:

• 5+ years overall experience in professional roles focusing on cyber security and data privacy.

• Strong familiarity with common security controls frameworks, such as NIST SP800-53, ISO 27001/27002, CIS Critical Controls.

• Demonstrated experience utilizing security tools, such as vulnerability scanners, exploit frameworks, intrusion detection, forensics tools.

• Experience developing and conducting audit plans covering cyber security controls for conformance to defined requirements.

• Relevant professional certifications, such as CISA, CISM, CISSP, GCCC, ISO 27001 Auditor.

• Familiarity with national and international legal and regulatory mandates related to cyber security and data privacy, such as GLBA, SOX, CCPA, GDPR.

• Familiarity with cloud-based application deployments and IaaS architectures, preferably in AWS.

• Awareness of current attacker TTPs.

• Strong familiarity with a broad range of information technologies, protocols, and security domains.

• General familiarity with current encryption methods, standards, and weaknesses.

• Ability to be flexible in scheduling to accommodate occasional meetings with staff in distant time zones.

• Ability to clearly communicate technical issues to non-technical audiences and others with varying backgrounds.

Ensuring a diverse and inclusive workplace where we learn from each other is core to Zoom’s values. We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law.

We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.

All your information will be kept confidential according to EEO guidelines.

Explore Zoom:

• Hear from our leadership team

• Browse Awards and Employee Reviews on Comparably

• Visit our Blog

• Zoom with us!

• Find us on social at the links below and on Instagram