Zoomies help the world connect — and deliver happiness while doing it. We set out to build the best video conferencing product for the enterprise, and today help people communicate better with products like Zoom Phone, Zoom Rooms, Zoom Video Webinars, Zoom Apps, and OnZoom.

We’re problem-solvers and self-starters, working at a fast pace to design solutions with our customers and users in mind. Here, you’ll work across teams to dig deep into impactful projects that are changing the way people communicate, and enjoy opportunities to advance your career in a diverse, inclusive environment. 

Security Engineer

Responsibilities:

• Work closely with Engineering teams and Security Architects to validate security posture of new features for Zoom releases 

• Create security test plans and test cases that cover security feature testing, fuzzing, application penetration testing, and regression etc. 

• Implement OWASP ASVS 4.0 standards with manual and automated cases 

• Perform SAST/DAST and penetration testing on web applications, web services, native and mobile applications using security tools such as Checkmarx, WebInspect, AFL, Burp Suite, etc.

• Triage and validate security vulnerabilities found or reported, and serve as a Subject Matter Expert in AppSec to the engineering team in identifying mitigation solutions

• Conduct security tests and identify potential vulnerabilities (OWASP top 10 - XSS, CSRF, SQLi, critical/high and common issues in NVD, etc.) of improvement in security design or implementation 

• Communicate issues to the application owners, provide meaningful remediation recommendations, and validate that they have been resolved 

• Develop or employ 3rd party security test automation solution for regression test 

• Validate new security features and updates into existing products and ensures the security of products is maintained throughout the product life cycle 

Requirements: 

• A Bachelor's degree (Computer Science, Information Security, Information Technology or related field)

• Experience in application security testing and releasing SaaS software in  public clouds - AWS

• Experience in application security testing and releasing software on hardware appliances

• Knowledge of the Security Development Lifecycle (SDLC)

• Strong development experience in one or more of the programming languages and platforms such as Java, JavaScript, Python, C/C++, Objective C, iOS, Android, Window, Mac, is required 

• Experience with one or more of security tools such as Kali Linux, Burp, Metasploit, Qualys, Checkmarx, WebInspect, Peach Fuzzer, libFuzzer, AFL, etc.  

• Deep technical understanding of the OWASP Top 10  (XSS, SQL injection, broken access control/authentication/authorization etc)

• Experience automating vulnerability discovery and repetitive tasks 

• Experience in working with geographically distributed engineering teams 

• Excellent communication skills, can-do attitude, and enthusiasm to get things done 

Preferred:

• 5 years of related experience; or a Master's and 3 years of experience