Security Engineer
Zoomies help the world connect — and deliver happiness while doing it. We set out to build the best video conferencing product for the enterprise, and today help people communicate better with products like Zoom Phone, Zoom Rooms, Zoom Video Webinars, Zoom Apps, and OnZoom.
We’re problem-solvers and self-starters, working at a fast pace to design solutions with our customers and users in mind. Here, you’ll work across teams to dig deep into impactful projects that are changing the way people communicate, and enjoy opportunities to advance your career in a diverse, inclusive environment.
Security Engineer
Responsibilities:
Work closely with Engineering teams and Security Architects to validate security posture of new features for Zoom releases
Create security test plans and test cases that cover security feature testing, fuzzing, application penetration testing, and regression etc.
Implement OWASP ASVS 4.0 standards with manual and automated cases
Perform SAST/DAST and penetration testing on web applications, web services, native and mobile applications using security tools such as Checkmarx, WebInspect, AFL, Burp Suite, etc.
Triage and validate security vulnerabilities found or reported, and serve as a Subject Matter Expert in AppSec to the engineering team in identifying mitigation solutions
Conduct security tests and identify potential vulnerabilities (OWASP top 10 - XSS, CSRF, SQLi, critical/high and common issues in NVD, etc.) of improvement in security design or implementation
Communicate issues to the application owners, provide meaningful remediation recommendations, and validate that they have been resolved
Develop or employ 3rd party security test automation solution for regression test
Validate new security features and updates into existing products and ensures the security of products is maintained throughout the product life cycle
Requirements:
A Bachelor's degree (Computer Science, Information Security, Information Technology or related field)
Experience in application security testing and releasing SaaS software in public clouds - AWS
Experience in application security testing and releasing software on hardware appliances
Knowledge of the Security Development Lifecycle (SDLC)
Strong development experience in one or more of the programming languages and platforms such as Java, JavaScript, Python, C/C++, Objective C, iOS, Android, Window, Mac, is required
Experience with one or more of security tools such as Kali Linux, Burp, Metasploit, Qualys, Checkmarx, WebInspect, Peach Fuzzer, libFuzzer, AFL, etc.
Deep technical understanding of the OWASP Top 10 (XSS, SQL injection, broken access control/authentication/authorization etc)
Experience automating vulnerability discovery and repetitive tasks
Experience in working with geographically distributed engineering teams
Excellent communication skills, can-do attitude, and enthusiasm to get things done
Preferred:
5 years of related experience; or a Master's and 3 years of experience