Senior Offensive Security Engineer (Web)

REMOTE / PRODUCT SECURITY /FULL-TIME

Zoom is seeking an Offensive Security Engineer to join our Security team. Zoom Offensive Security Engineers have their hands on every stage of the SDLC pipeline, from initial design through to ongoing penetration testing. Our engineers can identify vulnerabilities in design and implementation, prove and explain these vulnerabilities to others, and provide practical recommendations and steps not just to fix the identified issue but also to reduce similar occurrences in the future. We’re looking for well rounded engineers with a breadth of knowledge in application security and in depth skills in one or more particular areas. Think “red that can lean blue."

Responsibilities:

• Pentest Zoom web applications (mostly in Java, JavaScript).

• Communicate discovered issues (OWASP 10; XSS, CSRF, SSRF, SQLi,etc.), how to exploit them, and how to fix them for both technical and nontechnical audiences. 

• Work with engineering teams in the design phase of new products and features.

• Work with external researchers through our bug bounty programs to reproduce, score, and further investigate reported issues.

• Work with other groups within Zoom to better serve our customers.

Requirements:

• 5+ years of experience performing pentests and code reviews on Java and JavaScript-based web applications (C/C++, Go a plus).

• Experience identifying and remediating OWASP 10 vulnerabilities (CSS, CSRF, SSRF, SQLi, etc.).

• Have a strong command of your most liked pentesting tools, and know how to use them to your advantage (Burp Suite, Kali Linux, Nessus, Metasploit).

• Proficiency in one or more programming languages, and can both read and understand code written by others well enough to break it. 

• Have strong communication skills, both written and verbal: we have a lot of remote and asynchronous communication given our distributed teams and customers.

Ensuring a diverse and inclusive workplace where we learn from each other is core to Zoom’s values. We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law.

We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.

All your information will be kept confidential according to EEO guidelines.

Explore Zoom:

• Hear from our leadership team

• Browse Awards and Employee Reviews on Comparably

• Visit our Blog

• Zoom with us!

• Find us on social at the links below and on Instagram