Senior Security Engineer
REMOTE / PRODUCT SECURITY /FULL-TIME
Zoom is seeking a Senior Security Engineer to join our Security Assurance Testing Initiatives team. This team is responsible for designing and executing scalable solutions to assist in the identification of targeted vulnerabilities across our products and ecosystem. The testing initiatives team will work closely with our application security teams to identify ongoing opportunities to develop innovative solutions to support custom security testing needs and initiatives. The ideal candidate has a solid development background with a breadth of knowledge in application security and using automation to scale and deliver high impact solutions.
Design, develop, and implement tool-driven security testing solutions to identify targeted vulnerabilities in Zoom products and infrastructure.
Apply a risk-based approach to triage results, analyze code to validate results and prioritize findings.
Communicate discovered issues, context and risks to our vulnerability management team.
Partner with our engineering teams to integrate security testing into our build environment.
Work with Offensive Security and Vulnerability Management teams to identify additional opportunities to support vulnerability testing initiatives through tooling and automation.
Strong development experience. Proficient in one or more programming languages, including Java or C/C++.
Strong understanding of secure coding practices, secure software architecture, SDLC and the ability to clearly articulate best practices and mitigations for application security.
Hands on experience with SAST and DAST solutions.
Experience conducting vulnerability assessments, code reviews, and penetration tests against web application and services or native applications/services to find flaws and exploits (e.g. Authentication/Authorization Bypass, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc).
Have strong communication skills, both written and verbal: we have a lot of remote and asynchronous communication given our distributed teams and customers.
Experience in DevOps environments and automating security controls into the CI/CD process is a plus.
Experience with Jenkins or other CI tools as well as knowledge of technologies like containers and microservices is a plus.
Knowledge and experience with Identity Management solutions, Authentication and Authorization, SSO, OAuth, SAML, Encryption, PKI.
Ensuring a diverse and inclusive workplace where we learn from each other is core to Zoom’s values. We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law.
We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.
All your information will be kept confidential according to EEO guidelines.
Hear from our leadership team
Browse Awards and Employee Reviews on Comparably
Visit our Blog
Zoom with us!
Find us on social at the links below and on Instagram