Senior Security Vulnerability Management Engineer at Zoom Video Communications
In most cases, you will have the opportunity to choose your preferred working location from the following options when you join Zoom: in-person, hybrid or remote. Visit this page for more information about Zoom's Workstyles .
Senior Security Engineer - Threat & Vulnerability Management Team (TVM)
Zoomies help the world connect - and deliver happiness while doing it. We set out to build the best video conferencing product for the enterprise, and today help people communicate better with products like Zoom Phone, Zoom Rooms, Zoom Video Webinars, Zoom Apps, and OnZoom.
We're problem-solvers and self-starters, working at a fast pace to design solutions with our customers and users in mind. Here, you'll work across teams to dig deep into impactful projects that are changing the way people communicate, and enjoy opportunities to advance your career in a diverse, inclusive environment.
Can you explain the difference between an injection attack versus the risk of using weak cryptographic ciphers? Can you maintain golden images without vulnerable components? Do you want to help protect infrastructure used by millions of Zoom users every day?
At Zoom, we are seeking a Senior Security Engineer to join the Threat and Vulnerability Management (TVM) team. This role will be instrumental in developing and sustaining a high level of security posture across the Zoom infrastructure and further expanding the Threat and Vulnerability Management program. This person will primarily focus on Zoom's approach to automated scanning and detection of web application and container vulnerabilities, and will work closely with asset owning partners across Zoom to inform and influence the remediation of vulnerabilities within defined timelines. This position will also provide updates to leadership regarding scanning results, compensating controls, and remediation plans.
- Independently analyzes results from internal and external vulnerability scans and is charged with using experience and skills to prioritize risk-based remediation plans.
- Articulate vulnerabilities and associated potential risk in context to system or asset
- Review current container / web application usage and assess for threats and vulnerabilities in production environments
- Triage and formulate remediation plans and/or compensating controls together with appropriate timelines following vulnerability scans using input from system owners.
- Autonomously analyzes and implements optimal settings and configurations to perform vulnerability scans of networks, operating systems, applications, containers, cloud resources, and other information systems.
- Ensure web application scanning meets needs of both internal and external security standards
- Sets proper scan time frames to avoid service interruption, ensuring complete and accurate results are achieved.
- Coordinate with application owners and Detection & Response teams to avoid loss of service and/or unwarranted incident responses
- Validate and drive vulnerability remediation of discovered vulnerabilities.
- Develop tools, documentation, processes, and techniques to assist in remediation of security
- Customize cloud compliance tools to meet operational, audit and risk based needs
- Respond to security incidents, intervene as necessary to protect company assets
- Effectively recognize threats by performing relevant research and data analysis.
- Ability to work extended or non-traditional hours on occasion to support emergency situations.
- Perform other duties as needed.
- At least 7 years experience in security required
- 3+ years of experience with container scanning implementations and operations
- 3+ years of experience with Web Application Scanning implementations and operations
- Hands-on knowledge of information security technologies such as infrastructure hardening, security baselines, web server, database security, risk analysis, etc.
- Strong knowledge or experience with container scanning tools such as Prisma Cloud or equivalent implementations
- Strong knowledge or experience in working with and/or managing vulnerability scanners such as Qualys, Tenable, or equivalent scanning solutions Knowledge of vulnerability management frameworks and concepts such as CVE and CVSS
- Strong organization, analytical and communications skills are required
- Deep understanding of OWASP Top 10, and specifically A06:2021 Vulnerable and Outdated Components
- Having a Prisma Certified Cloud Security Engineer certification or equivalent
- Knowledge or experience with container management tools such as Docker, Amazon ECS, Kubernetes or equivalent implementations
- Knowledge of desktop, server, and mobile operating systems
- Knowledge of multiple cloud computing providers such as AWS, OCI, etc.
- Experience with a scripting language (Perl, Python, or other)
- Experience with a database and/or querying language
- Understanding of cryptography and its implementation (key management, etc).
- Ability to plan, organize, prioritize, work independently and meet deadlines.
- This is a remote position in the U.S.
We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. Zoom is proud to be an equal opportunity workplace and is an affirmative action employer. All your information will be kept confidential according to EEO guidelines.
We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law. If you need any assistance or accommodations due to a medical condition, or if you need assistance accessing our website or completing the application process, please let us know by emailing us at [email protected] .
Zoom requires all U.S. employees who will work in person at a Zoom office, attend in-person Zoom meetings or have in-person customer meetings to be fully vaccinated. Zoom will consider requests for reasonable accommodations for religious or medical reasons as required under applicable law.
- Hear from our leadership team
- Browse Awards and Employee Reviews on Comparably
- Visit our Blog
- Zoom with us!
- Find us on social at the links below and on Instagram
- View more jobs, sign up for job alerts and join our talent community. Visit the Zoom careers site .