Senior Technical Compliance Analyst (Engineer) at Zoom Video Communications (Remote)
The Security Technical Compliance Engineer is responsible for working across internal security, cloud operations, and compliance teams supporting all Zoom and Zoom for Government products to drive key aspects of continuous compliance requirements.
• Coordinate with internal stakeholder teams to validate the implementation of security compliance controls for technical, management, and operational requirements.• Evaluate continuous compliance against frameworks such as FedRAMP, DoD, SOC 2, ISO 27001, HIPAA, HITRUST, CSA STAR, and PCI as well as internal security standards.• Identify opportunities to leverage automation to reduce time and effort required for compliance control validation, evidence collection, and artifact generation.• Analyze results of vulnerability and compliance scans and compare with running system configurations to validate false positives, operational requirements, risk adjustments, and vendor dependencies.• Monitor and analyze security risks and metrics to identify themes, trends, correlations and variances.• Support the development of technical material, operational processes, security policies, and other core documents.• Work with limited direction within a complex and evolving environment to drive continuous compliance.
Skills and competencies:• Bachelor's degree in a relevant field (e. g., Cybersecurity, Information Security, Information Assurance, etc.) and 4+ years in security engineering.• Demonstrated experience working across multiple compliance domains concurrently and applying security best practices across an organization.• Hands on security experience working in both cloud and on-premises datacenter environments.• Experience with scripting languages (e.g., Python, Bash) to automate tasks such as parsing large amounts of data.• Ability to identify security gaps in the overall system design as well as configuration issues in individual components.• Hands on experience with a broad range of AWS services including VPC, IAM, KMS, Security Groups, Config, etc.• Strong knowledge of technology and security topics including network and application security, vulnerability scanning, access control, infrastructure hardening (DISA STIG, CIS Benchmarks), encryption (FIPS 140-2), logging and monitoring, and endpoint protection.• Experience with the production and/or editing of technical drawings using Microsoft Visio or similar design tools.• Experience working with a Governance Risk and Compliance tool (preferably ServiceNow)
General skills include:• Strong verbal and written communication skills as well as strong analytical and problem-solving abilities. Excellent English language, grammar, and spelling skills for writing, editing, and proofreading.• Ability to work independently or as a member of a team on various tasks.• Proven ability to effectively research subject matter.• Ability to work well under tight deadlines and effectively interact with a wide range of personnel.
Industry-specific requirements:• Working knowledge of and experience working with the following compliance frameworks:
o FedRAMP (Federal Risk Authorization Management Program)
o NIST SP 800-53 Rev 4
o SOC 2
o ISO 27001
o HIPAA, HITRUST
• Experience conducting formal audits of above frameworks is a plus.
• US Citizenship required
Ensuring a diverse and inclusive workplace where we learn from each other is core to Zoom's values. We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law.
We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.
All your information will be kept confidential according to EEO guidelines.
Zoom requires all U.S. employees who will work in person at a Zoom office, attend in-person Zoom meetings or have in-person customer meetings to be fully vaccinated. Zoom will consider requests for reasonable accommodations for religious or medical reasons as required under applicable law.
- Hear from our leadership team
- Browse Awards and Employee Reviews on Comparably
- Visit our Blog
- Zoom with us!
- Find us on social at the links below and on Instagram