Staff Security Engineer/Architect at Zoom Video Communications
Remote / Full Time
Zoom is looking for a Staff Security Engineer to join our Security Architecture team, reporting to our Head of Security Architecture. You will work with our engineering and operations teams to review and validate the security postures of new Zoom features prior to product release. This includes architecture guidance for common vulnerabilities, such as Remote Code Execution (RCE), Privilege Escalation, misconfiguration, and other OWASP top 10 vulnerabilities (SQL injection, XSS, broken access control, etc).
- You will conduct threat modeling, architecture review, security code review, security assessment, penetration testing (web application, native application, web services, cloud-based services, and infrastructure assessments).
- Provide guidance and subject matter expertise in crypto design, implementation, and validation to engineering teams across the company.
- You will perform cloud infrastructure review from a security perspective; the primary focus will be on AWS and many of its common service components such as S3, IAM, EC2, VPC.
- Perform in-depth security review of new Zoom features. This includes identifying security vulnerabilities (OWASP top ten, common issues in NVD, RCE), reviewing code in Java or C++, verifying security posture through pen-test (using manual/automated techniques with tools like Kali Linux, Burp suite, Checkmarx, WebInspect).
- Identify gaps in existing cloud security architecture design/configuration and recommend changes (authentication, authorization, network segmentation, container configuration, bastion host setup).
- Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements (NIST controls, SOC2).
- Bachelor's degree in Computer Science, Information Science, Cyber Security, Computer or Electrical Engineering (or similar field), and 8+ years in security.
- Extensive experience in penetration testing in different environments, including assessing security posture of web application, native application, distributed systems, and cloud infrastructure such as AWS.
- Understanding of software security architecture and design, threat modeling, security code review, SDLC, and best practices and mitigations for application security.
- Hands-on security experience working with AWS and common service components within AWS. Identify security gaps in the design and configuration issues in individual components.
- In-depth knowledge of network-based, system level, and application layer attacks and mitigation methods.
- E xperience with a broad range of security technologies including VPC, IAM, KMS, etc. in AWS.
- Knowledge of technology and security topics including network and application security (OWASP), infrastructure hardening, security baselines, web server, and database security.
- Experience in cloud automation tools (Terraform, CloudFormation, Ansible, etc.)
- Strong applied cryptography and its implementation (primitives, key management, etc).
Ensuring a diverse and inclusive workplace where we learn from each other is core to Zoom's values. We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law.
We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.
All your information will be kept confidential according to EEO guidelines.
Zoom requires all U.S. employees who will work in person at a Zoom office, attend in-person Zoom meetings or have in-person customer meetings to be fully vaccinated. Zoom will consider requests for reasonable accommodations for religious or medical reasons as required under applicable law.
- Hear from our leadership team
- Browse Awards and Employee Reviews on Comparably
- Visit our Blog
- Zoom with us!
- Find us on social at the links below and on Instagram