Senior Security Engineer

Responsibilities:

• The candidate will work with engineering and operation teams across the company to review and validate security postures of new Zoom features prior to product release. This includes architecture guidance for common vulnerabilities, such as Remote Code Execution (RCE), Privilege Escalation, misconfiguration, and other OWASP top 10 vulnerabilities (SQL injection, XSS, broken access control, etc).

• The candidate will conduct threat modeling, architecture review, security code review, security assessment, penetration testing (web application, native application, web services, cloud-based services, and infrastructure assessments). 

• The candidate will perform cloud infrastructure review from a security perspective; the primary focus will be on AWS and many of its common service components such as S3, IAM, EC2, VPC, etc. 

• Perform in-depth security review of new Zoom features and functionalities. This includes identifying security vulnerabilities (OWASP top ten, common issues in NVD, RCE, etc.), reviewing code in Java and/or C++, verifying security posture through pen-test (using manual/automated techniques with tools like Kali Linux, Burp suite, Checkmarx, WebInspect).

• Identify gaps in existing cloud security architecture design/configuration, recommend changes or enhancements (authentication, authorization, network segmentation, container configuration, bastion host setup, etc.).

• Partner with engineering and operation teams to integrate mitigation controls into continuous integration, delivery and deployment processes.

• Work on key areas to develop security baseline for cloud, container, and application and integrate it into the CI/CD pipeline.

• Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements (NIST controls, SOC2, etc).

Qualifications

• Bachelor's degree in Computer Science, Information Science, Cyber Security, Engineering (or similar field), and 4+ years in security.

• Extensive experience in penetration testing in various environments, including assessing security posture of web application, native application, distributed systems, and cloud infrastructure such as AWS. 

• Understanding of software security architecture and design, threat modeling, security code review, SDLC and the ability to clearly articulate best practices and mitigations for application security.

• Hands on security experience working with AWS and common service components within AWS. Ability to identify security gaps in the overall design as well as configuration issues in individual components.

• In depth knowledge of network based, system level, and application layer attacks and mitigation methods

• Hands on experience with a broad range of security technologies including VPC, IAM, KMS,etc. in AWS

• Strong knowledge of technology and security topics including network and application security (OWASP), infrastructure hardening, security baselines, web server, and database security

• Expertise in cloud automation tools such as Terraform, CloudFormation, Ansible, etc.

• Strong development experience in one or more of the programming languages and platforms such as Java, JavaScript, Python, Go is required.

• Strong applied cryptography and its implementation is a plus (asymmetric and symmetric key encryption, key management etc.).

Ensuring a diverse and inclusive workplace where we learn from each other is core to Zoom’s values. We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law.

We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.

All your information will be kept confidential according to EEO guidelines.

Explore Zoom:

• Hear from our leadership team

• Browse Awards and Employee Reviews on Comparably

• Visit our Blog

• Zoom with us!

• Find us on social at the links below and on Instagram