Security Engineer 

Responsibilities: 

• Work closely with Engineering teams and Security Architects to validate the security posture of new features for Zoom releases prior to production deployment

• Create security test documents that cover security feature testing, fuzzing, application penetration testing, and regression, etc. 

• Performed SAST/DAST and penetration testing on web applications, web services, native and mobile applications using security tools such as Checkmarx, WebInspect, AFL, Burp Suite, etc.

• Triage and validate security vulnerabilities found or reported, and serve as a Subject Matter Expert in AppSec to the engineering team in identifying mitigation solutions

• Implement OWASP ASVS 4.0 standards with manual and automation tests

• Conduct security tests and identify potential vulnerabilities (OWASP top 10, critical/high and common issues in NVD, etc.) of improvement in security design or implementation 

• Communicate issues to the application owners, provide meaningful remediation recommendations, and validate that they have been resolved 

• Develop or employ 3rd party security test automation solution for regression test 

• Validate new security features and updates into existing products and ensures the security of products is maintained throughout the product life cycle 

Requirements: 

• 5 years of related experience with a Bachelor's degree (in Computer Science, Information Security, Computer Engineering or related field); OR 3 years of experience and a Master's degree

• Experience in application security testing and releasing SaaS software in public clouds - AWS

• Experience in application security testing and releasing softwares for Web, Mobile, API, or on hardware appliances

• Experience in application security testing with automation in public clouds

• Experience in automating vulnerability discovery and repetitive tasks 

• Knowledge of the Security Development Lifecycle (SDLC)

• Strong development experience in one or more of the programming languages and platforms such as Java, JavaScript, Python, C/C++, Objective C, iOS, Android, Window, Mac, is required 

• Experience with one or more of security tools such as Kali Linux, Burp, Metasploit, Qualys, Checkmarx, WebInspect, Peach Fuzzer, libFuzzer, AFL, etc.

• Deep technical understanding of the OWASP Top 10

• Experience in threat identification using threat modeling techniques 

#LI-Remote

Ensuring a diverse and inclusive workplace where we learn from each other is core to Zoom’s values. We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law.

We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.

All your information will be kept confidential according to EEO guidelines.

Explore Zoom:

• Hear from our leadership team

• Browse Awards and Employee Reviews on Comparably

• Visit our Blog

• Zoom with us!

• Find us on social at the links below and on Instagram