Note: The job is a remote job and is open to candidates in USA. Zoom is a company focused on building the best collaboration platform for the enterprise, helping people stay connected and communicate effectively. They are seeking a Security Engineer to be responsible for security design and reviews across their products and services, collaborating with engineering teams to implement secure solutions and serving as a trusted security advisor.
Responsibilities
- Being a security subject-matter expert, guide engineering teams in end-to-end secure system design and implementation
- Conducting threat modeling, architecture review, security code review, security assessment, and security testing (web application, native application, web services, cloud-based services, and infrastructure assessments)
- Performing cloud infrastructure reviews from a security perspective; the primary focus will be on AWS permissions and configuration issues within components like IAM and S3
- Performing an in-depth security review of new Zoom features and functionalities. This includes identifying security vulnerabilities such as those in the Owasp Top Ten, common issues from the NVD, and risks like RCE. It also involves reviewing Java or Python code and verifying security posture through manual and automated testing using tools like Burp Suite and Coverity
- Identifying gaps in existing cloud security architecture design/configuration, recommend changes or enhancements (authentication, authorization, network segmentation, container configuration, bastion host setup, etc.)
- Providing hands on security training and secure coding best practices to engineering teams
Skills
- Have obtained a Bachelor's degree in Computer Science, Information Science, Cyber Security, Computer or Electrical Engineering (or similar field), or equivalent experience, and 5+ years of experience in security
- Have extensive experience in security testing in various environments, including assessing the security posture of web applications, native applications, distributed systems, and cloud infrastructure such as AWS. Focus on securing web services, infrastructure, deployment, and platform core services
- Possess a solid understanding of software security architecture, design, threat modeling, secure code review, cryptography, and the SDLC. Ability to clearly communicate best practices and effective mitigations for application security, particularly SDLC exceptions
- Have hands on security experience working with AWS and common service components within AWS. Ability to identify security gaps in the overall design as well as configuration issues in individual components
- Have in-depth knowledge of network based, system level, and application layer attacks and mitigation methods
- Have good knowledge of technology and security topics including network and application security (Owasp), infrastructure hardening, security baselines, web server, database security and applied cryptography
- Have good development experience in one or more of the programming languages and platforms such as Java is required
Benefits
- Base salary, bonus and equity value
- A window of at least 5 days for you to apply
- Structured hybrid approach centered around our offices and remote work environments
- Our benefits program offers a variety of perks, benefits, and options to help employees maintain their physical, mental, emotional, and financial health; support work-life balance; and contribute to their community in meaningful ways
- Opportunities to stretch your skills and advance your career in a collaborative, growth-focused environment
- Fair hiring practices that ensure every candidate is evaluated based on skills, experience, and potential
- If you require an accommodation during the hiring process, let us know—we’re here to support you at every step
- If you need assistance navigating the interview process due to a medical disability, please submit an Accommodations Request Form and someone from our team will reach out soon
- Our interviews are supported by BrightHire, a tool that helps us create a consistent and thoughtful interview experience and may include recordings
Company Overview
Company H1B Sponsorship