Zoom is looking for a Senior Security Engineer to join our security team, reporting to our Senior Security Manager over testing. You will work with our Engineering teams and Security Architects to validate the security posture of new Zoom features before production deployment, and will help reduce vulnerabilities.
- You will create security test documents that cover security feature testing, fuzzing, application penetration testing, and regression.
- Perform SAST/DAST and penetration testing on web applications, web services, native and mobile applications using security tools such as Checkmarx, WebInspect, AFL, and Burp Suite.
- Triage and validate security vulnerabilities found or reported, and work with our engineering teams on resolutions.
- Implement OWASP ASVS 4.0 standards with manual and automation tests.
- You will conduct security tests and identify potential vulnerabilities (OWASP top 10, critical/high and common issues in NVD) of improvement in security design or implementation.
- Communicate issues to our application owners, provide meaningful remediation recommendations, and validate that they have been resolved.
- Develop or employ 3rd party security test automation solution for regression testing.
- Validate new security features and updates into existing products and ensure the security of Zoom products is maintained throughout the product life cycle.
- Lead and mentor junior engineers.
- 5 years of related experience with a Bachelor’s degree (in Computer Science, Information Security, Computer Engineering or related field); OR 3 years of experience and a Master’s degree.
- Experience in application security testing and releasing SaaS software in public clouds (AWS), Web, Mobile, API, or on hardware appliances.
- Experience in application security testing with automation in public clouds.
- Experience automating vulnerability discovery and repetitive tasks.
- Knowledge of the Security Development Lifecycle (SDLC).
- Experience with one or more of security tools such as Kali Linux, Burp, Metasploit, Qualys, Checkmarx, WebInspect, Peach Fuzzer, libFuzzer, or AFL.
- Deep technical understanding of the OWASP Top 10.
- Experience in threat identification using threat modeling techniques.
Vacancy Type: Full Time
Job Location: Buffalo, NY, US
Application Deadline: N/A