Security Engineer

Security Engineer

Job Description

The Security Engineer is responsible for security design and reviews across our products and services. The ideal candidate brings broad technical expertise and hands-on experience in end-to-end product security.

About the Team

The Security Architecture team is dedicated to ensuring Zoom releases and deploys secure products. We work with diverse engineering, compliance and DevOps teams across the organization to meet security goals and maintain compliance with established SLAs.

Responsibilities

• Guide engineering teams in end-to-end secure system design and implementation as a security subject-matter expert
• Conduct threat modeling, architecture review, security code review, security assessment, and security testing (web application, native application, web services, cloud-based services, and infrastructure assessments)
• Perform cloud infrastructure reviews from a security perspective, focusing on AWS permissions and configuration issues within components like IAM and S3
• Perform in-depth security reviews of new Zoom features and functionalities, including identifying security vulnerabilities such as those in the OWASP Top Ten and common issues from the NVD
• Identify gaps in existing cloud security architecture design/configuration and recommend changes or enhancements (authentication, authorization, network segmentation, container configuration, bastion host setup, etc.)
• Provide hands-on security training and secure coding best practices to engineering teams

Requirements

• Bachelor's degree in Computer Science, Information Science, Cyber Security, Computer or Electrical Engineering (or similar field)
• 5+ years of experience in security
• Extensive experience in security testing in various environments, including assessing the security posture of web applications, native applications, distributed systems, and cloud infrastructure