• The Security Engineer is responsible for security design and reviews across our products and services, with a specific focus on Platform services and core infrastructure components

The ideal candidate brings broad technical expertise and hands-on experience in end-to-end product security.In this role, you'll collaborate with engineering teams, primarily those focused on Platform services, to design, implement, and validate secure solutions

• You'll serve as a trusted security advisor, guiding architecture and reviewing implementation, particularly for new features or security enhancements
• We work with diverse engineering, compliance, and DevOps teams across the organization to meet security goals and maintain compliance with established SLAs
• Focusing on platform-level security, SDLC compliance, and core services
• Being a security subject-matter expert, guide engineering teams in end-to-end secure system design and implementation, with a focus on Platform services and its associated components
• Conducting threat modeling, architecture review, security code review, security assessment, and security testing (web application, native application, web services, cloud-based services, and infrastructure assessments)
• Performing cloud infrastructure reviews from a security perspective; the primary focus will be on AWS permissions and configuration issues within components like IAM and S3
• This is especially important in the context of Platform services
• Performing an in-depth security review of new Zoom features and functionalities
• This includes identifying security vulnerabilities such as those in the OWASP Top Ten, common issues from the NVD, and risks like RCE
• Identifying gaps in existing cloud security architecture design/configuration, recommend changes or enhancements (authentication, authorization, network segmentation, container configuration, bastion host setup, etc.)
• Providing hands on security training and secure coding best practices to engineering teams
• This includes assessing the security posture of web applications, native applications, distributed systems, and cloud infrastructure such as AWS
• It also includes a focus on securing infrastructure, deployments, and core platform services

Possess a solid understanding of software security architecture, design, threat modeling, secure code review, cryptography, and the SDLC

• It also involves reviewing Java or Python code and verifying security posture through manual and automated testing using tools like Burp Suite and Coverity
• Have extensive experience in security testing across various environments
• Able to clearly communicate best practices and effective mitigations for application security, particularly SDLC exceptions
• Have hands on security experience working with AWS and common service components within AWS
• Ability to identify security gaps in the overall design as well as configuration issues in individual components
• Have in-depth knowledge of network based, system level, and application layer attacks and mitigation methods
• Have good development experience in one or more of the programming languages and platforms such as Java is required

Have the ability to speak Mandarin would be an advantage, but it's not an expectation

• Have obtained a Bachelor's in Computer Science, Information Science, Cyber Security, Computer or Electrical Engineering (or similar field), and 8+ years in security

Have good knowledge of technology and security topics including network and application security (OWASP), infrastructure hardening, security baselines, web server, database security and applied cryptography

$124 000,00 $271 200,00

• In addition to the base salary and/or OTE listed Zoom has a Total Direct Compensation philosophy that takes into consideration; base salary, bonus and equity value
• Note: Starting pay will be based on a number of factors and commensurate with qualifications & experience

BenefitsAs part of our award-winning workplace culture and commitment to delivering happiness, our benefits program offers a variety of perks, benefits, and options to help employees maintain their physical, mental, emotional, and financial health; support work-life balance; and contribute to their community in meaningful ways