Zoom 085: Application Security Engineer

Taguig, NCR

KMC Solutions | XTN-FFAE767

Date Posted

2020-07-24

Career Category

Network /System / Database Administration

Functional Overview

    Zoom is seeking Application Security Engineers to join our Security team. Zoom Application Security Engineers have their hands on every stage of the SDLC pipeline, from initial design through to ongoing penetration testing. Our engineers can identify vulnerabilities in design and implementation, prove and explain these vulnerabilities to others, and provide practical recommendations and steps not just to fix the identified issue but also to reduce similar occurrences in the future. We’re looking for well rounded engineers with a breadth of knowledge in application security and in depth skills in one or more particular areas. Think “red that can lean blue”.

Duties and Responsibilities

  • Perform web, binary, mobile, and network penetration testing.
  • Communicate discovered issues, how to exploit them, and how to fix them for both technical and nontechnical audiences.
  • Work with engineering teams in the design phase of new products and features.
  • Reproduce and investigate root cause and adjacent issues of issues discovered by others.
  • Work with other groups within Zoom to better serve our customers.

Minimum Qualification

  • 3+ years of experience performing manual security assessments (pentests) and code reviews.
  • Have a broad range of security knowledge but can go in depth in your favorite area (e.g., web applications, UNIX boxes, binaries, macOS, Windows, iOS, Android, cryptography)
  • Have a strong command of your most liked pentesting tools, and know how to use them to your advantage, but also the ability to discover security issues with no specialized tools.
  • Are proficient in one or more programming languages and can both read and understand code written by others at Zoom, and identify what you need to break it.

Minimum Competencies

  • Have strong communication skills, both written and verbal: we have a lot of remote and asynchronous communication given our distributed teams and customer.