Offensive Security Engineer, Workvivo - UK

Employment Type

Full time

Senior Security Engineer (Offensive) - Workvivo

What you can expect

• Focus on uncovering and addressing vulnerabilities across the Workvivo platform, including Web App, Mobile App, and AWS Infrastructure.
• Identify and mitigate security vulnerabilities within software applications through building security tools, code reviews, penetration testing, and security assessments.
• Work closely with application engineering teams to ensure secure coding practices are integrated throughout the software development lifecycle, preventing security risks before they emerge.
• Provide security guidance to developers and other stakeholders, fostering a culture of security awareness within the organization.

About the Team

• Workvivo is an employee experience platform designed to amplify workplace culture and foster employee engagement, regardless of location.
• Committed to customer satisfaction, Workvivo focuses on enhancing employees' working lives across diverse industries globally.
• As part of Zoom, an intelligent collaboration platform, Workvivo aligns with Zoom's mission to prioritize people, enabling meaningful connections, modern collaboration, and driving innovation in businesses and individual interactions.
• Opportunity to make a meaningful impact on the security of both Workvivo and Zoom.
• Contribute to our engineering security training program.
• Collaborate cross-functionally within Zoom Security, including teams like Bug Bounty, Incident Response, SOC, Vulnerability Management, and Customer Security Assurance (CSA).

Responsibilities

• Conducting regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software associated with the Workvivo Platform, including AWS Infrastructure and the Workvivo Application (Web App, Mobile App).
• Discovering vulnerabilities associated with the Workvivo platform and associated infrastructure and working with Workvivo's/ZOOM's internal teams.
• Working daily with the Security, AWS Infrastructure & Application engineering teams to ensure Security, Scalability, and Stability.
• Prioritizing the threat modeling of new security features before they are deployed.
• Conducting threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies, working with Application engineering (and other teams) as early as possible in the design phase.
• Contributing to improving the SDLC such as advising on DAST, SAST, SCA, i.e., securing the Pipeline etc., and introducing code automated security solutions.
• Contributing to improving security across Workvivo & Zoom, including feeding into the Engineering Security training program.
• Working cross functionally within Zoom Security, e.g. Bug Bounty, Incident Response, SOC, Vulnerability Management, Customer Security Assurance (CSA) etc.
• Introducing and coding automated security solutions.

What we’re looking for

• Very good experience completing penetration tests (focused on Web Applications, API, and Mobile).
• Able to critically analyze Vulnerability & Penetration test reports from external partners and customers.
• Ability to go beyond highlighting Security Headers and low-hanging fruit as a vulnerability and critically challenge security vulnerabilities.
• Ability to produce Architectural diagrams with a focus on the security control plane.
• Experience in application security, software development, or related areas with a good understanding of secure coding practices and application security frameworks.
• Good knowledge of AWS.
• Comfort with using Burpsuite / Invicti (Netsparker) and similar tooling.
• Proficiency in programming languages (such as PHP, Laravel, Go, Java, C++, etc.).
• Knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption.