Security Engineer

Employment Type

Full time

What you can expect

As an Application Security Engineer, you will work with security testing automation and tools, focusing on Static Application Security Testing/Dynamic Application Security Testing implementation. You'll develop security programs, guide teams on secure coding, and manage container security. The role combines technical work (vulnerability assessment, security testing, automation) with cross-functional collaboration. You'll communicate security recommendations and help modernize security processes through CI/CD integration, while working with advanced tools including AI solutions.

About the Team

The security team specializes in application security engineering, focusing on automating security testing through SAST and DAST tools. They develop security programs, guide secure coding, and manage container security. Their role blends technical tasks like vulnerability assessments and automation with cross-functional collaboration. A key focus is modernizing security through CI/CD integration and using advanced tools, including AI, to strengthen security practices.

Responsibilities

• Developing or employing 3rd party security test automation solutions for Containers, Software Composition Analysis, and (Static Application Security Testing) / (Dynamic Application Security Testing)
• Developing and enforcing security policies, procedures, and standards specific to container development and deployment.
• Triaging and validating security vulnerabilities found or reported by security tools, communicate issues to the application owners, provide meaningful remediation recommendations, and validate their resolution.
• Participating in manual security testing on web applications, web services, native and mobile applications while measuring coverage
• Identifying potential vulnerabilities (Open Web Application Security Project top 10, critical/high and common issues in National Vulnerability Database, etc.) and methods of improvement in security design or implementation
• Collaborating with development and operations teams to integrate security into the Continuous Integration/Continuous Deployment pipeline and automate security processes.
• Developing tools or scripts to automate repetitive tasks to streamline security automation and integration with CI/CD processes

What we’re looking for

• Experience: 4+ years of experience with a Bachelor's, or 3+ years with a Master's in a related field (Computer Science, Information Security, Computer Engineering).
• Proven experience working as a Security Engineer or in a similar role with a focus on security testing, container security, and Software Composition Analysis/Static Application Security Testing/Dynamic Application Security Testing.
• Demonstrated experience with container security tools, image scanning, and vulnerability management; knowledgeable in security principles, protocols, and standards like CIS benchmarks and OWASP Top 10.
• Experience with security tools such as Kali Linux, Burp, Checkmarx, Netsparker, Coverity, Prisma, etc.
• Analytical and problem-solving skills, with the ability to identify and mitigate security risks in complex environments.
• Communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and communicate technical concepts to non-technical stakeholders.
• Certifications: Certified (e.g. Docker Certified Security Specialist, Certified Kubernetes Security Specialist).
• Experience working with (IAST) - Interactive Apps Security Testing - (IRASP) - Incident Respond and Security Platform (security defense) fights back in real time.

Salary Range or On Target Earnings

• Minimum: $87,600.00
• Maximum: $186,000.00 In addition to the base salary and/or OTE listed, Zoom has a Total Direct Compensation philosophy that takes into consideration; base salary, bonus, and equity value. Note: Starting pay will be based on a number of factors and commensurate with qualifications & experience. We also have a location b