Senior Application Security Engineer
M&T BankSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Mid-level (3 to 4 years), Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Technology, Cloud Computing, CybersecurityIndustries
Requirements
- Bachelor's in Computer Science, Information Science, Cyber Security, Computer or Electrical Engineering (or similar field), and 5+ years in security
- Extensive experience in security testing across various environments, including web applications, native applications, distributed systems, and cloud infrastructure such as AWS, with a focus on securing infrastructure, deployments, and core platform services
- Solid understanding of software security architecture, design, threat modeling, secure code review, cryptography, and the SDLC; able to clearly communicate best practices and effective mitigations for application security, particularly SDLC exceptions
- Hands-on security experience working with AWS and common service components within AWS; ability to identify security gaps in overall design and configuration issues in individual components
- In-depth knowledge of network-based, system-level, and application-layer attacks and mitigation methods
- Good knowledge of technology and security topics including network and application security (OWASP), infrastructure hardening, security baselines, web server, database security, and applied cryptography
- Good development experience in one or more programming languages and platforms such as Java
- Ability to speak Mandarin (advantage, not required)
Responsibilities
- Act as a security subject-matter expert, guiding engineering teams in end-to-end secure system design and implementation, with a focus on Platform services and associated components
- Conduct threat modeling, architecture review, security code review, security assessment, and security testing (web application, native application, web services, cloud-based services, and infrastructure assessments)
- Perform cloud infrastructure reviews from a security perspective, primarily focusing on AWS permissions and configuration issues within components like IAM and S3, especially in the context of Platform services
- Perform in-depth security reviews of new Zoom features and functionalities, including identifying vulnerabilities such as OWASP Top Ten, common NVD issues, and risks like RCE; review Java or Python code and verify security posture through manual and automated testing using tools like Burp Suite and Coverity
- Identify gaps in existing cloud security architecture design/configuration and recommend changes or enhancements (authentication, authorization, network segmentation, container configuration, bastion host setup, etc.)
- Provide hands-on security training and secure coding best practices to engineering teams
Skills
Key technologies and capabilities for this role
Questions & Answers
Common questions about this position
What education and experience are required for the Security Engineer role?
A Bachelor's degree in Computer Science, Information Science, Cyber Security, Computer or Electrical Engineering (or similar field) is required, along with 5+ years of experience in security.
What are the main technical skills needed for this position?
Candidates need extensive experience in security testing for web applications, native applications, distributed systems, and cloud infrastructure like AWS, plus skills in threat modeling, architecture reviews, security code reviews, and tools like Burp Suite and Coverity.
What does the Security Architecture team do at Zoom?
The team ensures Zoom releases and deploys secure products by working with engineering, compliance, and DevOps teams to meet security goals, maintain compliance with SLAs, and focus on platform-level security, SDLC compliance, and core services.
Is this a remote position or does it require office work?
This information is not specified in the job description.
What is the salary or compensation for this role?
This information is not specified in the job description.
Zoom
Video conferencing and online meeting solutions
About Zoom
Zoom provides video conferencing and online meeting solutions that allow users to conduct virtual meetings, webinars, and collaborative sessions. Its main product is video conferencing software, which enables high-quality video and audio communication, along with features like screen sharing, group messaging, and virtual backgrounds. Zoom also offers specialized products for larger events, such as Zoom Webinars and Zoom Events. The company operates on a freemium model, providing basic services for free while charging for advanced features through subscription plans tailored for various users, including businesses, educational institutions, and healthcare providers. Zoom stands out from competitors due to its user-friendly interface, reliable performance, and scalability for different needs, making it a vital tool for remote work, online education, telehealth, and social interactions.
San Jose, CaliforniaHeadquarters
2013Year Founded
$144.5MTotal Funding
IPOCompany Stage
Enterprise Software, Education, HealthcareIndustries
10,001+Employees
Benefits
Health Insurance
Dental Insurance
Vision Insurance
Life Insurance
Disability Insurance
Hybrid Work Options
Flexible Work Hours
Stock Options
Company Equity
Paid Vacation
Paid Sick Leave
Risks
Increased competition from Microsoft Teams and Google Meet threatens Zoom's market share.
Privacy concerns and regulatory scrutiny could impact Zoom's operations and reputation.
Hybrid work models may reduce demand for virtual meetings, affecting Zoom's growth.
Differentiation
Zoom offers a user-friendly interface with reliable performance for virtual meetings.
The platform supports diverse needs, including remote work, education, and telehealth.
Zoom's freemium model attracts a wide range of users with scalable subscription options.
Upsides
Zoom integrates AI tools to enhance virtual meeting effectiveness and productivity.
The expansion of 5G networks improves Zoom's video conferencing quality and accessibility.
Zoom's secure, HIPAA-compliant solutions drive demand in the telehealth sector.
Related Jobs
RemoteRemoteSecurity Engineer, Cloud Security
Red Cell PartnersSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSecurity Architect
EarnestSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSenior Platform Security Engineer
Imagine PediatricsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemotePrincipal DevSecOps Engineer
Second Front SystemsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteStaff Cloud Security Engineer
Assured$190,000 - $220,000/year
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Engineer, Product Security
Chainlink LabsSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)