Zoom

Staff Security Engineer - Email

United States

Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, Cloud Security, Email SecurityIndustries

Position Overview

  • Location Type:
  • Job Type: Full time
  • Salary: Minimum: $146,700, Maximum: $339,300

The Staff Security Engineer (Email) at Zoom is responsible for the security design and review of Zoom products, with a focus on the email service. The ideal candidate should possess a combination of excellent technical knowledge across multiple product security domains and great working knowledge and experience in end-to-end email service security. They will work closely with engineering teams to design, develop, and validate security solutions. As an advocate and SME in secure mail platform design, implementation, and validation, they’ll serve as a trusted advisor. They will provide architectural guidance and verify security implementations. This is an exciting opportunity to work with cutting-edge technologies in cloud and security, and to make a meaningful impact on Zoom Mail and related products.

About the Team

The Security Architecture team is dedicated to ensuring Zoom releases and deploys secure products. We work with diverse engineering teams across the organization to meet security goals and maintain compliance with established SLAs.

Responsibilities

  • Guiding engineering teams in end-to-end secure email system design and implementation, as the subject-matter expert.
  • Conducting threat modeling, architecture review, security code review, security assessment, and security testing (web application, native application, web services, cloud-based services, and infrastructure assessments).
  • Performing cloud infrastructure reviews from a security perspective, with a primary focus on AWS and its common service components (e.g., S3, IAM, EC2, VPC).
  • Performing in-depth security review of new Zoom features and functionalities, including Email services, identifying security vulnerabilities (OWASP Top Ten, common issues in NVD, RCE, etc.).
  • Reviewing code in C++ and/or Java.
  • Verifying security posture through testing (using manual/automated techniques with tools like Burp Suite and Coverity).
  • Identifying gaps in existing cloud security architecture design/configuration and recommending changes or enhancements (e.g., authentication, authorization, network segmentation, container configuration).
  • Providing hands-on security training and secure coding best practices to engineering teams.

Requirements

  • Work experience and understanding of email protocols like SMTP, IMAP, SPF, DKIM, and DMARC.
  • 3+ years of experience securing multi-tenant email platforms, technology, and infrastructure, including components such as webmail, MTA, identity and access management, and spam filtering.
  • Bachelor's degree in Computer Science, Information Science, Cybersecurity, Computer or Electrical Engineering (or similar field), and 5+ years of experience in security.
  • Extensive experience in security testing in various environments, including assessing the security posture of web applications, native applications, distributed systems, and cloud infrastructure such as AWS.
  • Good understanding of software security architecture and design, threat modeling, security code review, cryptography, and SDLC.
  • Ability to clearly articulate best practices and mitigations for application security.
  • Hands-on security experience working with AWS and common service components within AWS, with the ability to identify security gaps in overall design as well as configuration issues in individual components.
  • In-depth knowledge of network-based, system-level, and application-layer attacks and mitigation methods.
  • Good knowledge of technology and security topics, including network and application security (OWASP), infrastructure hardening, security baselines, web server, and database security.
  • Good development experience in one or more of the programming languages and platforms such as C++ or Java is required.

Skills

Email Security
Threat Modeling
Architecture Review
Security Code Review
Security Assessment
Security Testing
Cloud Infrastructure Review
AWS
S3
IAM
EC2
VPC
Vulnerability Review
OWASP Top Ten
NVD
RCE
C++
Java

Zoom

Video conferencing and online meeting solutions

About Zoom

Zoom provides video conferencing and online meeting solutions that allow users to conduct virtual meetings, webinars, and collaborative sessions. Its main product is video conferencing software, which enables high-quality video and audio communication, along with features like screen sharing, group messaging, and virtual backgrounds. Zoom also offers specialized products for larger events, such as Zoom Webinars and Zoom Events. The company operates on a freemium model, providing basic services for free while charging for advanced features through subscription plans tailored for various users, including businesses, educational institutions, and healthcare providers. Zoom stands out from competitors due to its user-friendly interface, reliable performance, and scalability for different needs, making it a vital tool for remote work, online education, telehealth, and social interactions.

San Jose, CaliforniaHeadquarters
2013Year Founded
$144.5MTotal Funding
IPOCompany Stage
Enterprise Software, Education, HealthcareIndustries
10,001+Employees

Benefits

Health Insurance
Dental Insurance
Vision Insurance
Life Insurance
Disability Insurance
Hybrid Work Options
Flexible Work Hours
Stock Options
Company Equity
Paid Vacation
Paid Sick Leave

Risks

Increased competition from Microsoft Teams and Google Meet threatens Zoom's market share.
Privacy concerns and regulatory scrutiny could impact Zoom's operations and reputation.
Hybrid work models may reduce demand for virtual meetings, affecting Zoom's growth.

Differentiation

Zoom offers a user-friendly interface with reliable performance for virtual meetings.
The platform supports diverse needs, including remote work, education, and telehealth.
Zoom's freemium model attracts a wide range of users with scalable subscription options.

Upsides

Zoom integrates AI tools to enhance virtual meeting effectiveness and productivity.
The expansion of 5G networks improves Zoom's video conferencing quality and accessibility.
Zoom's secure, HIPAA-compliant solutions drive demand in the telehealth sector.

Land your dream remote job 3x faster with AI