[Remote] Security Engineer
Note: The job is a remote job and is open to candidates in USA. Zoom Communications, Inc. is a leading collaboration platform, and they are seeking a Security Engineer responsible for security design and reviews across their products and services. The role involves collaborating with engineering teams to design, implement, and validate secure solutions while serving as a trusted security advisor.ResponsibilitiesBeing a security subject-matter expert, guide engineering teams in end-to-end secure system design and implementationConducting threat modeling, architecture review, security code review, security assessment, and security testing (web application, native application, web services, cloud-based services, and infrastructure assessments)Performing cloud infrastructure reviews from a security perspective; the primary focus will be on AWS permissions and configuration issues within components like IAM and S3Performing an in-depth security review of new Zoom features and functionalities. This includes identifying security vulnerabilities such as those in the Owasp Top Ten, common issues from the NVD, and risks like RCE. It also involves reviewing Java or Python code and verifying security posture through manual and automated testing using tools like Burp Suite and CoverityIdentifying gaps in existing cloud security architecture design/configuration, recommend changes or enhancements (authentication, authorization, network segmentation, container configuration, bastion host setup, etc.)Providing hands on security training and secure coding best practices to engineering teamsSkillsHave obtained a Bachelor's degree in Computer Science, Information Science, Cyber Security, Computer or Electrical Engineering (or similar field), and 5+ years in securityHave extensive experience in security testing in various environments, including assessing the security posture of web applications, native applications, distributed systems, and cloud infrastructure such as AWS. Focus on securing web services, infrastructure, deployment, and platform core servicesPossess a solid understanding of software security architecture, design, threat modeling, secure code review, cryptography, and the SDLC. Ability to clearly communicate best practices and effective mitigations for application security, particularly SDLC exceptionsHave hands on security experience working with AWS and common service components within AWS. Ability to identify security gaps in the overall design as well as configuration issues in individual componentsHave in-depth knowledge of network based, system level, and application layer attacks and mitigation methodsHave good knowledge of technology and security topics including network and application security (Owasp), infrastructure hardening, security baselines, web server, database security and applied cryptographyHave good development experience in one or more of the programming languages and platforms such as Java is requiredBenefitsBase salary, bonus and equity valueA variety of perks, benefits, and options to help employees maintain their physical, mental, emotional, and financial healthSupport work-life balanceContribute to their community in meaningful waysCompany OverviewZoom is a software company that offers a communications platform that connects people through video, voice, chat, and content sharing. It was founded in 2011, and is headquartered in San Jose, California, USA, with a workforce of 5001-10000 employees. Its website is https://www.zoom.com.Company H1B SponsorshipZoom has a track record of offering H1B sponsorships, with 16 in 2025, 178 in 2024, 144 in 2023, 259 in 2022, 86 in 2021, 34 in 2020. Please note that this does not guarantee sponsorship for this specific role.