Application Security Specialist, Developer Advocate

Zoomies help the world connect — and deliver happiness while doing it. We set out to build the best video conferencing product for the enterprise, and today help people communicate better with products like Zoom Phone, Zoom Rooms, Zoom Video Webinars, Zoom Apps, and OnZoom.

We’re problem-solvers and self-starters, working at a fast pace to design solutions with our customers and users in mind. Here, you’ll work across teams to dig deep into impactful projects that are changing the way people communicate, and enjoy opportunities to advance your career in a diverse, inclusive environment. 

RESPONSIBILITIES

• Responsible for complete functional testing of application submissions received from 3rd party developers for Zoom App Marketplace. 
• Verify the operation of the application against the expected functionality and deploy as per Zoom policies. 
• Generate completed functional testing result documentation and work with 3rd party developers to resolve discovered issues violating Zoom Marketplace policies and TOS. 
• Responsible for conception, execution, analysis, and documentation of all Zoom Marketplace application security and penetration tests to identify risks 3rd party developer applications impose upon Zoom. 
• Create test plans and identify application security vulnerabilities by running security tests on applications, networks, and software. 
• Devise solutions to resolve the weaknesses and mitigate any security risks for Zoom and Zoom customers. 
• Involved in the conception, development, and execution of code, scripts, and systems to automate security and penetration test cycles for Zoom to scale as a business. 
• Liaise with internal leadership in the strategic design process to translate security and business requirements into processes and tools. 
• Responsible for authoring, publishing, and maintaining official documentation, blog posts, and case studies regarding the functional testing, development, security, and best practices and techniques 3rd party developers can implement to improve their applications. 

REQUIREMENTS

• Previous experience (2+ years) as a software or security engineer
• Experience with software and cloud security
• Experience with cyber security frameworks and standards, including but not limited to NIST and ISO
• Intimate understanding of Secure Network Communication protocols, including TCP/IP, DHCP, DNS, FTP, HTTP, and HTTPS
• Experience with Authentication and Authorization, Public Key Infrastructures (PKIs), Certification Authorities (CAs), and Digital Signatures; 
• Experience with common web vulnerabilities (OWASP - Open Web Application Security Project); 

Bonus Skills

• Experience with FOSS Scanning, Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST); and 
• Experience with cyber-threat and cyber-risk analysis.