Security Engineer, Controls Validation - Cyber Defense Professionals

Job Expired

In most cases, you will have the opportunity to choose your preferred working location from the following options when you join Zoom: in-person, hybrid or remote. Visit this page for more information about Zoom’s Workstyles.

Security Engineer, Controls Validation

You will provide assessments, gap analysis, and recommendations around technical security control implementations across multiple software products, supporting infrastructure technologies, and business processes. In this role, you will ensure that the technical security details align to Zoom’s commitment to protect customers, employees, business operations, and comply with regulatory mandates. As part of the Security Assurance team, you will also support Offensive Security in penetration testing initiatives, depending on capabilities.

Responsibilities:

Evaluate and assess the effectiveness of management, operational, and technical security controls.
Work with software developers, DevOps and infrastructure teams, product owners, Legal stakeholders, and across security teams to understand the requirements for security.
Contribute to the development and maturation of the security controls program.
Evaluate, document, and communicate business risk in the context of control designs and gaps.
Seek out opportunities to improve verification of controls compliance, such as through automation of tests.

Experience, Skills, and Competencies:

5+ years overall experience in professional roles focusing on cyber security and data privacy.
Strong familiarity with security controls frameworks, such as NIST SP800-53, ISO 27001/27002, CIS Critical Controls, and others.
Demonstrated experience utilizing security tools, such as vulnerability scanners, exploit frameworks, intrusion detection, forensics tools.
Experience executing audit plans or assessments covering cyber security controls;
Professional certifications on AWS and security-related disciplines.

Experience working within cloud-based application deployments and IaaS architectures, preferably AWS.
Awareness of current attacker TTPs.
Strong familiarity with a broad range of information technologies, protocols, and security domains.
General familiarity with current encryption methods, standards, and weaknesses;
Ability to be flexible in scheduling to accommodate occasional meetings with staff in distant time zones.
Ability to clearly communicate technical issues to non-technical audiences and others with varying backgrounds.

We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone’s perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. Zoom is proud to be an equal opportunity workplace and is an affirmative action employer. All your information will be kept confidential according to EEO guidelines.

We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law. If you need any assistance or accommodations due to a medical condition, or if you need assistance accessing our website or completing the application process, please let us know by emailing us at [email protected].

Zoom requires all U.S. employees who will work in person at a Zoom office, attend in-person Zoom meetings or have in-person customer meetings to be fully vaccinated. Zoom will consider requests for reasonable accommodations for religious or medical reasons as required under applicable law.

Explore Zoom: