Offensive Security Engineer, Workvivo - UK

What you can expect

In this role, you'll focus on uncovering and addressing vulnerabilities across the Workvivo platform, including our Web App, Mobile App, Mobile and AWS Infrastructure.

You will be responsible for identifying and mitigating security vulnerabilities within software applications through building security tools, code reviews, penetration testing, and security assessments.

We're looking for people who will work closely with application engineering teams to ensure secure coding practices are integrated throughout the software development lifecycle, preventing security risks before they emerge. You will also provide security guidance to developers and other stakeholders, fostering a culture of security awareness within the organization.

About the Team

Workvivo is an employee experience platform designed to amplify workplace culture and foster employee engagement, regardless of location. Committed to customer satisfaction, Workvivo focuses on enhancing employees' working lives across diverse industries globally. As part of Zoom, an intelligent collaboration platform, Workvivo aligns with Zoom's mission to prioritize people, enabling meaningful connections, modern collaboration, and driving innovation in businesses and individual interactions.

In this position, you'll have the opportunity to make a meaningful impact on the security of both Workvivo and Zoom. This includes contributing to our engineering security training program and collaborating cross-functionally within Zoom Security, including teams like Bug Bounty, Incident Response, SOC, Vulnerability Management, and Customer Security Assurance (CSA).

Responsibilities

• Conducting regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software associated with the Workvivo Platform, including AWS Infrastructure and the Web and Mobile Apps.
• Discovering vulnerabilities related to the Workvivo platform and infrastructure, collaborating with Workvivo's and Zoom's internal teams, and working daily with Security, AWS Infrastructure, and Application Engineering teams to ensure security, scalability, and stability.
• Prioritizing threat modeling of new security features before deployment; conducting risk assessments to identify potential risks and develop mitigation strategies, working early in the design phase with Application Engineering and other teams.
• Contributing to improving the SDLC by advising on DAST, SAST, SCA, securing pipelines, and introducing automated security solutions.
• Enhancing security practices across Workvivo and Zoom, including contributing to the Engineering Security training program.
• Working cross-functionally within Zoom Security teams like Bug Bounty, Incident Response, SOC, Vulnerability Management, and CSA.
• Introducing and developing automated security solutions through coding.

What we're looking for

• Experience conducting penetration tests focused on Web Applications, APIs, and Mobile.
• Ability to critically analyze vulnerability and penetration test reports from external partners and customers.
• Capability to go beyond superficial vulnerabilities like security headers, critically challenging findings.
• Experience producing architectural diagrams emphasizing security controls.
• Background in application security, software development, or related areas, with a solid understanding of secure coding practices and frameworks.
• Good knowledge of AWS.
• Proficiency with tools like Burp Suite, Invicti (Netsparker), or similar.
• Proficiency in programming languages such as PHP, Laravel, Go, Java, C++, etc., and familiarity with security tools and protocols.
• Excellent attention to detail, curiosity, and ability to stay focused on security technologies, with strong communication skills to explain complex issues to technical and non-technical audiences.

Ways of Working

Our hybrid work approach combines office and remote work, with specific arrangements indicated in the job posting.

Benefits

Our benefits program offers perks supporting physical, mental, emotional, and financial health, work-life balance, and community engagement. Click Learn for more information.

About Us

Zoom helps people stay connected to accomplish more together. We build the best collaboration tools for enterprise, including Zoom Contact Center, Zoom Phone, Zoom Events, Zoom Apps, Zoom Rooms, and Zoom Webinars. We are problem-solvers, working quickly to create solutions with our users in mind. Find opportunities to grow and advance your career in our collaborative, growth-oriented environment.

Our Commitment

At Zoom, we believe great work happens when people feel supported and empowered. We are committed to fair hiring practices and providing accommodations during the hiring process for those who need them. If you require assistance due to a medical disability, please submit an Accommodations Request Form . Requests unrelated to accommodations, such as follow-ups or technical issues, will not be addressed.