Application Security Engineer - Mid to Senior (Multiple openings)



Application Security Engineer - Mid to Senior (Multiple openings)

  • R6139
  • Remote, United States
  • Remote, Alaska, United States
  • Remote, Arizona, United States
  • Remote, Georgia, United States
  • Remote, New York, United States
  • Seattle, Washington, United States
  • Security
  • Full time

Work Styles at Zoom

In most cases, you will have the opportunity to choose your preferred working location from the following options when you join Zoom: in-person, hybrid or remote. Visit this page for more information about Zoom's Workstyles.

About Us

Zoomies help people stay connected so they can get more done together. We set out to build the best video product for the enterprise, and today help people communicate better with products like Zoom Contact Center, Zoom Phone, Zoom Events, Zoom Apps, Zoom Rooms, and Zoom Webinar.

We’re problem-solvers, working at a fast pace to design solutions with our customers and users in mind. Here, you’ll work across teams to deliver impactful projects that are changing the way people communicate and enjoy opportunities to advance your career in a diverse, inclusive environment.

Security Engineer - Mid to Senior
(Multiple openings)


Zoom is looking for mid-senior Security Engineers to join our Security Architecture team, reporting to our Head of Security Architecture. You will work with product management,  engineering, privacy, legal and operations teams to review and validate the security postures of new Zoom features prior to product release. This includes identifying high-level architectural flaws, detecting common vulnerabilities such as Remote Code Execution (RCE), Privilege Escalation, misconfiguration, and other OWASP top 10 vulnerabilities (SQL injection, XSS, broken access control, etc), and reviewing cloud infrastructure configurations.


  • You will conduct threat modeling, architecture review, security code review, security assessment, penetration testing (web application, native application, web services, cloud-based services, and infrastructure assessments).

  • Perform in-depth security review of new Zoom features. This includes identifying security vulnerabilities (OWASP top ten, common issues in NVD, RCE), reviewing code in Java or C++, verifying security posture through pen-test (using manual/automated techniques with tools like Kali Linux, Burp suite, Checkmarx, WebInspect).

  • You will perform cloud infrastructure security reviews; the primary focus will be on AWS and many of its common service components (S3, IAM, EC2, VPC).

  • Document security best practices, develop tools, libraries, scripts or customize existing tools to automate security vulnerability detection and remediation.

  • Identify gaps in existing cloud security architecture design/configuration and recommend changes (authentication, authorization, network segmentation, container configuration, bastion host setup).

  • You will partner with engineering and operation teams to integrate mitigation controls into continuous integration, delivery and deployment processes.

  • Work on areas to develop security baseline for cloud, container, and application and integrate into the CI/CD pipeline.

  • Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements (NIST controls, SOC2).


  • Bachelor's degree in Computer Science, Information Assurance/Security, Cyber Security, Computer or Electrical Engineering (or similar field), and 4+ years in security.

  • Experience in software security architecture and design review, threat modeling, security code review, SDLC, and best practices and mitigations for application security.

  • Knowledge of network-based, system level, and application layer attacks and mitigation methods.

  • Hands-on security experience working with AWS and common service components within AWS.

  • Experience in penetration testing in different environments, including assessing security posture of web application, native application, distributed systems, and cloud infrastructure (such as AWS).

  • Experience with a broad range of security technologies including VPC, IAM, KMS, etc. in AWS.

  • Knowledge of technology and security topics including crypto, network and application security (OWASP), infrastructure hardening, security baselines, web server, and database security.

  • Knowledge of cloud automation tools such as Terraform, CloudFormation, Ansible, etc.

  • Development experience with programming languages such as Java, JavaScript, Python, Go, and/or other scripting languages.


We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. Zoom is proud to be an equal opportunity workplace and is an affirmative action employer. All your information will be kept confidential according to EEO guidelines. 

We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records and any qualified applicants requiring reasonable accommodations in accordance with the law. If you need any assistance or accommodations due to a medical condition, or if you need assistance accessing our website or completing the application process, please let us know by emailing us at

Zoom requires all U.S. employees who will work in person at a Zoom office, attend in-person Zoom meetings or have in-person customer meetings to be fully vaccinated.  Zoom will consider requests for reasonable accommodations for religious or medical reasons as required under applicable law.

At Zoom, we care about our employees, their families, and their well-being. As part of our award-winning workplace culture and commitment to delivering happiness, our benefits program offers a variety of perks, benefits, and options to help employees maintain their physical, mental, emotional, and financial health; support work-life balance; and contribute to their community in meaningful ways. To view our benefits, click here.

Explore Zoom:


Fraudulent Employment Offers

Zoom is aware of scams that involve fake Zoom job listings posted on third-party sites. Responding applicants are contacted primarily over email, InMail and/or chat applications by people impersonating Zoom employees. Eventually a fake offer letter is sent in exchange for personal identification information as part of a fake new-hire screening process.

Please be advised that these offers, communications and impersonations are illegitimate and fraudulent. All communication with Zoom employees come from a “” email address. Zoom job applicants complete an interview process including in-person (on Zoom) meetings and phone calls. Our process also requires you to create an account with our applicant tracking system, Workday.

Zoom will never ask for your personally identifying information during the interview process or ask you to pay money or purchase equipment. If you have received a message from Zoom that appears suspicious, please contact 


Sign up for job alerts

Find roles that are just the right fit for you, delivered straight to your inbox. The next opportunity you see could become your new career.


Not You?

We have emailed you a code to verify your identity

Thank you for signing up for job alerts from Zoom!

Person, Laptop, Pc, Mouse, Hair, Sitting, Female, Table, Woman, Girl