Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Jobs - Senior Security Engineer, Product Security San Francisco, CA GWEB GSSP-JAVA GPEN GWAPT InfoSec Jobs


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Senior Security Engineer, Product Security
Company Zendesk
Location San Francisco, CA
Preferred GIAC Certifications GWEB GSSP-JAVA GPEN GWAPT
Travel 0%
Salary Not provided
URL https://www.zendesk.com/jobs/view/?job=b7923927-1dd5-47ba-8980-e64427e684f5
Contact Name Maarten Van Horenbeeck
Contact Email mvanhorenbeeck/at/zendesk.com
Expires 2019-04-10

Job Description

Are you passionate about application security? Are you ready to secure the public cloud? Do you get a thrill out of discovering security vulnerabilities? Do you enjoy the challenge of designing creative solutions to tough problems? Can you thrive in a dynamic team where our 130k+ customers count on us for protecting their data? If so, you might be a perfect fit for Zendesk’s Product Security Team!

At Zendesk Security we believe that security is everyone’s responsibility and that security decisions must be simple. When our customers or employees face options, we strive to make the secure options the easiest way of achieving their goals.

On the Zendesk Product Security Team we develop and build processes that allow Zendesk Engineering to make the right, secure decisions for our customers. We partner with our engineers to prioritize security during the entire software development life cycle and provide them tools and programs to do so including a mature bug bounty program, Security Champions program, security reviews, static/dynamic testing tooling and vulnerability management.

What you get to do every day:

- Grow our established bug bounty program into a highly visible, industry leading program by increasing researcher engagement, driving vulnerability management between Security Researchers and our global Engineering teams, analyzing trends in vulnerabilities and leveraging the bug bounty program to push for systematic fixes to common vulnerabilities.
- Work with Zendesk Engineering to secure all customer facing applications, including cloud services, web and mobile technologies.
- Assist in the vulnerability management process including triaging identified vulnerabilities and tracking them through the vulnerability lifecycle. Work with Engineering to mitigate potential threats/vulnerabilities.
- Be the voice of Zendesk Security while responding to customer security questions and issues. Respond to incidents/breaches as needed and work with teammates to investigate them.
- Perform threat modeling and review software design in partnership with Zendesk Engineering. Partner with Zendesk Engineering through our Security Champions program to foster a security culture and to help our engineers improve their security posture.
- Work on a globally distributed team in a fast-paced and flexible environment.

What you bring to the role:

Bachelor's degree in Computer Science or other relevant focus of study.
- At least 5 years of application security experience, plus experience mentoring junior staff.
- Programming experience (Ruby, Python, Scala, Golang, Node.js, Ember.js, or React is a plus) - please send us your GitHub/Bitbucket account or any other examples of projects, if available.
- Penetration testing experience/ability to verify common web vulnerabilities.
- Knowledge of modern web applications including their security threats and vulnerabilities.
- Experience securing large Amazon Web Service deployments.
- Understanding of email security concepts such as DKIM, SPF, DMARC, etc. is a plus.
- Excellent problem solving skills.
- Great verbal and written communication skills.
- Ability to work on multiple projects/tasks at once - balancing and prioritizing work appropriately.
- Experience with agile development processes, working in a fast-paced environment with continuous integration.
- Security certifications such as OSCP, GWEB, GPEN, GWAPT, CEH, CISSP, GSEC, etc