Offensive Security Engineer - Workvivo

What you can expect

In this role, you’ll focus on uncovering and addressing vulnerabilities across the Workvivo platform, including our Web App, Mobile App, Mobile and AWS Infrastructure.

You will be responsible for identifying and mitigating security vulnerabilities within software applications through building security tools, code reviews, penetration testing, and security assessments.

We’re looking for people who will work closely with application engineering teams to ensure secure coding practices are integrated throughout the software development lifecycle, preventing security risks before they emerge. You will also provide security guidance to developers and other stakeholders, fostering a culture of security awareness within the organization.

About the Team

Workvivo is an employee experience platform designed to amplify workplace culture and foster employee engagement, regardless of location. Committed to customer satisfaction, Workvivo focuses on enhancing employees' working lives across diverse industries globally. As part of Zoom, an intelligent collaboration platform, Workvivo aligns with Zoom's mission to prioritize people, enabling meaningful connections, modern collaboration, and driving innovation in businesses and individual interactions.

In this position, you’ll have the opportunity to make a meaningful impact on the security of both Workvivo and Zoom. This includes contributing to our engineering security training program and collaborating cross-functionally within Zoom Security, including teams like Bug Bounty, Incident Response, SOC, Vulnerability Management, and Customer Security Assurance (CSA).

Responsibilities

• Conducting regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software associated with the Workvivo Platform, including AWS Infrastructure and the Web and Mobile Apps.
• Discovering vulnerabilities associated with the Workvivo platform and infrastructure, and working with Workvivo's and Zoom's internal teams to address them. Collaborating daily with Security, AWS Infrastructure, and Application engineering teams to ensure security, scalability, and stability.
• Prioritizing threat modeling of new security features before deployment. Conducting threat modeling and risk assessments to proactively identify risks and develop mitigation strategies, working with application engineering and other teams early in the design phase.
• Contributing to improving the Software Development Lifecycle (SDLC) by advising on DAST, SAST, SCA, securing pipelines, and introducing automated security solutions.
• Enhancing security practices across Workvivo and Zoom, including feeding into the engineering security training program.
• Working cross-functionally within Zoom Security, including teams like Bug Bounty, Incident Response, SOC, Vulnerability Management, and CSA.
• Introducing and coding automated security solutions.

What we’re looking for

• Extensive experience in conducting penetration tests focused on Web Applications, APIs, and Mobile platforms.
• Ability to critically analyze vulnerability and penetration test reports from external partners and customers.
• Capability to go beyond superficial vulnerabilities like security headers and challenge security issues critically.
• Experience in creating architectural diagrams emphasizing security controls.
• Background in application security, software development, or related fields, with a solid understanding of secure coding practices and security frameworks.
• Good knowledge of AWS.
• Proficiency with tools like Burp Suite, Invicti (Netsparker), or similar.
• Proficiency in programming languages such as PHP, Laravel, Go, Java, C++, etc., and familiarity with security tools and protocols.
• Excellent attention to detail, curiosity, focus, and the ability to discuss security technologies with both technical and non-technical audiences.