Product Security at Zendesk is a globally distributed team of passionate, motivated and focused application security specialists. We understand how to build applications securely and enjoy crafting creative approaches to scale security either through automation, education or secure design. We develop and build processes and tools that allow us to make the right, secure decisions for our customers and bake security into our products. We partner with our engineers to prioritize security during the entire software development lifecycle and provide them the tools and programs to do so, including a mature bug bounty program, a vibrant Security Champions program, regular and in-depth security reviews, static/dynamic tooling, and vulnerability lifecycle management. If this sounds exciting, we have an opportunity for you, an architect, to join us.
What you'll be doing
1. Partner with Zendesk Engineering early in the application development lifecycle to suggest secure designs and build secure solutions.
2. Review projects to identify risks and suggest ways to manage those risks.
3. Influence our partners to drive security control improvements throughout the product development lifecycle.
4. Act as a mentor to other members of the Zendesk Security team.
5. Work in a team-oriented, fast-paced, global, and flexible environment.
6. Support the handling of critical customer security issues with speed and communication.
7. Evaluate, implement and operationalise additional tooling as needed.
What you bring to the role
1. A team-first, collaborative approach.
2. The ability to influence other teams without direct authority.
3. Excellent problem-solving skills and self-motivation to learn and upskill regularly.
4. Strong written and verbal communication skills to complement the ability to work in a global, asynchronous manner.
5. Ten years of experience in Security, with at least five years supporting software development.
6. Knowledge of modern web application technologies including their security threats and vulnerabilities.
7. Programming experience involving real world development. The choice of language is up to you.
8. Experience with agile development processes while collaborating in a fast-paced environment with continuous integration and deployment.
9. Strong understanding of AWS products and services, their unique risks, and how to address those risks.
10. Ability to work on multiple projects/tasks at once - balancing and prioritizing work appropriately.
Preferred Qualifications:
1. AWS certifications or other cloud-based certifications.
2. Security certifications such as SABSA, CISSP, GSEC, GWEB, GPEN, GWAPT, GSEC, OSCP, etc.
3. Experience with Google Cloud Platform.
4. CVE’s, participation in bug bounties or security competitions.
5. Involvement in local or regional security user groups or conferences.
#J-18808-Ljbffr