Are you passionate about application security? Do you get a thrill out of discovering security vulnerabilities in web applications and mobile apps? Do you enjoy the challenge of designing creative solutions to tough problems? Are you excited about securing the public cloud? Can you thrive in a dynamic team where our 150k+ customers count on us for protecting their data? If so, you might be a perfect fit for Zendesk's Product Security Team!
At Zendesk Security we believe that security is everyone's responsibility and that security decisions should be simple. When our customers or employees face options, we strive to make the secure options the easiest way of achieving their goals.
On the Zendesk Product Security Team we develop and build processes that allow Zendesk Engineering to make the right, secure decisions for our customers. We partner with our engineers to prioritize security during the entire software development process and provide tools and programs to do so including, but not limited to, a mature bug bounty program, Security Champions program, security reviews, static/dynamic testing tooling and vulnerability management.
Our awesome team
We are a global team with members working around the world. Having team members that come from different cultures and backgrounds gives us a diversity of opinions and experience, enabling us to see problems from many different perspectives and design the best solutions. Our team members are always learning and growing their capabilities and skill sets.
Your manager, Scott, will be there to support your career development and chart a course for your future success at Zendesk. He tries to empower his team members supporting them when they need help, but avoiding taking over and micromanaging. The goal is to always be growing and to do that you will always be faced with new challenges and new opportunities to learn. Scott enjoys gardening, homebrewing and video games, but would really like to hear what you are passionate about - aside from application security, of course!
What you'll do as a Senior Product Security Engineer
* Grow our established bug bounty program into a highly visible, industry leading program by increasing researcher engagement, driving vulnerability management between
* Security Researchers and our global Engineering teams, analyzing trends in vulnerabilities and using the program to push for systematic fixes to common vulnerabilities.
* Perform threat modeling and review software design in partnership with Zendesk Engineering.
* Assist in the vulnerability management process including triaging identified vulnerabilities and tracking them through the vulnerability lifecycle.
* Partner engineering through our Security Champions program to nurture a security culture and to help our engineers improve their security posture.
* Be the voice of Zendesk Security while responding to customer security questions and issues.
* Support incident response efforts as needed and work with teammates to investigate them.
What you bring to the role:
* Bachelor's degree in Computer Science or other relevant focus of study.
* At least 5 years of application security experience, plus experience mentoring junior staff.
* Programming experience (Ruby, Python, Scala, Golang, Node.js, Ember.js, or React is a plus) - please send us your GitHub/Bitbucket account or examples of projects, if available.
* Experience securing large Amazon Web Service deployments.
* Penetration testing experience/ability to verify common web vulnerabilities.
* Knowledge of modern web applications including their security threats and vulnerabilities.
* Excellent problem solving skills.
* Excellent verbal and written communication skills.
* Ability to work on multiple projects/tasks at once - balancing and prioritizing work appropriately.
* Experience with agile development processes, working in a fast-paced environment with continuous integration.
* Security certifications are a plus such as OSCP, GWEB, GPEN, GWAPT, CEH, CISSP, GSEC, etc
Zendesk builds software for better customer relationships. It empowers organizations to improve customer engagement and better understand their customers. Zendesk products are easy to use and implement. They give organizations the flexibility to move quickly, focus on innovation, and scale with their growth.
More than 100,000 paid customer accounts in over 150 countries and territories use Zendesk products. Based in San Francisco, Zendesk has operations in the United States, Europe, Asia, Australia, and South America.
Interested in knowing what we do in the community? Check out the Zendesk Neighbor Foundation to learn more about how we engage with, and provide support to, our local communities.
Zendesk is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Zendesk are considered without regard to race, color, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.
By submitting your application, you agree that Zendesk may collect your personal data for recruiting, global organization planning, and related purposes. Zendesk's Candidate Privacy Notice explains what personal information Zendesk may process, where Zendesk may process your personal information, its purposes for processing your personal information, and the rights you can exercise over Zendesk's use of your personal information.
Zendesk is a software development company, providing software-as-a-service products for organizations.