Job Description
Are you passionate about application security? Do you get a thrill out of discovering security vulnerabilities in web applications and mobile apps? Do you enjoy the challenge of designing creative solutions to tough problems? Are you excited about securing the public cloud? Can you thrive in a dynamic team where our 150k+ customers count on us for protecting their data? If so, you might be a perfect fit for Zendesk’s Product Security Team!
At Zendesk Security we believe that security is everyone’s responsibility and that security decisions should be simple. When our customers or employees face options, we strive to make the secure options the easiest way of achieving their goals.
On the Zendesk Product Security Team we implement tools and build processes that allow Zendesk Engineering to make the right, secure decisions for our customers. We partner with our engineers to prioritize security during the entire software development process and provide tools and programs to do so.
What you’ll do as a Staff Product Security Engineer
* Secure customer-facing applications, primarily web technologies.
* Perform threat modelling and review software design in partnership with Zendesk Engineering.
* Partner with Zendesk Engineering through our Security Champions program to nurture a security culture and to help our engineers improve their security posture.
* Automate and integrate security tooling into CI/CD pipelines at scale.
* Evaluate, implement and operationalise additional tooling as needed.
* Be the voice of Zendesk Security while responding to customer security questions and issues.
* Support incident response efforts as needed and work with teammates to investigate them.
* Work in a team-orientated, fast-paced, global, and flexible environment.
What you bring to the role
* At least 5 years of application security experience.
* A team-first, collaborative approach.
* Experience securing complex, highly scaled systems. Methodical in identifying and decomposing security requirements and opportunities.
* Penetration testing experience/ability to verify common web vulnerabilities.
* Knowledge of modern web applications including their security threats and vulnerabilities.
* You can explain security considerations well to others and just as important, actively listen to others ensuring a good discussion.
* Experience with agile development processes, working in a fast-paced environment with continuous integration and deployment.
* Excellent problem solving skills and self-motivated to learn and up-skill regularly.
Nice to haves
* Bonus points for knowledge of Machine Learning
* Experience with M&A activities
* Experience securing large Amazon Web Service deployments
* Security certifications such as OSCP, GWEB, GPEN, GWAPT, CEH, CISSP, etc. are a plus.
Our awesome team
We are a global team with members working around the world. Having team members that come from different cultures and backgrounds gives us a diversity of opinions and experience, enabling us to see problems from many different perspectives and design the best solutions. Our Product Security team members are always learning and growing their capabilities and skill sets.
Zendesk software was built to bring a sense of calm to the chaotic world of customer service. Today we power billions of conversations with brands you know and love.
Zendesk believes in offering our people a fulfilling and inclusive experience. Our hybrid way of working, enables us to purposefully come together in person, at one of our many Zendesk offices around the world, to connect, collaborate and learn whilst also giving our people the flexibility to work remotely for part of the week.
Hybrid: In this role, our hybrid experience is designed at the team level to give you a rich onsite experience packed with connection, collaboration, learning, and celebration - while also giving you flexibility to work remotely for part of the week. This role must attend our local office for part of the week. The specific in-office schedule is to be determined by the hiring manager.