At ZoomInfo Powered by DiscoverOrg we encourage creativity, value innovation, demand teamwork, expect accountability and cherish results. If you are a take charge, take initiative, get stuff done individual we want to talk to you! We have high aspirations for the company and are looking for the right people to help fulfill the dream. We strive to continually improve every aspect of the company and use cutting edge technologies and processes to delight our customers and rapidly increase revenues.

ZoomInfo, a leading B2B data company located in Waltham, MA, makes it our goal to maintain the highest security standards in our products, keeping an intense focus on product security. As a hands-on Security Engineer you will guide and influence the product security domain and ensure our product security is excellent, and our clients are safe from advanced attacks.

This is a soup to nuts, a highly hands-on security position. The ideal candidate will extensively probe our multiple environments cloud, data center, offices to identify and prioritize risks and issues ranging from firewall configurations, network firmware, OS patching and hardening, DB security, Cloud access and so much more. Then, in close cooperation with engineering management and systems engineers, develop a short and long term plan to rectify those issues through upgrades, patching, configuration changes, and tooling. Many of those fixes will fall on the Security Engineer to coordinate and, in many cases, implement where appropriate. Once the initial fixes/deficiencies have been remediated, the engineer will then be able to focus on further enhancing our security posture.

In this job, you will:

• Maintain & promote the security posture of our products from the technical perspective, in view of todays increasing levels of security threats & challenges.
• Constantly be probing our data centers, corporate offices, and cloud-based platforms using a wide range of open source and proprietary solutions and tools
• Coordinate and, in many cases, implement fixes (patches, configuration changes and so much more) for discovered issues
• Own the structured process for responding to security issues found in our SaaS / Cloud-based product offerings
• Lead from definition to implementation the significant security initiatives related to our products
• Interact with auditors to maintain our SOC2 audit compliance.

Experience (not all required provided there is a comparable experience and a willingness to learn):

• Cisco Firewalls
• Centos
• CloudFlare
• F5 Load Balancers, NGinX
• FirePower Security IDS/IPS
• Open source pen-testing tools
• Linux / Centos OS patching solutions
• Windows patching solutions (we are about 10% Windows)
• Google Compute Engine
• 2-3 years of experience in a security engineering role

We are looking for a hands-on individual with a white hat hacker mindset to join us in an Application Security Engineer Role. You will be responsible for architecting, developing and deploying application security tools and technologies to protect ZoomInfos platform and backend infrastructure.

WHAT YOU'LL DO

• Develop the secure SDLC process at ZoomInfo and perform static security code analysis (SAST) of ZoomInfos codebase on a regular basis and provide relevant recommendations to ZoomInfos developers.
• Perform dynamic application security testing (DAST) using open source and commercial tools before applications are deployed in production.
• Perform threat modeling on the existing and upcoming feature set in the ZoomInfo application so that appropriate security controls can be built from the ground up.
• Review security alerts and reports on a daily basis and work closely with the DevOps team in any follow-up investigation or remediation.
• Manage the bug bounty program at ZoomInfo and work with the developers for timely remediation of the reported issues.
• Manage external independent Application Security Testing and ensure timely remediation of issues.
• Identify all vulnerabilities originating from third-party dependencies and ensuring timely remediation.
• Impart ongoing secure code and application security best practices training to developers.

SKILLS AND EXPERIENCES THAT'LL HELP YOU BE GREAT

• Bachelors in Computer Science or a related field
• 5+ years in a security engineering or operations role
• Strong knowledge of applied cryptography, web security, TLS/SSL, web authentication protocols such as OAuth/SAML
• Experience in using scripting languages e.g. Python, Perl, PHP, Ruby to automate tasks and manipulate data
• Experience with developing threat models (STRIDE, DREAD, etc.)
• Comfortable with security tools like Burp Suite, OWASP ZAP, CheckMarx, Veracode, MetaSploit, App Spider etc.
• Experience with automation tools like Ansible, Chef, Puppet, Jenkins desired but not a must-have
• Experience with automated application testing tools/frameworks e.g. Selenium, SonarQube
• js/Java/Angular

THE THREE SKILLS THAT MATTER MOST

Nobody can be great at everything, but were looking for candidates who are extraordinary at: Hands-on experience with SAST and DAST tools

• Past development experience
• Security design review experience

About us:

Built over 20 years ago, ZoomInfo Powered by DiscoverOrg has become the go-to-market standard for over 13,500 companies worldwide. Designed to be the single source of truth, the ZoomInfo platform offers best-in-class technology paired with unrivaled data coverage, accuracy, and depth of contacts, companies, and opportunities essential to empower sales, marketing and recruiting professionals to hit their numbers. Deeply embedded into business workflows and technology stacks-- including integrations with the leading CRM, Sales Engagement, Marketing Automation, and Talent Management applications - ZoomInfo is capable of delivering more predictable, accelerated, and sustainable growth than any stand-alone solution. ZoomInfos investors include TA Associates, The Carlyle Group and 22C Capital. For more information about our leading marketing and sales intelligence solution, visit www.zoominfo.com.

All qualified applicants will receive consideration for employment without regard to race, color, ethnicity, religion, gender, national origin, disability and protected veterans status or any other personal characteristic protected by law.