AppSec Jobs
← Back to all jobs

Zoom

Senior Security Vulnerability Management Engineer

United StatesWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Zoom

Zoom Video Communications, Inc. is a prominent AI-powered unified communications and collaboration platform founded in 2011 by Eric Yuan. The company focuses on providing seamless video communications and has expanded its offerings to include a range of enterprise tools. Zoom went public in 2019 and has since grown significantly, especially during the pandemic, where it saw a 30-fold increase in daily participants. Zoom's core products include Zoom Meetings, a flagship video conferencing tool that supports HD video and up to 100+ participants, and Zoom Phone, a cloud-based phone system. Other offerings encompass Zoom Chat for messaging, Zoom Webinars for scalable online events, and Zoom Contact Center for customer service. The platform emphasizes ease of use, scalability, and security, catering to a diverse clientele that includes small businesses, enterprises, and educational institutions. With millions of daily meetings, Zoom continues to prioritize human connection and reliable communication.

Industry

information technology & services

Employees

7,500

1704 engineers

Revenue

$4.7B

Website

Visit →

Security at Zoom

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Zoom's AppSec philosophy emphasizes a formal secure software development lifecycle (SDLC) with design reviews, threat analysis, and code reviews.
  • It also focuses on developer-facing AppSec education through programs like Security Champions, requiring foundational training before code shipment.
  • Furthermore, the philosophy includes automating security testing, integrating security into CI/CD, and utilizing advanced tools including AI, as indicated by job postings.

Security Team

  • Sandra McLeod is listed as Zoom's Chief Information Security Officer, overseeing comprehensive security efforts, and became Interim CISO in April 2025.
  • Michael Adams is also referenced in historical CISO-related coverage.
  • AppSec-focused job postings indicate the team works with security testing automation, SAST/DAST/SCA, container security, CI/CD integration, vulnerability triage, and advanced tools including AI.

Key Initiatives

  • Zoom's initiatives include a formal secure software development lifecycle (SDLC) with design reviews and threat analysis.
  • They operate a vulnerability disclosure program, a Bug Bounty program, and conduct annual third-party penetration tests and ongoing offensive security activities.
  • Developer-facing AppSec education, such as the Security Awareness Ambassador program and a Security Champions program (reaching 200 employees), is also a key initiative, requiring foundational training for developers before shipping code.
  • Automation of security testing, SAST/DAST/SCA, container security, and CI/CD integration are also emphasized.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.