About This Role
 

About the Team

The Vulnerability Management and Bug Bounty (VMBB) team is responsible for the intake of cutting-edge vulnerabilities in Zoom products from external researchers through an industry-leading Bug Bounty and Vulnerability Disclosure Program. The VMBB team then employs internal product knowledge to weave together a complete understanding of the impact of the findings. The team also drives the remediation of vulnerabilities reported through technical discourse and general vulnerability management functions, and occasionally through a PSIRT process for critical severity findings.

About The Role

Zoom is seeking an Operations Manager to join the Zoom Vulnerability Management and Bug Bounty team. Reporting directly to the Security Manager who oversees the Bug Bounty program, you will work cross-functionally to ensure the smooth operation of daily, monthly, and quarterly vulnerability management activities.

Responsibilities:

• Track the lifecycle of bug bounty reports submitted through the HackerOne platform to ensure they meet the high-quality standards required, and that program SLAs are met.

• Build new and maintain existing relationships with our bug bounty program researchers, Zoom Vulnerability Management Engineers, and Product Engineering teams.

• Facilitate communications as needed between the HackerOne Triage Plus team, the Zoom Vulnerability Management Engineers, the Product Engineering teams, and the Security Researchers within our programs using HackerOne comment threads, email, and Zoom Team Chat.

• Process and track all bug bounty payments to researchers and provide monthly expenditure reports to Zoom Finance.

• Analyze the data produced by the Zoom Bug Bounty Program using Tableau to surface trends and other insights which can be utilized to positively affect Zoom product security.

• Participate in yearly Live Hacking Events sponsored by Zoom and managed by HackerOne.

• Collaborate with the Zoom PSIRT, Risk, and Offensive Security teams as needed to facilitate the management of reported security vulnerabilities.

• Oversee change management of all modifications to the Zoom Bug Bounty program policies, bounty tables, documentation, processes, etc.

About You

Basic Qualifications:

• Bachelor’s degree in Computer Science, Engineering, IT, or related technical field

• 5+ years of experience in application security, engineering, or technical project/management

• Experience with Vulnerability Management and/or Bug Bounty Programs

• Deep understanding of Responsible Disclosure and the Responsible Disclosure process

• Experience in Vulnerability Research and/or Penetration Testing Activities

• Familiarity with vulnerability classes (e.g. Memory Corruption, Injection, DoS, etc.)

• Understanding of the CVE and Security Bulletin publishing process and requirements

• Ability to explain complex technical security topics at a high level, and be able to distill specific instances of vulnerabilities down for executive actionability

• Ability to work both autonomously and as part of a globally distributed and diverse team

Preferred Qualifications:

• Familiarity with common exploitation protections (e.g. ASLR, DEP, CFI, WAF, etc.)

• Tableau, reporting/analytics

• Experience analyzing and enhancing processes to create efficiencies

• Experience working with shifting timelines and priorities 

Salary Range or On Target Earnings:

Minimum:

Maximum:

In addition to the base salary and/or OTE listed Zoom has a Total Direct Compensation philosophy that takes into consideration; base salary, bonus and equity value.

Information about Zoom’s benefits is on our careers page here. 

Note: Starting pay will be based on a number of factors and commensurate with qualifications & experience.

We also have a location based compensation structure;  there may be a different range for candidates in this and other locations.

Work Styles at Zoom

In most cases, you will have the opportunity to choose your preferred working location from the following options when you join Zoom: in-person, hybrid or remote. Visit this page for more information about Zoom's Workstyles.

About Us

Zoomies help people stay connected so they can get more done together. We set out to build the best video product for the enterprise, and today help people communicate better with products like Zoom Contact Center, Zoom Phone, Zoom Events, Zoom Apps, Zoom Rooms, and Zoom Webinars.

We’re problem-solvers, working at a fast pace to design solutions with our customers and users in mind. Here, you’ll work across teams to deliver impactful projects that are changing the way people communicate and enjoy opportunities to advance your career in a diverse, inclusive environment.

Explore Zoom:

• Hear from our leadership team

• Browse Awards and Employee Reviews on Comparably

• Visit our Blog

• Zoom with us!

• Find us on social at the links below and on Instagram

• View more jobs, sign up for job alerts and join our talent community. Visit the Zoom careers site.

We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. Zoom is proud to be an equal opportunity workplace and is an affirmative action employer. All your information will be kept confidential according to EEO guidelines. 

We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records and any qualified applicants requiring reasonable accommodations in accordance with the law. If you need any assistance or accommodations due to a medical condition, or if you need assistance accessing our website or completing the application process, please let us know by emailing us at *******@zoom.us.