Product Security Role
The team is responsible for building secure design practices for AI products and new features, reviewing new architecture changes to identify security risks, providing mentorship and guidance to other members of the security team, developing 'at scale' solutions to problems like Content Security Policy (CSP), and evaluating and implementing security tools as needed.
Key Responsibilities
* Collaborate with engineering teams in Melbourne and regionally early in the development lifecycle to build secure design practices for AI products and new features.
* Review new architecture changes to identify security risks and build practical solutions for risk management and mitigation using tools like Terraform, Python, and Burp Suite.
* Provide mentorship and guidance to other members of the Zendesk Security team, sharing expertise and best practices to enhance team capabilities.
* Develop 'at scale' solutions to problems like Content Security Policy (CSP), automating authorization testing against API inventories.
* Evaluate and implement security tools as needed to strengthen our security framework and address evolving threats.
Required Skills and Qualifications
Basic Qualifications:
* 10 years of experience in Security, with at least 5 years supporting secure software development.
* Programming experience involving real-world development.
* Strong understanding of AWS products and services, their unique risks, and how to address those risks.
* Strong written and verbal communication skills to complement the ability to work in a global, asynchronous manner.
* The ability to influence other teams without direct authority.
* Knowledge of modern web application technologies including their security threats and vulnerabilities.
* Ability to work on multiple projects/tasks at once - balancing and prioritizing work appropriately.
* Excellent problem-solving skills and self-motivation to learn and upskill regularly.
Preferred Qualifications:
* Experience with application security or supporting secure software development.
* CVE's, participation in bug bounties or security competitions.
* Security certifications such as AWS, OSCP, etc.
Benefits
Hybrid: In this role, our hybrid experience is designed at the team level to give you a rich onsite experience packed with connection, collaboration, learning, and celebration - while also giving you flexibility to work remotely for part of the week. This role must attend our local office for part of the week. The specific in-office schedule is to be determined by the hiring manager.
This role offers a fulfilling and inclusive experience, fostering global diversity, equity, & inclusion in the workplace.