About the Team
The Vulnerability Management and Bug Bounty (VMBB) team is responsible for the intake of cutting-edge vulnerabilities in Zoom products from external researchers through an industry-leading Bug Bounty and Vulnerability Disclosure Program. The VMBB team then employs internal product knowledge to weave together a complete understanding of the impact of the findings. The team also drives the remediation of vulnerabilities reported through technical discourse and general vulnerability management functions, and occasionally through a PSIRT process for critical severity findings.
About The Role
Zoom is seeking an Operations Manager to join the Zoom Vulnerability Management and Bug Bounty team. Reporting directly to the Security Manager who oversees the Bug Bounty program, you will work cross-functionally to ensure the smooth operation of daily, monthly, and quarterly vulnerability management activities.
- Track the lifecycle of bug bounty reports submitted through the HackerOne platform to ensure they meet the high-quality standards required, and that program SLAs are met.
- Build new and maintain existing relationships with our bug bounty program researchers, Zoom Vulnerability Management Engineers, and Product Engineering teams.
- Facilitate communications as needed between the HackerOne Triage Plus team, the Zoom Vulnerability Management Engineers, the Product Engineering teams, and the Security Researchers within our programs using HackerOne comment threads, email, and Zoom Team Chat.
- Process and track all bug bounty payments to researchers and provide monthly expenditure reports to Zoom Finance.
- Analyze the data produced by the Zoom Bug Bounty Program using Tableau to surface trends and other insights which can be utilized to positively affect Zoom product security.
- Participate in yearly Live Hacking Events sponsored by Zoom and managed by HackerOne.
- Collaborate with the Zoom PSIRT, Risk, and Offensive Security teams as needed to facilitate the management of reported security vulnerabilities.
- Oversee change management of all modifications to the Zoom Bug Bounty program policies, bounty tables, documentation, processes, etc.
- Bachelor’s degree in Computer Science, Engineering, IT, or related technical field
- 5+ years of experience in application security, engineering, or technical project/management
- Experience with Vulnerability Management and/or Bug Bounty Programs
- Deep understanding of Responsible Disclosure and the Responsible Disclosure process
- Experience in Vulnerability Research and/or Penetration Testing Activities
- Familiarity with vulnerability classes (e.g. Memory Corruption, Injection, DoS, etc.)
- Understanding of the CVE and Security Bulletin publishing process and requirements
- Ability to explain complex technical security topics at a high level, and be able to distill specific instances of vulnerabilities down for executive actionability
- Ability to work both autonomously and as part of a globally distributed and diverse team
- Familiarity with common exploitation protections (e.g. ASLR, DEP, CFI, WAF, etc.)
- Tableau, reporting/analytics
- Experience analyzing and enhancing processes to create efficiencies
- Experience working with shifting timelines and priorities
Salary Range or On Target Earnings: