Zuora provides the leading cloud-based subscription management platform that functions as a system of record for subscription businesses across all industries. Powering the Subscription Economy®, the Zuora platform was architected specifically for dynamic, recurring subscription business models and acts as an intelligent subscription management hub that automates and orchestrates the entire subscription order-to-cash process, including billing and revenue recognition.

At Zuora, every employee is the CEO of their career and leading our mission are over 1,200 passionate and innovative ZEOs who value freedom, responsibility and accountability in equal measure because they have the capacity to make shift happen. Our culture isn’t an empty branding effort – our ZEOs love working here and it shows in our 4.5+ rating on Glassdoor. We take it very seriously. We encourage our employees to be curious, creative, and stay focused on our shared mission of enabling our customers to be successful.

Zuora serves more than 1,000 companies around the world, including Box, Komatsu, Rogers, Schneider Electric, Xplornet and Zendesk. Headquartered in Silicon Valley, Zuora also operates offices in Atlanta, Boston, Frisco, Denver, San Francisco, London, Paris, Beijing, Sydney, Chennai and Tokyo.

At Zuora, different perspectives, experiences and contributions matter. Everyone counts. Zuora is proud to be an equal opportunity employer committed to creating an inclusive environment for all.

Zuora is looking for Security Engineer to join our product and infrastructure security team. As Security Engineer you will have the opportunity to develop your analytical, strategic, and technical skills needed around cyber security foundation.

Responsibilities

• Working closely with engineering teams to embed secure coding practices as part of the engineering culture


• Provide technical leadership, solution design, and hands-on development support on security controls for applications and infrastructure


• Collaborate cross-functionally and engage with all levels of leadership to gather requirements for, design, and implement security controls


• Evaluate, test, implement, and support third-party security tools


• Identify new security threats by conducting penetration testing and vulnerability assessments


• Build automated solutions to secure AWS Cloud Infrastructure


• Participate in Security incident investigation


• Code reviews for security best practices

Required Experience and skills

Education & Essential Experience

• MS or Bachelor in Computer Science or equivalent desired


• 2-5 years with Application Security


• 3+ years writing code or script in at least one language like Java, Python, Ruby, Golang, etc.


• Strong understanding of Java language and modern web application frameworks


• Understanding of microservice architectures (Docker, 12-Factor App, API Gateways, etc.)


• Passion for modern software development and operation, including agile, CI/CD, DevSecOps, and infrastructure-as-code


• Knowledge of cloud infrastructure threats, common attacks, and mitigations


• Passion for learning and innovative solutions

Security Skills & Experience

• Strong understanding of security goals and terminologies (i.e. least privilege, attack surface reduction, cryptography, etc.)


• Strong understanding of web application threats, common attacks, and mitigations (OWASP top 10, CWE, etc.)


• Experience working with any of SAST, IAST, DAST, and/or RASP tools


• Experience working with any of vulnerability management and penetration testing tools such as Burp, zap, metasploit


• Experience injecting security into the development lifecycle (e.g. threat modeling)

Optional Skills

• Ability to use AWS API and CLI to automate tasks


• Experience in cloud and container security tools.


• Identity and Access Management in Public Cloud


• Experience of using cloud log analyzer or SIEM like SumoLogic, Splunk, ELK


• Familiarity with CI/CD tooling, and integration of security controls


• Familiarity with common automation, templating and infrastructure-as-code tools (e.g. Jenkins, Ansible, Puppet, Terraform, etc.)

Soft Skills

• Self-starter, Customer Centric Attitude


• High Collaboration and Influence Skills


• Willingness to mentor other members within internal or external team


• Ability to communicate technical concepts and complexity to all audiences


• Tolerant of Ambiguity and Changing Environment