Application Security Engineer
Costa Rica, Remote
Zuora
Zuora is the industry leader in subscription management. Build, run and grow your subscription business with Zuora’s suite of advanced billing and revenue recognition tools.OUR VISION: THE WORLD. SUBSCRIBED.
Customers have changed. They’re looking for new ways to engage with businesses. Consumers today have a new set of expectations. They want outcomes, not ownership. Customization, not generalization. Constant improvement, not planned obsolescence.
In the old world (let’s call it the Product Economy) it was all about things. Acquiring new customers, shipping commodities, billing for one-time transactions. But in today’s new era, it’s all about relationships. More and more customers are becoming subscribers because subscription experiences built around services meet consumers’ needs better than the static offerings or a single product.
Our vision is “The World Subscribed” where one day every company will be a part of the Subscription Economy® (a phrase coined by our CEO, Tien Tzuo and author of the best selling book Subscribed).
As consumers wave goodbye to ownership, join us as we help companies win on their journey to usership!
Zuora is looking for a Senior Security Engineer with expertise in Application Security and DevSecOps to join our application security & security engineering team.
What you’ll achieve:
- Work with teams across a worldwide organization and support them adopting and implementing software security practices and tools.
- Be hands-on with critical software engineering & tooling projects, work with the technical team lead and the product owner to ensure good security outcomes as part of project success.
- Shape the security of the overall Zuora software architecture and evangelize security within the R&D organization.
- Mentor engineers and influence architects when required to ensure security is baked in.
- Design and develop highly flexible common security components and APIs that enable the build of custom solutions that will be used across our company
- Develop best practices to ensure software security, functionality, usability, reliability and availability.
- Participate in design and code reviews as needed and provide appropriate recommendations.
- Work with project teams to design prototypes to validate security designs and solutions.
- Evaluate, test, implement, and support a variety of security tools
- Build a relationship and communicate effectively with all stakeholders in the SDLC (e.g. Product, Engineering, Operations)
What you’ll need to be successful:
- 5+ years of designing, implementing, and securing applications and systems using one or more relevant technologies (see below)
- Working knowledge of modern web technologies including cloud based APIs and protocols (REST, JSON), and relevant attacks and defenses.
- Understanding of microservice architectures
- A passion and knowledge base for exploring and experimenting with the latest application development technologies and security technologies
- Disciplined self-starter, able to be highly productive both working alone and in close collaboration within an agile development team
- Solid interpersonal skills capable of building strong relationships across functions
- BA/BS in Computer Science or similar technical degree or equivalent experience
Relevant technologies:
- JVM technology (Java, Kotlin, Scala) and related software frameworks (Spring and SpringBoot)
- Container and container infrastructure (e.g. Docker, containerd, k8s, Apache Mesos)
- Cloud technology (e.g. AWS, Azure)
- Web protocol standards (REST, RPC, SOAP)
- Javascript ecosystem (node.js), frontend (e.g. web components, angular, vue, react) and full-stack frameworks
- Modest competency in common scripting and automation languages (Python, Ruby, Golang, etc.)
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Application security Automation AWS Azure Cloud Computer Science DevSecOps Docker Full stack Golang Java JavaScript JSON Kotlin Node.js Python R&D Ruby Scala Scripting SDLC
Perks/benefits: Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs