Security Engineer

OUR VISION: THE WORLD. SUBSCRIBED.

Customers have changed. They’re looking for new ways to engage with businesses. Consumers today have a new set of expectations. They want outcomes, not ownership. Customization, not generalization. Constant improvement, not planned obsolescence.

In the old world (let’s call it the Product Economy) it was all about things. Acquiring new customers, shipping commodities, billing for one-time transactions. But in today’s new era, it’s all about relationships. More and more customers are becoming subscribers because subscription experiences built around services meet consumers’ needs better than the static offerings or a single product.

Our vision is “The World Subscribed” where one day every company will be a part of the Subscription Economy® (a phrase coined by our CEO, Tien Tzuo and author of the best selling book Subscribed).

THE TEAM

Zuora’s Security teams are responsible for Data Center and Cloud infrastructure monitoring, managing internal and external shared services, infrastructure services and more - for Zuora’s customer facing SaaS products and platforms. Our technologists sit across US, Beijing, India and remotely, using a follow-the-sun model to provide 24x7x365 coverage for critical functions and partner closely with our Engineering, Customer Support, TechOps, IT, Global Services and Sales teams on a daily basis to keep our customers front and center.

YOUR MISSION:

• Help automate internal SOC operations workflows.
• Understand the current application infrastructure and suggest changes to it. Define and document best practices and strategies regarding various application deployments and infrastructure.
• Write infrastructure as code using CloudFormation or similar. You should see different technologies as a means to an end and be well practiced at hunting for a solution through unfamiliar domains

THE OPPORTUNITY (AKA: Why you want this role over any other out there)

Zuora is looking for a Security Engineer/Security Analyst to join our infrastructure security program to build and manage rapidly growing infrastructure. You will have the opportunity to build automated solutions to secure AWS Cloud Infrastructure and provide hands-on development support on security controls for infrastructure and applications. Collaborate cross-functionally and engage with all levels of leadership to gather requirements for, design, and implement security controls and Identify new security threats by conducting continuous monitoring, penetration testing, vulnerability assessments, and log analysis

OUR TECH STACK: Java, Spring, Rest API, Microservices, Kafka, Spark, NodeJS, AWS, Kubernetes, Terraform, AngularJS, CI/CD tools (e.g. Jenkins, Ansible, Puppet, Terraform, python, go.), SIEM like SumoLogic, Splunk, ELK, SOAR like komand, demisto

WHAT YOU’LL ACHIEVE

• Contributing to the SOC operation and Cloud Security (AWS/Azure)
• Use your understanding of common security challenges and the necessity of automation to influence the product and our security vendors.
• Build exciting new solutions to routine manual processes across a variety of tools and disciplines (e.g. security enforcements, account creation automation)

WHAT YOU’LL NEED TO BE SUCCESSFUL

• MS or Bachelor in Computer Science or equivalent desired
• Over 2 years of experience in Security Operations & 1 year of experience in AWS/Azure
• Strong grasp of security fundamentals (i.e.system internals, attack surface reduction, Cryptographic protocols, etc.)
• Experience in any scripting language like: Python, Shell etc.
• Experience working is one Industry standard SIEM, SOAR tool
• Experience working in Network and Endpoint security controls
• Experience in Handling Security Incidents and root cause analysis
• Knowledge of web application threats (e.g. OWASP Top 10), common attacks, and mitigations
• Vendor agnostic certificate like CISSP, CCSP,OSCP, SANS is a plus
• Ability to collaborate and work with global teams and mentor other team members
• Tolerant of Ambiguity and Changing Environment