Security Engineer
Chennai, Tamil Nadu, India
Zuora
Zuora is the industry leader in subscription management. Build, run and grow your subscription business with Zuora’s suite of advanced billing and revenue recognition tools.In the old world (let’s call it the Product Economy) it was all about things. Acquiring new customers, shipping commodities, billing for one-time transactions. But in today’s new era, it’s all about relationships. More and more customers are becoming subscribers because subscription experiences built around services meet consumers’ needs better than the static offerings or a single product.
Our vision is “The World Subscribed” where one day every company will be a part of the Subscription Economy® (a phrase coined by our CEO, Tien Tzuo and author of the best selling book Subscribed). THE TEAM
Zuora’s Security teams are responsible for Application & Product Security across our services, Cloud and Data Center infrastructure monitoring, managing internal and external shared services, infrastructure services and more - all with the mission of securing for Zuora’s customer facing SaaS products and platforms. Our technologists sit across US, Beijing, India and remotely, using a follow-the-sun model to provide 24x7x365 coverage for critical functions and partner closely with our Engineering, Customer Support, TechOps, IT, Global Services and Sales teams on a daily basis to keep our customers front and center. YOUR MISSION:
- Drive security context, understanding, and decision information into all phases of product development and delivery
- Build/automate reconnaissance of API’s, Red Team, Blue Team Capabilities
- Build/automate reporting Metrics and Analytics for key parts of the security program
- Build/automate security configuration enforcement
We are looking for a DevSecOps Engineer with a passion for both building and breaking things to solve security problems in partnership with our Product and Engineering teams. You will have a chance to apply your skills and passion to improve the security of our product on a daily basis. OUR TECH STACK: Java, Spring, Ruby, Rest APIs, Microservices, Kafka, Spark, NodeJS, AWS, Kubernetes, Terraform, AngularJS, CI/CD tools (e.g. GitLab, Spinnaker, Jenkins, Ansible, Puppet, Terraform, python, go.), SIEM like SumoLogic, Splunk, ELK, SOAR like komand, demisto WHAT YOU’LL ACHIEVE:
- Provide security guidance to Engineering and Product teams.
- Build threat models and conduct risk assessments for new features and services.
- Perform design and code reviews (lots of them!).
- Identify, triage, resolve, and manage security vulnerabilities identified in Zuora products.
- Build libraries and tools to make software built and deployed at Zuora secure by default.
- Make security an integral part of our CI/CD pipeline.
- Perform internal penetration tests and participate in red team exercises.
- 2-5 years of security experience.
- 2-5 years of software development experience.
- Strong understanding of Web application security, including hands-on exploitation skills coupled with defensive skills.
- Familiarity with secure development practices and security testing techniques (SAST, DAST, fuzzing, etc.).
- Familiarity with infrastructure and systems security domains.
- Familiarity with web application security defense techniques and technologies (WAF, RASP, sanitization/validation, etc.
- Familiarity with microservices architectures, platforms, and 12-factor design
- Familiarity with relevant technologies (listed below)
- Ability to read and reason in Java, and modest ability to build tools and automation in Python
- Ability to explain complex security issues and their impact to diverse audiences.
- Be a fast learner and have experience partnering with cross-functional teams.
- BA/BS in Computer Science or similar technical degree or equivalent experience
- JVM technology (Java, Kotlin, Scala) and related software frameworks (Dropwizard, Spring and SpringBoot)
- Container and container infrastructure (e.g. Docker, containerd, k8s, Apache Mesos)
- Cloud technology (e.g. AWS, Azure, GCP)
- web protocol standards (REST, RPC, SOAP)
- Unix/Linux
- Javascript ecosystem (node.js), frontend (e.g. web components, angular, vue, react) and full-stack frameworks
- Modest competency in common scripting and automation languages (Python, Ruby, Golang, etc.)
Zuora (NYSE: ZUO) Zuora provides the leading cloud-based subscription management platform that functions as a system of record for subscription businesses across all industries. Powering the Subscription Economy®, the Zuora platform was architected specifically for dynamic, recurring subscription business models and acts as an intelligent subscription management hub that automates and orchestrates the entire subscription order-to-revenue process seamlessly across billing and revenue recognition. Zuora serves more than 1,000 companies around the world, including Box, Ford, Penske Media Corporation, Schneider Electric, Siemens, Xplornet, and Zoom.
At Zuora, we have one CEO but every employee is empowered and supported to be the ‘ZEO’ of their own career experience. By embedding inclusion and belonging into our processes, policies and culture, we are building a workplace where our 1,200+ ZEOs across North America, Europe, and APAC can bring all the elements of who they are into their work. In addition to an industry-leading six-month, 100% paid parental leave for all our ZEOs, we also offer programs to support your mental health and give back to our communities along with “career cash” and plenty of learning and development opportunities.To learn more visit www.zuora.comZuora is proud to be an Equal Employment Opportunity employer.
Think, be and do you! At Zuora, different perspectives, experiences and contributions matter. Everyone counts. Zuora is proud to be an Equal Opportunity Employer committed to creating an inclusive environment for all.Zuora does not discriminate on the basis of, and considers individuals seeking employment with Zuora without regards to, race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance(at)zuora.com.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Ansible APIs Application security Automation AWS Azure Blue team CI/CD Cloud Computer Science DAST DevSecOps Docker ELK Full stack GCP GitLab Golang Java JavaScript Kafka Kotlin Kubernetes Linux Microservices Monitoring Node.js Product security Puppet Python Red team Risk assessment Ruby SaaS SAST Scala Scripting SIEM SOAR Splunk Terraform UNIX Vulnerabilities
Perks/benefits: Career development Health care Medical leave Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Engineer jobs
- Open Senior Cyber Security Specialist jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs