Sr Security Engineer
Company Overview
At Zuora, we do Modern Business. We’re helping people subscribe to new ways of doing business that are better for people, companies and ultimately the planet. It’s an approach resulting from the shift to the Subscription Economy that puts customers first by building recurring relationships instead of one-time product sales and focuses on sustainable growth. Through our leading expertise and multi-product suite, we are transforming all industries and working with the world’s most innovative companies to monetize new business models, nurture subscriber relationships and optimize their digital experiences.
The Team & Role
Zuora Security is dedicated to safeguarding our cloud-based application ecosystem. Our teams are responsible for defending our infrastructure, managing internal and external security services, and collaborating closely with engineering, customer support, and other departments to prioritize customer security. Operating on a global follow-the-sun model across the US, Beijing, and India, we provide 24/7/365 protection for Zuora's SaaS products and platforms.
Proactively defend the organization by architecting, implementing, and optimizing a resilient infrastructure security framework. Drive the SOC's evolution through automation, advanced threat intelligence, rapid incident response, and robust detection and response capabilities. Continuously manage and reduce the attack surface across our complex infrastructure. Develop and maintain security solutions aligned with evolving threats to safeguard our organization. Seek a security leader with a deep understanding of industry best practices, emerging threats, and the ability to translate technical expertise into strategic initiatives.
Zuora is looking for a Senior Security Engineer to join our infrastructure security program to build and manage rapidly growing infrastructure. This role offers an exceptional chance to shape the security posture of our organization by designing, implementing, and maintaining robust security solutions across our complex infrastructure. You will be instrumental in safeguarding our critical assets and driving innovation through automation and advanced security technologies.
Our Tech Stack: Java, Spring, Rest API, Microservices, Kafka, Spark, NodeJS, AWS, Kubernetes, Terraform, AngularJS
What you’ll do
- Architect and implement automated solutions to fortify our AWS Cloud infrastructure, enhancing efficiency and reducing risk.
- Provide technical leadership by designing and implementing security controls for both infrastructure and applications.
- Collaborate effectively with cross-functional teams to gather requirements, design, and implement effective security measures.
- Identify emerging threats through continuous monitoring, penetration testing, vulnerability assessments, and log analysis.
- Develop and grow with a high-performing security team, sharing your expertise and mentoring colleagues.
- Lead and participate in on-call rotations to ensure 24/7 security coverage and timely incident response.
- Drive significant improvements in security posture by reducing vulnerabilities, enhancing threat detection, and accelerating incident response times.
- Lead the development and implementation of innovative security solutions that leverage automation and emerging technologies.
- Contribute to a culture of security excellence by mentoring team members and fostering collaboration across the organization.
By joining our team, you will make a significant impact on the organization’s security, advance your career, and contribute to a culture of innovation.
Your experience
Education: Bachelor's degree in Computer Science or a related field. Advanced degree preferred.
Experience:
- Minimum of 10 years of progressive experience in Security Operations.
- At least 3-5 years of hands-on experience with AWS and Azure cloud security, including Infrastructure-as-Code software and tooling.
- Demonstrated experience working with infrastructure that contains containerized applications (EKS, ECS, etc.).
- Demonstrated experience contributing to technical and procedural documentation and policies.
- Demonstrated experience in handling security incidents and conducting thorough root cause analysis.
- Proven track record in designing, implementing, and managing security controls for networks and endpoints.
- Experience in Infrastructure Vulnerability Management.
- Experience in applying Agile methodologies to security projects and initiatives.
Technical Skills:
- In-depth understanding of security fundamentals, including system internals, attack surface reduction, and cryptographic protocols.
- Proficiency in scripting languages such as Python, PowerShell, or Perl for automation.
- Hands-on experience with industry-standard solutions including SIEM, SOAR, CSPM, DSPM, CDR, CWPP, etc.
- Strong knowledge of cloud security technologies, including IAM, encryption, and key management, AWS GuardDuty, WAF, etc.
- Familiarity with web application security threats (e.g., OWASP Top 10) and mitigation strategies.
- Proficiency in Linux systems administration and troubleshooting.
- Preferred certifications: AWS Certified Security Specialist, Azure Security Engineer Associate (or other relevant certifications)
- Experience in incident response methodologies, including investigation, containment, eradication, recovery, and lessons learned.
Nice to haves:
- Excellent problem-solving and analytical skills.
- Strong communication and interpersonal abilities to collaborate with diverse teams.
- Ability to adapt to changing environments and manage ambiguity effectively.
- Proven leadership and mentorship skills.
- Attention to detail, adaptability, and ability to work under pressure.
#ZEOLife at Zuora
As an industry pioneer, our work is constantly evolving and challenging us in new ways that require us to think differently, iterate often and learn constantly—it’s exciting. Our people, whom we refer to as “ZEOs" are empowered to take on a mindset of ownership and make a bigger impact here. Our teams collaborate deeply, exchange different ideas openly and together we’re making what’s next possible for our customers, community and the world.
As part of our commitment to building an inclusive, high-performance culture where ZEOs feel inspired, connected and valued, we support ZEOs with:
- Competitive compensation, corporate bonus program and performance rewards, company equity and retirement programs
- Medical insurance
- Generous, flexible time off
- Paid holidays, “wellness” days and company wide end of year break
- 6 months fully paid parental leave
- Learning & Development stipend
- Opportunities to volunteer and give back, including charitable donation match
- Free resources and support for your mental wellbeing
Specific benefits offerings may vary by country and can be viewed in more detail during your interview process.
Location & Work Arrangements
Organizations and teams at Zuora are empowered to design efficient and flexible ways of working, being intentional about scheduling, communication, and collaboration strategies that help us achieve our best results. In our dynamic, globally distributed company, this means balancing flexibility and responsibility — flexibility to live our lives to the fullest, and responsibility to each other, to our customers, and to our shareholders. For most roles, we offer the flexibility to work both remotely and at Zuora offices.
Our Commitment to an Inclusive Workplace
Think, be and do you! At Zuora, different perspectives, experiences and contributions matter. Everyone counts. Zuora is proud to be an Equal Opportunity Employer committed to creating an inclusive environment for all.
Zuora does not discriminate on the basis of, and considers individuals seeking employment with Zuora without regards to, race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.
We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance(at)zuora.com.