Security Engineer, DevSecOps, Vulnerability Management

Zuora

Chennai, IN
  • Job Type: Full-Time
  • Function: IT
  • Post Date: 04/04/2021
  • Website: zuora.com
  • Company Address: 3050 South Delaware Street Suite 301, San Mateo, CA, 94403

About Zuora

We provide cloud-based software via subscription that enables any company in any industry to successfully launch, manage, and transform into a subscription business. Our vision is simple. We call it “The World Subscribed.” It’s the idea that one day every company will be a part of the Subscription Economy. Our mission is to enable all companies to be successful in the Subscription Economy.

Job Description

OUR VISION: THE WORLD. SUBSCRIBED.

Customers have changed. They’re looking for new ways to engage with businesses. Consumers today have a new set of expectations. They want outcomes, not ownership. Customization, not generalization. Constant improvement, not planned obsolescence.  

 

In the old world (let’s call it the Product Economy) it was all about things. Acquiring new customers, shipping commodities, billing for one-time transactions. But in today’s new era, it’s all about relationships. More and more customers are becoming subscribers because subscription experiences built around services meet consumers’ needs better than the static offerings or a single product.

 

Our vision is “The World Subscribed” where one day every company will be a part of the Subscription Economy® (a phrase coined by our CEO, Tien Tzuo and author of the best selling book Subscribed).

 

THE TEAM

 

Zuora’s Security teams are responsible for Application & Product Security across our services, Cloud and Data Center infrastructure monitoring, managing internal and external shared services, infrastructure services and more – all with the mission of securing for Zuora’s customer facing SaaS products and platforms. Our technologists sit across US, Beijing, India and remotely, using a follow-the-sun model to provide 24x7x365 coverage for critical functions and partner closely with our Engineering, Customer Support, TechOps, IT, Global Services and Sales teams on a daily basis to keep our customers front and center.

YOUR MISSION:

 

  • Drive, improve and automate all aspects of the vulnerability management processes for all categories of vulnerabilities
  • Build/automate reconnaissance of API’s, Red Team, Blue Team Capabilities 
  • Build/automate reporting Metrics and Analytics for key parts of the security program
  • Build/automate security configuration enforcement

 

THE OPPORTUNITY (AKA: Why you want this role over any other out there) 

We are looking for a DevSecOps Engineer with a passion for using software to automate manual processes and a keen interest building and breaking things to solve security problems. You will have a chance to apply your skills and passion to improve the security of our product on a daily basis, and make a visible impact by driving metrics, process, and automation for vulnerability management.

 

OUR TECH STACK: Java, Spring, Ruby, Rest APIs, Microservices, Kafka, Spark, NodeJS, AWS, Kubernetes, Terraform, AngularJS, CI/CD tools (e.g. Jenkins, Ansible, Puppet, Terraform, python, go.), SIEM like SumoLogic, Splunk, ELK, SOAR like komand, demisto

 

WHAT YOU’LL ACHIEVE

  • Build tools and applications to automate vulnerability identification and analysis processes.
  • Identify, triage, resolve, and manage security vulnerabilities identified in Zuora products and infrastructure
  • Plan, scope and coordinate various adversarial testing (e.g. external penetration testing).
  • Perform internal penetration tests and participate in internal red team exercises.
  • Drive the evaluation, integration and testing of new security tools and technologies
  • Design and implement APIs to provide vulnerability management capabilities to other engineering teams.
  • Contribute to reliability, performance, and security of modern systems running on AWS.

 

WHAT YOU’LL NEED TO BE SUCCESSFUL

  • 2-5 years of security experience.
  • 2-5 years of software development experience.
  • Strong understanding of Web application security, including hands-on exploitation skills coupled with defensive skills.
  • Familiarity with manual and automated vulnerability identification and validation techniques and tools.
  • Familiarity with infrastructure and systems security domains.
  • Ability to explain complex security issues and their impact to diverse audiences.
  • Be a fast learner and have experience partnering with cross-functional teams. 
  • BA/BS in Computer Science or similar technical degree or equivalent experience

 

RELEVANT TECHNOLOGIES:

  • JVM technology (Java, Kotlin, Scala) and related software frameworks (Dropwizard, Spring and SpringBoot)
  • Container and container infrastructure (e.g. Docker, containerd, k8s, Apache Mesos)
  • Cloud technology (e.g. AWS, Azure, GCP)
  • web protocol standards (REST, RPC, SOAP)
  • Unix/Linux
  • Javascript ecosystem (node.js), frontend (e.g. web components, angular, vue, react) and full-stack frameworks
  • Modest competency in common scripting and automation languages (Python, Ruby, Golang, etc.)

 

ABOUT ZUORA & OUR “ZEO” CULTURE

Zuora (NYSE: ZUO) Zuora provides the leading cloud-based subscription management platform that functions as a system of record for subscription businesses across all industries. Powering the Subscription Economy®, the Zuora platform was architected specifically for dynamic, recurring subscription business models and acts as an intelligent subscription management hub that automates and orchestrates the entire subscription order-to-revenue process seamlessly across billing and revenue recognition. Zuora serves more than 1,000 companies around the world, including Box, Ford, Penske Media Corporation, Schneider Electric, Siemens, Xplornet, and Zoom.

 

At Zuora, we have one CEO but ​every employee is empowered and supported to be the ‘ZEO’ of their own career experience. By embedding inclusion and belonging into our processes, policies and culture, we are building a workplace where our 1,200+ ZEOs across North America, Europe, and APAC can bring all the elements of who they are into their work. In addition to an industry-leading six-month, 100% paid parental leave for all our ZEOs, we also offer programs to support your mental health and give back to our communities along with “career cash” and plenty of learning and development opportunities.

 

To learn more visit www.zuora.com

 

Zuora is proud to be an Equal Employment Opportunity employer.

Think, be and do you! At Zuora, different perspectives, experiences and contributions matter. Everyone counts. Zuora is proud to be an Equal Opportunity Employer committed to creating an inclusive environment for all.

 

Zuora does not discriminate on the basis of, and considers individuals seeking employment with Zuora without regards to, race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.

 

We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance(at)zuora.com.

Related Jobs

Senior Software Engineer

Zuora - Beijing, CN

Account Executive

Zuora - New York City, NY, US

Account Executive

Zuora - Atlanta, GA, US

Enterprise Account Executive

Zuora - Remote

Strategic Account Executive DACH

Zuora - Munich, DE
Disclaimer: Local Candidates Only
This company does NOT accept candidates from outside recruiting firms. Agency contacts are not welcome.