Senior Application Security Engineer

Zuora Whether your business model is based on subscriptions, consumption, or a hybrid approach, our industry leading monetization solutions will help. At Zuora, we do Modern Business. We’re helping people subscribe to new ways of doing business that are better for people, companies and ultimately the planet. It’s an approach resulting from the shift to the Subscription Economy that puts customers first by building recurring relationships instead of one-time product sales and focuses on sustainable growth. Through our leading expertise and multi-product suite, we are transforming all industries and working with the world’s most innovative companies to monetize new business models, nurture subscriber relationships and optimize their digital experiences. Duties & Responsibilities Zuora is looking for a Senior Security Engineer with expertise in Application Security and DevSecOps to join our application security & security engineering team. What you will achieve:

• Work with teams across a worldwide organization and support them adopting and implementing software security practices and tools.
• Be hands-on with critical software engineering & tooling projects, work with the technical team lead and the product owner to ensure good security outcomes as part of project success.
• Shape the security of the overall Zuora software architecture and evangelize security within the R&D organization.
• Mentor engineers and influence architects when required to ensure security is baked in.
• Design and develop highly flexible common security components and APIs that enable the build of custom solutions that will be used across our company.
• Develop best practices to ensure software security, functionality, usability, reliability and availability.
• Participate in design and code reviews as needed and provide appropriate recommendations.
• Work with project teams to design prototypes to validate security designs and solutions.
• Evaluate, test, implement, and support a variety of security tools.
• Build a relationship and communicate effectively with all stakeholders in the SDLC (e.g. Product, Engineering, Operations).

Your experience:

• BA/BS in Computer Science or similar technical degree or equivalent experience.
• At least 5 years of designing, implementing, and securing applications and systems using one or more relevant technologies.
• Knowledge of modern web technologies including cloud based APIs and protocols (REST, JSON), and relevant attacks and defenses.
• Understanding of microservice architectures.
• A passion and knowledge base for exploring and experimenting with the latest application development technologies and security technologies.
• Disciplined self-starter, able to be highly productive both working alone and in close collaboration within an agile development team.
• Solid interpersonal skills capable of building strong relationships across functions.
• JVM technology (Java, Kotlin, Scala) and related software frameworks (Spring and SpringBoot).
• Container and container infrastructure (e.g. Docker, k8s, Apache Mesos).
• Cloud technology (e.g. AWS, Azure).
• Web protocol standards (REST, RPC, SOAP).
• Modest competency in common scripting and automation languages (Python, Ruby, Golang, etc.).

As an industry pioneer, our work is constantly evolving and challenging us in new ways that require us to think differently, iterate often and learn constantly—it’s exciting. Our people, whom we refer to as “ZEOs #J-18808-Ljbffr