Principal Security Engineer

About Chargebee: Chargebee is a subscription billing and revenue management platform powering some of the fastest-growing brands around the world today, including Calendly, Hopin, Pret-a-Manger, Freshworks, Okta, Study.com and others. Thousands of SaaS and subscription-first businesses process over billions of dollars in revenue every year through the Chargebee platform. Headquartered in San Francisco, USA, our 500+ team members work remotely throughout the world, including India, the Netherlands, Paris, Spain, Australia, and the USA. Chargebee has raised over $480 million in capital and is funded by Accel, Tiger Global, Insight Partners, Steadview Capital, and Sapphire Ventures. And we’re on a mission to push the boundaries of subscription revenue operations. Not just ours, but every customer and prospective business on a recurring revenue model. Our team builds high-quality and innovative software to enable our customers to grow their revenues powered by the state-of-the-art subscription management platform. Job Summary: You will be operating at a cross section of cutting edge tech transformation using AWS & Azure stack in a data intensive environment. It entails deep architecture , engineering & automation interventions across Cloud Infrastructure & Product Engineering teams. This role will have tech responsibilities around architecture & security engineering while actively working across product & infrastructure layers with focus on uplifting cyber resilience of product offerings of Chargebee. You will also be product managing security products & build security observability products on top of Chargbee’s product offerings. Roles and Responsibilities: Automation :

• Lead DevSecOps initiative with focus on integrating security tools with CICD workflow & increase automation quotient.
• Lead strategic initiatives like Github hardening SBOM, CBOM, EULA compliance automation etc. with a cost conscious approach.
• Steer adoption of automated configuration verification for AWS & Azure through integration of verification tools to IAC tools like AWS cloud formation, Terraform or Azure Blueprints.

Engineering:

• Build security automation through developer lens with high developer empathy & self -serviceable as first principles.
• Familiarity with Github Actions, and how to incorporate automated security testing (e.g., SAST, Secrets Scanning DAST, SCA) into the development lifecycle .
• Work independently with developers , system engineers, product managers etc. to ensure design / development review with Security & Privacy first mindset.
• Own engineering & product management of all security tools spanning across CICD, product, infrastructure, identity, user endpoint & SaaS partner layers.
• Continuously enrich alerts / enhance detection efficiency of detection & response layer in software security stack.
• Lead control parity & unification of threat management tools across all M&As.

Security Testing :

• Perform penetration testing of various application types including web, web services and APIs.
• Demonstrable proficiency of penetration testing in cloud (AWS) and container space.
• Validate vulnerabilities submitted by external researchers and bug bounty programs.

Architecture :

• Participate & contribute to the Architecture Review Board in taking opinionated decisions on technology choices in software engineering & infrastructure patterns.
• Ideate, author & adopt RFC style technical documents & implementation guides/patterns for adoption by product / infrastructure engineering teams.
• Contribute to API strategy of Chargebee with focus on Security, Privacy & Governance pillars.
• Collaborate closely in a hands-on environment with architecture, product management, product engineering and GRC teams to design, build, and operate products securely.
• Own the charter for journaling security design & implementation mandates and lead its adoption across product & infrastructure groups.
• R&D emerging technologies , independently test & build pilots for adoption based on used cases at Chargebee and demonstrate it to the broader engineering community for adoption.

Must Have:

• 7+ years of experience in either as a security engineer / architect / penetration tester or product engineering in a data intensive environment operating a cloud native platform with a passion for security.
• Excellent research mindset with ability to operate independently & develop POV in emerging technologies with focus on risk & security.
• Ability to journal & create high quality wiki documentation for related work.
• Programming and scripting languages (Python, bash and Java ).
• Deep understanding on CICD / DevOps integration with experience in streamlining release management, branching strategy, workflows and engineering governance.
• Deep understanding of Github, Github Actions & standard CICD tools.
• Deep understanding of web applications, data and micro service architecture - REST APIs .
• Operational knowledge of cloud service offerings by AWS with focus on securing cloud environments at Design , Deployment & Runtime.
• Experience either as a security architect, penetration tester or product engineering with ownership on security programs.
• Experience in microservices adoption / transformation and building engineering governance model with focus on API security
• Experience of application security best practices and design principles e.g. OWASP, and Secure SDLC etc.
• Knowledge on common security implementations around authentication, authorizations, database security, network security, encryption, logging & monitoring , error handling & gateway products.
• Excellent communication skills, both verbal and written; ability to condense complicated scenarios into simple, risk-based assessments
• Effective team player with experience in coaching and supporting junior team members
• Experience in operating using Agile methodologies & use of JIRA / confluence

Nice to have:

• AWS / Azure security certifications
• Domain experience in payments / banking / platform based products
• Security specific certifications like OSCP, CCSP or CISSP

Skills and Experience:

• 7+ years of experience in either as a security architect, penetration tester or product engineering in a data intensive environment operating in cloud native platform with a passion for security.
• Security architect or product security or Penetration tester with exposure to information security principles and practices.
• API Security - Rest or Graph
• Preferred : Data intensive platforms & high performing API technology experience is a plus.

Benefits: Want to know what it means to work for a company that genuinely cares about you? Check out just a few of the benefits we give our employees: We are Globally Local With a diverse team across four continents, and customers in over 60 countries, you get to work closely with a global perspective right from your own neighborhood. We value Curiosity We believe the next great idea might just be around the corner. Perhaps it’s that random thought you had ten minutes ago. We believe in creating an ecosystem that fosters a desire to seek out hard questions, and then figure out answers to them. Customer! Customer! Customer! Everything we do is driven towards enabling our customers’ growth. This means no matter what you do, you will always be adding real value to a real business problem. It’s a lot of responsibility, but also a lot of fun.