Senior Security Engineer

Responsibilities

• Collaborate with teams across a global organization to support the adoption and implementation of secure software development practices and tooling.
• Contribute hands-on to critical engineering and tooling projects, working closely with technical leads and product owners to ensure security is a key part of successful project outcomes.
• Mentor engineers and influence architectural decisions to ensure security is embedded by design.
• Design and develop reusable, flexible security components and APIs to support scalable, secure application development across the company.
• Define and promote best practices to ensure software security without compromising functionality, usability, reliability, or availability.
• Participate in design and code reviews, providing actionable security recommendations as needed.
• Collaborate with project teams to design and prototype secure solutions, validating key assumptions and security objectives.
• Evaluate, implement, and support a range of security tools to improve visibility and reduce risk.
• Build strong relationships and communicate effectively with stakeholders throughout the SDLC, including Product, Engineering, and Operations teams.
• By joining our team, you will make a significant impact on the organization's security, advance your career, and contribute to a culture of innovation.
• Education: Bachelor's degree in Computer Science or a related field. Advanced degree preferred.

Requirements

• 8+ years of experience in application security, software development, or a related engineering role.
• Strong understanding of secure software development practices, including experience working with developers to embed security into the SDLC.
• Hands-on experience conducting security design reviews, threat modeling, and code reviews for web and cloud-based applications.
• Familiarity with common application vulnerabilities (e.g., OWASP Top 10) and experience in identifying and remediating them.
• Experience working with security tools such as SAST, DAST, SCA, and container security scanners.
• Ability to communicate security concepts effectively to both technical and non-technical stakeholders.
• Experience with AWS security best practices and securing cloud-native architectures.
• Background in DevSecOps or building security automation into CI/CD pipelines.
• Familiarity with Bug Bounty triage or managing responsible disclosure programs.
• Experience with regulatory frameworks (e.g., ISO 27001, SOC 2, or GDPR) as they relate to product security.
• Programming or scripting skills (e.g., Python, JavaScript, or Go) to build internal tools or automation.
• #ZEOLife at Zuo

Benefits

Additional Information

Company Overview At Zuora, we do Modern Business . We're helping people subscribe to new ways of doing business that are better for people, companies and ultimately the planet. It's an approach resulting from the shift to the Subscription Economy that puts customers first by building recurring relationships instead of one-time product sales and focuses on sustainable growth. Through our leading expertise and multi-product suite, we are transforming all industries and working with the world's most innovative companies to monetize new business models, nurture subscriber relationships and optimize their digital experiences. The Team & Role Zuora Security is dedicated to safeguarding our cloud-based application ecosystem. Our teams are responsible for defending our infrastructure, managing internal and external security services, and collaborating closely with engineering, customer support, and other departments to prioritize customer security. Operating on a global follow-the-sun model across the US, Beijing, and India, we provide 24/7/365 protection for Zuora's SaaS products and platforms. Proactively defend the organization by architecting, implementing, and optimizing a resilient infrastructure security framework. Drive the SOC's evolution through automation, advanced threat intelligence, rapid incident response, and robust detection and response capabilities. Continuously manage and reduce the attack surface across our complex infrastructure. Develop and maintain security solutions aligned with evolving threats to safeguard our organization. Seek a security leader with a deep understanding of industry best practices, emerging threats, and the ability to translate technical expertise into strategic initiatives. Zuora is looking for a Senior Security Engineer to join our infrastructure security program to build and manage rapidly growing infrastructure. This role offers an exceptional chance to shape the security posture of our organization by designing, implementing, and maintaining robust security solutions across our complex infrastructure. You will be instrumental in safeguarding our critical assets and driving innovation through automation and advanced security technologies. Our Tech Stack: Java, Spring, Rest API, Microservices, Kafka, Spark, NodeJS, AWS, Kubernetes, Terraform, AngularJS

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Zuora? Share your experience