Senior Infrastructure Security Engineer
Zuora is a SaaS company and the world’s foremost evangelist of the Subscription Economy®. Zuora’s leading subscription relationship management platform helps enable businesses in any industry to launch or shift products to subscription, implement new pay-as-you-go pricing and packaging models, gain new insights into subscriber behavior, open new revenue streams, and disrupt market segments to gain competitive advantage. Zuora serves more than 800 companies around the world in every industry. The Subscription Economy Index (SEI) demonstrates that SEI companies are growing revenues approximately nine times faster than the S&P 500. Headquartered in Silicon Valley, Zuora also operates offices in Atlanta, Boston, Denver, San Francisco, London, Paris, Beijing, Sydney, Chennai and Tokyo.
Zuora is looking for Senior Security Engineer to join our Security Operations program to drive securing and hardening Zuora’s rapidly growing infrastructure. As Senior Security Engineer you will have the opportunity to develop your analytical, strategic, and technical skills around cloud focused security foundation.
- Sr Security Engineer will be responsible for securing and hardening Zuora’s infrastructure including but not limited to systems, networks, endpoints, SaaS integrations, and cloud resources.
- Work closely with Technology and Operations teams to ensure the security of our infrastructure.
- Partner with Corporate Technology and stakeholders to provide secure and documented integrations for SaaS and application suites
- The ideal candidate with be tenacious, vendor agnostic and familiar with large internal networks and systems.
- Participate in security reviews of our infrastructure, help with research, and test new technologies.
- Evaluate, test, implement and support new security tools
- Ensure all systems and networks are being monitored and logged for security operations team
- Identify new security threats by conducting continuous monitoring, penetration testing, vulnerability assessments and log analysis
- Create and maintain audit and review processes for security, such as firewall and VPN policies to certify building technology globally.
- Maintain endpoint security baseline standards and policies
- Implement and update policies for CASB and DLP solutions
- Patching and Vulnerability management
- Audit, Detect and Remediate critical Security exposures in AWS Cloud Infrastructure
- Implement simple automations for Security tasks
- Maintain strong awareness of events in the external community to identify threats and opportunities for enhancement.
Required Experience and skills
Education & Essential Experience
- Bachelor in Computer Science or equivalent field and 10+ Years of industry experience
- 5+ Years of Security Experience
- Excellent analytical, troubleshooting, and interpersonal skills
- Strong verbal and written communication skills, including the ability to translate technical risks and exposures to a business perspective
- Self-motivated and able to work independently in fast paced and high-pressure environment
- Hands on experience with Windows, Linux OS hardening and critical services like DNS, Active Directory, Proxy etc.
- Threat/Intrusion Detection, Vulnerability Management, & remediation techniques
- Security concepts and technologies such as IDS/IPS, VPNs, D/DoS
- Experience of using centralized log analyzer or SIEM like Sumologic, Splunk, Elk
- Experience of Security Controls in public cloud (AWS preferred) is a plus
- Key security protocol fundamentals
Programming and Ops Skills
- Experience with large scale systems, networking and security infrastructure
- Experience in any scripting language like: Python, Perl, Shell etc.
- Clear understanding of network protocols such as TCP/IP, HTTPS, SSH, TLS, DNS, SMTP, 802.1X etc.