Principal Application Security Engineer

United States, Remote

Apply now

Zuora provides the leading cloud-based subscription management platform that functions as a system of record for subscription businesses across all industries. Powering the Subscription Economy®, the Zuora platform was architected specifically for dynamic, recurring subscription business models and acts as an intelligent subscription management hub that automates and orchestrates the entire subscription order-to-cash process, including billing and revenue recognition.

 

At Zuora, every employee is the CEO of their career and leading our mission are over 1,200 passionate and innovative ZEOs who value freedom, responsibility and accountability in equal measure because they have the capacity to make shifts happen. Our culture isn’t an empty branding effort – our ZEOs love working here and it shows in our 4.5+ rating on Glassdoor. We take it very seriously. We encourage our employees to be curious, creative, and stay focused on our shared mission of enabling our customers to be successful.

 

Zuora serves more than 1,000 companies around the world, including Box, Komatsu, Rogers, Schneider Electric, Xplornet and Zendesk. Headquartered in Silicon Valley, Zuora also operates offices in Atlanta, Boston, Frisco, Denver, San Francisco, London, Paris, Beijing, Sydney, Chennai and Tokyo.

 

At Zuora, different perspectives, experiences and contributions matter. Everyone counts. Zuora is proud to be an equal opportunity employer committed to creating an inclusive environment for all.

 

 

Zuora is looking for a Principal Security Engineer with expertise in Application Security and DevSecOps to join our application security & security engineering team. 

 

What you’ll achieve:

  • Work with teams across a worldwide organization and support them adopting and implementing software security practices and tools.
  • Be hands-on with critical software engineering & tooling projects, work with the technical team lead and the product owner to ensure good security outcomes as part of project success.
  • Shape the security of the overall Zuora software architecture and evangelize security within the R&D organization.
  • Mentor engineers and influence architects when required to ensure security is baked in.
  • Design and develop highly flexible common security components and APIs that enable the build of custom solutions that will be used across our company
  • Develop best practices to ensure software security, functionality, usability, reliability and availability.
  • Participate in design and code reviews as needed and provide appropriate recommendations.
  • Work with project teams to design prototypes to validate security designs and solutions.
  • Evaluate, test, implement, and support a variety of security tools
  • Build a relationship and communicate effectively with all stakeholders in the SDLC (e.g. Product, Engineering, Operations) 

 

What you’ll need to be successful:

  • 8+ years of designing, implementing, and securing applications and systems using one or more relevant technologies (see below)
  • Working knowledge of modern web technologies including cloud based APIs and protocols (SOAP, REST, JSON), and relevant attacks and defenses.
  • Experience developing and securing innovative, groundbreaking apps on a PaaS with 12-factor design
  • Understanding of microservice architectures
  • A passion and knowledge base for exploring and experimenting with the latest application development technologies and security technologies
  • Disciplined self-starter, able to be highly productive both working alone and in close collaboration within an agile development team
  • Tons of great ideas, the ability to bring them to life (or sometimes fail but learn a lot in the process) and a love for solving hard problems
  • Solid interpersonal skills capable of building strong relationships across functions
  • BA/BS in Computer Science or similar technical degree or equivalent experience

 

Relevant technologies:

  • JVM technology (Java, Kotlin, Scala) and related software frameworks (Dropwizard, Spring and SpringBoot)
  • Container and container infrastructure (e.g. Docker, containerd, k8s, Apache Mesos)
  • Cloud technology (e.g. AWS, Azure, GCP)
  • Web protocol standards (REST, RPC, SOAP)
  • Unix/Linux
  • Javascript ecosystem (node.js), frontend (e.g. web components, angular, vue, react) and full-stack frameworks
  • Modest competency in common scripting and automation languages (Python, Ruby, Golang, etc.)

Apply now


Let’s do this.

You’re unique and we’re on a journey – so let’s embark on a unique journey together. We encourage you to apply to all roles that utilize your skills and ignite the passion within you.

No matter where you’re located, or which team you work on, you’ll be part of a group of people working together to build a better world: The World Subscribed.

Go ahead and apply!

 

 

Get to Know Us

Go ahead, take a look inside #ZEOLife. Meet our ZEOs and learn what it’s like to be a part of our team.

Read the Life at Zuora Blog

Choosing to Challenge, Today and Everyday at Zuora

Zuora’s executive team shares their insights on how we can “Choose to Challenge”...

Read more  

Choosing to Challenge, Today and Everyday at Zuora

C-Crets to Advocating for Yourself at Work

Four steps everyone can take to guide their career to the next level while maint...

Read more  

C-Crets to Advocating for Yourself at Work

Highlights from the Subscription Experience 2021

The global Subscribed experience goes virtual in our first ever Subscription Exp...

Read more  

Highlights from the Subscription Experience 2021

Connect with us

All about relationships. Let’s connect!