OUR VISION: THE WORLD. SUBSCRIBED.

Customers have changed. They’re looking for new ways to engage with businesses. Consumers today have a new set of expectations. They want outcomes, not ownership. Customization, not generalization. Constant improvement, not planned obsolescence.  

In the old world (let’s call it the Product Economy) it was all about things. Acquiring new customers, shipping commodities, billing for one-time transactions. But in today’s new era, it’s all about relationships. More and more customers are becoming subscribers because subscription experiences built around services meet consumers’ needs better than the static offerings or a single product.

Our vision is “The World Subscribed” where one day every company will be a part of the Subscription Economy® (a phrase coined by our CEO, Tien Tzuo and author of the best selling book Subscribed).

THE TEAM

Zuora’s Security teams are responsible for Application & Product Security across our ecosystem. This includes defending Cloud and Data Center infrastructure,  managing internal and external security services, and more – all with the mission of securing Zuora’s customer-facing SaaS products and platforms. Our technologists sit across US, Beijing, and India using a follow-the-sun model to provide 24x7x365 coverage for critical functions. We partner closely with our Engineering, Customer Support, TechOps, IT, Global Services and Sales teams on a daily basis to keep our customers front and center.

YOUR MISSION:

• Monitor, Detect and Respond to alerts generated by security controls as part of 24×7 delivery team
• Incident Response, Containment and Remediation handling
• Analyze, document and report on potential security incidents and perform Threat Hunting for business critical environments
• Drive, improve and automate all aspects of SOC using custom scripting, and other SOAR platform
• Write infrastructure as code using CloudFormation or similar. You should see different technologies as a means to an end and be well practiced at hunting for a solution through unfamiliar domains

THE OPPORTUNITY (AKA: Why you want this role over any other out there) 

We are looking for a Cloud Security Operations Engineer with a passion for detecting cyber security threats, remediate them and prevent occurance of them in the future. Automate the manual processes to increase the response time and thus solve security challenges. You will have a chance to apply your skills and passion to improve the security of our product on a daily basis, and make a visible impact by driving metrics, process, and automation for threat monitoring.

OUR TECH STACK: Java, Spring, Ruby, Rest APIs, Microservices, Kafka, Spark, NodeJS, AWS, Kubernetes, Terraform, AngularJS, CI/CD tools (e.g. Jenkins, Ansible, Puppet, Terraform, python, go.), SIEM like SumoLogic, Splunk, ELK, SOAR like komand, demisto

WHAT YOU’LL ACHIEVE

• Detect, respond and remediate threats targeting Zuora’s products and infrastructure 
• Build workflows using SOAR to automate various playbooks and processes. 
• Plan, scope and coordinate various adversarial testing (e.g. external penetration testing).
• Perform internal penetration tests and participate in internal red team exercises.
• Drive the evaluation, integration and testing of new security tools and technologies
• Collaborate with other teams in vulnerability management programs.
• Write infrastructure as code using CloudFormation or similar.

WHAT YOU’LL NEED TO BE SUCCESSFUL

• 2-5 years of security experience, specifically on SOC.
• 10+ years of technology experience.
• Strong understanding of Network Security, System Security, Web application security, End-point Security including hands-on exploitation skills coupled with defensive skills.
• Familiarity with infrastructure and systems security domains and automation.
• Ability to explain complex security issues and their impact to diverse audiences.
• Be a fast learner and have experience partnering with cross-functional teams. 
• BA/BS in Computer Science or similar technical degree or equivalent experience

RELEVANT TECHNOLOGIES:

• Modest competency in common scripting and automation languages (Python, Ruby, Golang, etc.)
• Windows, Linux and Unix based systems
• Cloud based technologies (e.g. AWS, Azure, GCP)
• Endpoint Security tools (e.g. Crowdstrike, Carbon black)
• SIEM (e.g. Sumo Logic, Splunk, Alien Vault) and SOAR (e.g. Phantom, Demisto, Komand)

ABOUT ZUORA & OUR “ZEO” CULTURE

Zuora (NYSE: ZUO) Zuora provides the leading cloud-based subscription management platform that functions as a system of record for subscription businesses across all industries. Powering the Subscription Economy®, the Zuora platform was architected specifically for dynamic, recurring subscription business models and acts as an intelligent subscription management hub that automates and orchestrates the entire subscription order-to-revenue process seamlessly across billing and revenue recognition. Zuora serves more than 1,000 companies around the world, including Box, Ford, Penske Media Corporation, Schneider Electric, Siemens, Xplornet, and Zoom.

At Zuora, we have one CEO but ​every employee is empowered and supported to be the ‘ZEO’ of their own career experience. By embedding inclusion and belonging into our processes, policies and culture, we are building a workplace where our 1,200+ ZEOs across North America, Europe, and APAC can bring all the elements of who they are into their work. In addition to an industry-leading six-month, 100% paid parental leave for all our ZEOs, we also offer programs to support your mental health and give back to our communities along with “career cash” and plenty of learning and development opportunities.

To learn more visit www.zuora.com

Zuora is proud to be an Equal Employment Opportunity employer.

Think, be and do you! At Zuora, different perspectives, experiences and contributions matter. Everyone counts. Zuora is proud to be an Equal Opportunity Employer committed to creating an inclusive environment for all.