Senior Security Engineer
Zuora, Chennai, Tamil Nadu, India
Unifying order-to-cash for a dynamic subscription world
OUR VISION: THE WORLD. SUBSCRIBED.
Customers have changed. They’re looking for new ways to engage with businesses. Consumers today have a new set of expectations. They want outcomes, not ownership. Customization, not generalization. Constant improvement, not planned obsolescence.
In the old world (let’s call it the Product Economy) it was all about things. Acquiring new customers, shipping commodities, billing for one-time transactions. But in today’s new era, it’s all about relationships. More and more customers are becoming subscribers because subscription experiences built around services meet consumers’ needs better than the static offerings or a single product.
Our vision is “The World Subscribed” where one day every company will be a part of the Subscription Economy® (a phrase coined by our CEO, Tien Tzuo and author of the best selling book Subscribed).
Zuora’s Security teams are responsible for Data Center and Cloud infrastructure monitoring, managing internal and external shared services, infrastructure services and more - for Zuora’s customer facing SaaS products and platforms. Our technologists sit across US, Beijing, India and remotely, using a follow-the-sun model to provide 24x7x365 coverage for critical functions and partner closely with our Engineering, Customer Support, TechOps, Global Services and Sales teams on a daily basis to keep our customers front and center.
- Perform security monitoring gap analysis using MITRE ATT&Ck framework and increase detection coverage. Improving Signal to Noise Ratio, Developing Incident Response Workflow that can be automated & writing SOPs for SOC.
- Evaluate and enhance Network & Endpoint security controls.
- Log sources integration (ELK/Athena) and onboarding including custom parser development and tuning. Develop scripts to simplify data collection and automate data onboarding tasks.
THE OPPORTUNITY (AKA: Why you want this role over any other out there)
Zuora is looking for a Senior Security Engineer to join our infrastructure security program to build and manage rapidly growing infrastructure. You will have the opportunity to build automated solutions to secure AWS Cloud Infrastructure and provide technical leadership, solution design, and hands-on development support on security controls for infrastructure and applications. Collaborate cross-functionally and engage with all levels of leadership to gather requirements for, design, and implement security controls and Identify new security threats by conducting continuous monitoring, penetration testing, vulnerability assessments, and log analysis
OUR TECH STACK: Java, Spring, Rest API, Microservices, Kafka, Spark, NodeJS, AWS, Kubernetes, Terraform, AngularJS, CI/CD tools (e.g. Jenkins, Ansible, Puppet, Terraform, python, go.), SIEM like SumoLogic, Splunk, ELK, SOAR like komand, demisto
WHAT YOU’LL ACHIEVE
- Setting up of SIEM for Security Monitoring - Log Integration, developing correlation rules based on MITRE att&ck framework ,improving signal to noise ratio and developing Incident response workflow that can be automated.
- Perform Security Monitoring Gap analysis based on MITRE Framework and build corresponding process/framework for continuous evaluation.
- Adversary Emulation and Red Teaming exercise
- Evaluate and Enhance the Endpoint & Network security controls for better control and monitoring (On-prem and AWS)
- Build Framework for Threat hunting, SOAR Workflows, automated Forensics Evidence collection & data Acquisition
WHAT YOU’LL NEED TO BE SUCCESSFUL
MS or Bachelor in Computer Science or equivalent desired
- Over 10 years of experience in Security Operations & 3-5 years of experience in AWS
- Strong grasp of security fundamentals (i.e.system internals, attack surface reduction, Cryptographic protocols, etc.)
- Experience in any scripting language like: Python, Perl, Shell etc.
- Experience working is one Industry standard SIEM tool
- Experience working in Network and Endpoint security controls
- Experience in Handling Security Incidents and root cause analysis
- Knowledge of web application threats (e.g. OWASP Top 10), common attacks, and mitigations
- Vendor agnostic certificate like CISSP, CCSP,OSCP, SANS is a plus
- Ability to collaborate and work with global teams and mentor other team members
- Tolerant of Ambiguity and Changing Environment
ABOUT ZUORA & OUR “ZEO” CULTURE
Zuora (NYSE: ZUO) Zuora provides the leading cloud-based subscription management platform that functions as a system of record for subscription businesses across all industries. Powering the Subscription Economy®, the Zuora platform was architected specifically for dynamic, recurring subscription business models and acts as an intelligent subscription management hub that automates and orchestrates the entire subscription order-to-revenue process seamlessly across billing and revenue recognition. Zuora serves more than 1,000 companies around the world, including Box, Ford, Penske Media Corporation, Schneider Electric, Siemens, Xplornet, and Zoom.
At Zuora, we have one CEO but every employee is empowered and supported to be the ‘ZEO’ of their own career experience. By embedding inclusion and belonging into our processes, policies and culture, we are building a workplace where our 1,200+ ZEOs across North America, Europe, and APAC can bring all the elements of who they are into their work. In addition to an industry-leading six-month, 100% paid parental leave for all our ZEOs, we also offer programs to support your mental health and give back to our communities along with “career cash” and plenty of learning and development opportunities.
To learn more visit www.zuora.com
Zuora is proud to be an Equal Employment Opportunity employer.
Think, be and do you! At Zuora, different perspectives, experiences and contributions matter. Everyone counts. Zuora is proud to be an Equal Opportunity Employer committed to creating an inclusive environment for all.
Zuora does not discriminate on the basis of, and considers individuals seeking employment with Zuora without regards to, race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.
We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance(at)zuora.com.
Zuora is a SaaS company and the world’s foremost evangelist of the Subscription Economy. Zuora’s leading subscription relationship management platform helps enable businesses in any industry to launch or shift products to subscription, implement new pay-as-you-go pricing and packaging models, gain new insights into subscriber behavior, open new revenue streams, and disrupt market segments to gain competitive advantage.
Want to learn more about Zuora? Visit Zuora's website.
High-quality tools for hosting, sharing, and streaming videos