Zuora is a SaaS company and the world’s foremost evangelist of the Subscription Economy®. Zuora’s leading subscription relationship management platform helps enable businesses in any industry to launch or shift products to subscription, implement new pay-as-you-go pricing and packaging models, gain new insights into subscriber behavior, open new revenue streams, and disrupt market segments to gain competitive advantage. Zuora serves more than 800 companies around the world in every industry. The Subscription Economy Index (SEI) demonstrates that SEI companies are growing revenues approximately nine times faster than the S&P 500. Headquartered in Silicon Valley, Zuora also operates offices in Atlanta, Boston, Denver, San Francisco, London, Paris, Beijing, Sydney, Chennai and Tokyo.
Zuora is looking for Security Engineer to join our Security Operations program to drive securing and hardening Zuora’s rapidly growing infrastructure. As Security Engineer you will have the opportunity to develop your analytical, strategic, and technical skills around cloud focused security foundation.
- Monitor active threats, analyze them and come up with remediation control plan.
- Anticipating and remediating key security gaps or risks that could be disruptive to the environment (e.g. allow unauthorized access, privilege escalation, or data exfiltration)
- Monitor, Audit, Detect and Remediate critical Security exposures in Zuora’s SaaS and Enterprise Infrastructure
- Identify new security threats by conducting continuous monitoring, vulnerability assessments and log analysis
- Respond to all security incidents and manage end-to-end incident response lifecycle.
- Run other key security operations center (SOC) functions for Zuora’s Infrastructure: Threat Management, Vulnerability Management
- Publish various SOC KPIs to broader group and drive continuous improvement
- Implement simple automations for Security tasks like audit, metrics collection, reporting etc.
- Implementing automation around security control enforcements using AWSConfig, Lambda, CloudFormation etc.
- Collaborate cross-functionally and engage with all levels of leadership to gather requirements, build appropriate cloud security technology roadmaps and implementation plans.
- Maintain strong awareness of events in the external community to identify threats and opportunities for enhancement.
- Evaluate, test, implement and support third party security tools
Required Experience and skills
Education & Essential Experience
- MS or Bachelor in Computer Science or equivalent desired
- 2+ Years Security Operations or Security Incident Response Experience
- 3-5 Years of industry experience
- AWS/Public Cloud experience is a plus
- Knowledge in any scripting language like: Python, Perl, Shell etc.
- Threat/Intrusion Detection, Vulnerability Management, & remediation techniques
- Key security protocol fundamentals
- Security Controls & Tools for AWS Public Cloud Services
- Vulnerability Management tool
- Intrusion Detection Tools
- Experience of Security config monitoring of public cloud
- Experience in one or more cloud security monitoring tools
- Knowledge of using at least one industry standard cloud log analyzer or SIEM
- Experience in one or more endpoint security tools.
- Basic Scripting experience in one or more platforms: Python, Bash, Perl
- Linux System & Network Administration fundamentals
- Knowledge of AWS API and CLI for various AWS Services
- Self-starter, Customer Centric Attitude
- High Collaboration and Influence Skills
- Willingness to mentor other members within internal or external team
- Ability to communicate technical concepts and complexity to all audiences
- Tolerant of Ambiguity and Changing Environment