Application Security Engineer in Zuora

Closed job - No longer receiving applicants

Our Information Technology (IT) team is Zuora’s internal engineering organization, responsible for creating technology experiences that connect our teams, drive business alignment and build a stronger, more collaborative work “place.” With a cloud-first approach, we empower our global ZEOs with increased productivity and self-service to enable company growth, scale, and flexibility while hardening our security and compliance posture. Zuora is looking for a Senior Security Engineer with expertise in Application Security and DevSecOps to join our application security & security engineering team. Zuora is looking for a Senior Security Engineer with expertise in Application Security and DevSecOps to join our application security & security engineering team.

Job functions

  • Work with teams across a worldwide organization and support them in adopting and implementing software security practices and tools.
  • Be hands-on with critical software engineering & tooling projects, and work with the technical team lead and the product owner to ensure good security outcomes as part of project success.
  • Shape the security of the overall Zuora software architecture and evangelize security within the R&D organization.
  • Mentor engineers and influence architects when required to ensure security is baked in.
  • Design and develop highly flexible common security components and APIs that enable the building of custom solutions that will be used across our company
  • Develop best practices to ensure software security, functionality, usability, reliability, and availability.
  • Participate in design and code reviews as needed and provide appropriate recommendations.
  • Work with project teams to design prototypes to validate security designs and solutions.
  • Evaluate, test, implement, and support a variety of security tools
  • Build a relationship and communicate effectively with all stakeholders in the SDLC (e.g. Product, Engineering, Operations)

Qualifications and requirements

  • 5+ years of designing, implementing and securing applications and systems using one or more relevant technologies (see below)
  • Working knowledge of modern web technologies including cloud-based APIs and protocols (REST, JSON), and relevant attacks and defenses.
  • Understanding of microservice architectures
  • A passion and knowledge base for exploring and experimenting with the latest application development technologies and security technologies
  • Disciplined self-starter, able to be highly productive both working alone and in close collaboration within an agile development team
  • Solid interpersonal skills capable of building strong relationships across functions
  • BA/BS in Computer Science or similar technical degree or equivalent experience

Relevant technologies:

  • JVM technology (Java, Kotlin, Scala) and related software frameworks (Spring and SpringBoot)
  • Container and container infrastructure (e.g. Docker, containerd, k8s, Apache Mesos)
  • Cloud technology (e.g. AWS, Azure)
  • Web protocol standards (REST, RPC, SOAP)
  • Javascript ecosystem (node.js), frontend (e.g. web components, angular, vue, react) and full-stack frameworks
  • Modest competency in common scripting and automation languages (Python, Ruby, Golang, etc.)


Flexible hours Flexible schedule and freedom for attending family needs or personal errands.
Health coverage Zuora pays or copays health insurance for employees.
Computer provided Zuora provides a computer for your work.
Informal dress code No dress code is enforced.
Beverages and snacks Zuora offers beverages and snacks for free consumption.

Remote work policy

Locally remote only

Position is 100% remote, but candidates must reside in Costa Rica.

Life's too short for bad jobs.
Sign up for free and find jobs that are truly your match.