Security Engineer, DevSecOps, AppSec

Engineering & TechOps | Beijing Shi, China

Apply Now!


Customers have changed. They’re looking for new ways to engage with businesses. Consumers today have a new set of expectations. They want outcomes, not ownership. Customization, not generalization. Constant improvement, not planned obsolescence.  


In the old world (let’s call it the Product Economy) it was all about things. Acquiring new customers, shipping commodities, billing for one-time transactions. But in today’s new era, it’s all about relationships. More and more customers are becoming subscribers because subscription experiences built around services meet consumers’ needs better than the static offerings or a single product.


Our vision is “The World Subscribed” where one day every company will be a part of the Subscription Economy® (a phrase coined by our CEO, Tien Tzuo and author of the best selling book Subscribed).




Zuora’s Security teams are responsible for Application & Product Security across our services, Cloud and Data Center infrastructure monitoring, managing internal and external shared services, infrastructure services and more – all with the mission of securing for Zuora’s customer facing SaaS products and platforms. Our technologists sit across US, Beijing, India and remotely, using a follow-the-sun model to provide 24x7x365 coverage for critical functions and partner closely with our Engineering, Customer Support, TechOps, IT, Global Services and Sales teams on a daily basis to keep our customers front and center.



  • Drive security context, understanding, and decision information into all phases of product development and delivery
  • Build/automate reconnaissance of API’s, Red Team, Blue Team Capabilities 
  • Build/automate reporting Metrics and Analytics for key parts of the security program
  • Build/automate security configuration enforcement


THE OPPORTUNITY (AKA: Why you want this role over any other out there) 

We are looking for a DevSecOps Engineer with a passion for both building and breaking things to solve security problems in partnership with our Product and Engineering teams. You will have a chance to apply your skills and passion to improve the security of our product on a daily basis.


OUR TECH STACK: Java, Spring, Ruby, Rest APIs, Microservices, Kafka, Spark, NodeJS, AWS, Kubernetes, Terraform, AngularJS, CI/CD tools (e.g. GitLab, Spinnaker, Jenkins, Ansible, Puppet, Terraform, python, go.), SIEM like SumoLogic, Splunk, ELK, SOAR like komand, demisto



  • Provide security guidance to Engineering and Product teams.
  • Build threat models and conduct risk assessments for new features and services.
  • Perform design and code reviews (lots of them!).
  • Identify, triage, resolve, and manage security vulnerabilities identified in Zuora products.
  • Build libraries and tools to make software built and deployed at Zuora secure by default.
  • Make security an integral part of our CI/CD pipeline.
  • Perform internal penetration tests and participate in red team exercises.



  • 2-5 years of security experience.
  • 2-5 years of software development experience.
  • Strong understanding of Web application security, including hands-on exploitation skills coupled with defensive skills.
  • Familiarity with secure development practices and security testing techniques (SAST, DAST, fuzzing, etc.).
  • Familiarity with infrastructure and systems security domains.
  • Familiarity with web application security defense techniques and technologies (WAF, RASP, sanitization/validation, etc.
  • Familiarity with microservices architectures, platforms, and 12-factor design
  • Familiarity with relevant technologies (listed below)
  • Ability to read and reason in Java, and modest ability to build tools and automation in Python
  • Ability to explain complex security issues and their impact to diverse audiences.
  • Be a fast learner and have experience partnering with cross-functional teams. 
  • BA/BS in Computer Science or similar technical degree or equivalent experience



  • JVM technology (Java, Kotlin, Scala) and related software frameworks (Dropwizard, Spring and SpringBoot)
  • Container and container infrastructure (e.g. Docker, containerd, k8s, Apache Mesos)
  • Cloud technology (e.g. AWS, Azure, GCP)
  • web protocol standards (REST, RPC, SOAP)
  • Unix/Linux
  • Javascript ecosystem (node.js), frontend (e.g. web components, angular, vue, react) and full-stack frameworks
  • Modest competency in common scripting and automation languages (Python, Ruby, Golang, etc.)



Zuora (NYSE: ZUO) Zuora provides the leading cloud-based subscription management platform that functions as a system of record for subscription businesses across all industries. Powering the Subscription Economy®, the Zuora platform was architected specifically for dynamic, recurring subscription business models and acts as an intelligent subscription management hub that automates and orchestrates the entire subscription order-to-revenue process seamlessly across billing and revenue recognition. Zuora serves more than 1,000 companies around the world, including Box, Ford, Penske Media Corporation, Schneider Electric, Siemens, Xplornet, and Zoom.


At Zuora, we have one CEO but ​every employee is empowered and supported to be the ‘ZEO’ of their own career experience. By embedding inclusion and belonging into our processes, policies and culture, we are building a workplace where our 1,200+ ZEOs across North America, Europe, and APAC can bring all the elements of who they are into their work. In addition to an industry-leading six-month, 100% paid parental leave for all our ZEOs, we also offer programs to support your mental health and give back to our communities along with “career cash” and plenty of learning and development opportunities.


To learn more visit


Zuora is proud to be an Equal Employment Opportunity employer.

Think, be and do you! At Zuora, different perspectives, experiences and contributions matter. Everyone counts. Zuora is proud to be an Equal Opportunity Employer committed to creating an inclusive environment for all.


Zuora does not discriminate on the basis of, and considers individuals seeking employment with Zuora without regards to, race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.


We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance(at) 




Apply Now! back to search