Zuora's Application Security & Security Engineering team partners closely with engineering to embed security into the software development lifecycle through scalable tools, processes, and culture.

As an Application Security Engineer, you'll work hands-on with developers and architects to drive secure design, build security automation, and support critical projects across our cloud-native platform. This role is part of our growing presence in Sydney and offers the opportunity to shape and scale security practices globally.

This is a hybrid position, so you'll work both remotely and in the office.

What you'll do :

- Collaborate with teams across a global organization to support the adoption and implementation of secure software development practices and tooling.

- Contribute hands-on to critical engineering and tooling projects, working closely with technical leads and product owners to ensure security is a key part of successful project outcomes.

- Mentor engineers and influence architectural decisions to ensure security is embedded by design.

- Design and develop reusable, flexible security components and APIs to support scalable, secure application development across the company.

- Define and promote best practices to ensure software security without compromising functionality, usability, reliability, or availability.

- Participate in design and code reviews, providing actionable security recommendations as needed.

- Collaborate with project teams to design and prototype secure solutions, validating key assumptions and security objectives.

- Evaluate, implement, and support a range of security tools to improve visibility and reduce risk.

- Build strong relationships and communicate effectively with stakeholders throughout the SDLC, including Product, Engineering, and Operations teams.

Your experience :

- 2+ years of experience in application security, software development, or a related engineering role.

- Strong understanding of secure software development practices, including experience working with developers to embed security into the SDLC.

- Hands-on experience conducting security design reviews, threat modeling, and code reviews for web and cloud-based applications.

- Familiarity with common application vulnerabilities (e.g., OWASP Top 10) and experience in identifying and remediating them.

- Experience working with security tools such as SAST, DAST, SCA, and container security scanners.

- Ability to communicate security concepts effectively to both technical and non-technical stakeholders.

Nice to haves :

- Experience with AWS security best practices and securing cloud-native architectures.

- Background in DevSecOps or building security automation into CI/CD pipelines.

- Familiarity with Bug Bounty triage or managing responsible disclosure programs.

- Experience with regulatory frameworks (e.g., ISO 27001, SOC 2, or GDPR) as they relate to product security.

- Programming or scripting skills (e.g., Python, JavaScript, or Go) to build internal tools or automation.