Chargebee - Principal Security Engineer (7-10 yrs)

About Chargebee :

Chargebee is a subscription billing and revenue management platform powering some of the fastest-growing brands around the world today, including Calendly, Hopin, Pret-a-Manger, Freshworks, Okta, Study.com and others.

Thousands of SaaS and subscription-first businesses process over billions of dollars in revenue every year through the Chargebee platform. Headquartered in San Francisco, USA, our 500+ team members work remotely throughout the world, including India, the Netherlands, Paris, Spain, Australia, and the USA.

Chargebee has raised over $480 million in capital and is funded by Accel, Tiger Global, Insight Partners, Steadview Capital, and Sapphire Ventures. And we're on a mission to push the boundaries of subscription revenue operations. Not just ours, but every customer and prospective business on a recurring revenue model. Our team builds high-quality and innovative software to enable our customers to grow their revenues powered by the state-of-the-art subscription management platform.

Job Summary :

You will be operating at a cross section of cutting edge tech transformation using AWS & Azure stack in a data intensive environment. It entails deep architecture , engineering & automation interventions across Cloud Infrastructure & Product Engineering teams.

This role will have tech responsibilities around architecture & security engineering while actively working across product & infrastructure layers with focus on uplifting cyber resilience of product offerings of Chargebee.

You will also be product managing security products & build security observability products on top of Chargbee's product offerings.

Roles and Responsibilities :

Automation :

- Lead DevSecOps initiative with focus on integrating security tools with CICD workflow & increase automation quotient.

- Lead strategic initiatives like Github hardening SBOM, CBOM, EULA compliance automation etc. with a cost conscious approach.

Steer adoption of automated configuration verification for AWS & Azure through integration of verification tools to IAC tools like AWS cloud formation, Terraform or Azure Blueprints.

Engineering :

- Build security automation through developer lens with high developer empathy & self -serviceable as first principles.

- Familiarity with Github Actions, and how to incorporate automated security testing (i.e., SAST, Secrets Scanning DAST, SCA) into the development lifecycle.

- Work independently with developers , system engineers, product managers etc. to ensure design / development review with Security & Privacy first mindset.

- Own engineering & product management of all security tools spanning across CICD, product, infrastructure, identity, user endpoint & SaaS partner layers.

- Continuously enrich alerts / enhance detection efficiency of detection & response layer in software security stack.

- Lead control parity & unification of threat management tools across all M&As.

Security Testing :

- Perform penetration testing of various application types including web, web services and APIs.

- Demonstrable proficiency of penetration testing in cloud (AWS) and container space.

- Validate vulnerabilities submitted by external researchers and bug bounty programs.

Architecture :

- Participate & contribute to the Architecture Review Board in taking opinionated decisions on technology choices in software engineering & infrastructure patterns.

- Ideate, author & adopt RFC style technical documents & implementation guides/patterns for adoption by product / infrastructure engineering teams.

- Contribute to API strategy of Chargebee with focus on Security, Privacy & Governance pillars.

- Collaborate closely in a hands-on environment with architecture, product management, product engineering and GRC teams to design, build, and operate products securely.

- Own the charter for journaling security design & implementation mandates and lead its adoption across product & infrastructure groups.

- R&D emerging technologies , independently test & build pilots for adoption based on used cases at Chargebee and demonstrate it to the broader engineering community for adoption.

Must Have :

- 7+ years of experience in either as a security engineer / architect / penetration tester or product engineering in a data intensive environment operating a cloud native platform with a passion for security.

- Excellent research mindset with ability to operate independently & develop POV in emerging technologies with focus on risk & security.

- Ability to journal & create high quality wiki documentation for related work.

- Programming and scripting languages (Python, bash and Java ).

- Deep understanding on CICD / DevOps integration with experience in streamlining release management, branching strategy, workflows and engineering governance.

- Deep understanding of Github, Github Actions & standard CICD tools.

- Deep understanding of web applications, data and micro service architecture REST APIs.

- Operational knowledge of cloud service offerings by AWS with focus on securing cloud environments at Design , Deployment & Runtime.

- Experience either as a security architect, penetration tester or product engineering with ownership on security programs.

- Experience in microservices adoption / transformation and building engineering governance model with focus on API security.

- Experience of application security best practices and design principles i.e. OWASP, and Secure SDLC etc.

- Knowledge on common security implementations around authentication, authorizations, database security, network security, encryption, logging & monitoring , error handling & gateway products.

- Excellent communication skills, both verbal and written; ability to condense complicated scenarios into simple, risk-based assessments.

- Effective team player with experience in coaching and supporting junior team members.

- Experience in operating using Agile methodologies & use of JIRA / confluence.

Nice to have :

- AWS / Azure security certifications.

- Domain experience in payments / banking / platform based products.

- Security specific certifications like OSCP, CCSP or CISSP.

Skills and Experience :

- 7+ years of experience in either as a security architect, penetration tester or product engineering in a data intensive environment operating in cloud native platform with a passion for security.

- Security architect or product security or Penetration tester with exposure to information security principles and practices.

- API Security Rest or Graph.

- Preferred : Data intensive platforms & high performing API technology experience is a plus.

Benefits :

- Want to know what it means to work for a company that genuinely cares about you? Check out just a few of the benefits we give our employees :

- We are Globally Local : With a diverse team across four continents, and customers in over 60 countries, you get to work closely with a global perspective right from your own neighborhood.

- We value Curiosity : We believe the next great idea might just be around the corner.

- Perhaps it's that random thought you had ten minutes ago.

- We believe in creating an ecosystem that fosters a desire to seek out hard questions, and then figure out answers to them.

- Customer! Customer! Customer! Everything we do is driven towards enabling our customers' growth. This means no matter what you do, you will always be adding real value to a real business problem.

- It's a lot of responsibility, but also a lot of fun.