Sr. Cloud Security Engineer
Zeta Suite
Bengaluru, Karnataka, India
2h ago
source : Linkedin

All about Zeta Suite :

Zeta is the world’s first and only Omni Stack for banks and fintechs. We are rethinking payments from core to the edge, led by the vision to augment the purpose of money and banking with technology.

A single, modern software stack comprising processing, loans, customizable mobile and web apps, fraud engine, and rewards for retail banking.

We are a new-age, high-growth startup (& a unicorn!) founded in 2015 by two visionary leaders Bhavin Turakhia & Ramki Gaddipati, whose entrepreneurial legacy & excellence has put us on top of the global fintech ecosystem.

Zeta counts amongst its customers, over 10 banks and 25 fintechs, across 8 countries - some of our notable clients include Sodexo - a leading issuer of employee benefits & rewards with over 30 million global users, and HDFC Bank - the 14th largest bank by market cap in the world.

Learn more about our manifesto & beyond.

JD :

As a Cloud Security Professional, you will be playing a pivotal role in enabling Zeta in detecting and mitigating various vulnerabilities and automating the process at an early stage and making sure infrastructure and applications are secure.

You will work with an amazing peer group that fuels this ambition.

Where is this role?

This role is part of the Information Security Team, Engineering division of Zeta. The Cloud Security professional is responsible for creating the securing and automating the environment, coming up with project roadmap, setting processes in place, creating CI / CD roadmap etc.

Guide Developers and DevOps teams about new threats and help harden infrastructure and applications from various attacks as needed.

The objective is to make zeta applications and infrastructure secure.

What does the sub-division do?

  • Responsible for entire security of Zeta’s Tech stack (Cloud & On-prem)
  • Perform regular VA / PT for Web, Network and Mobile applications
  • Integrate security testing tools (SAST, DAST) in to CI / CD pipelines
  • Regular code reviews, involve in application design discussions
  • Perform Threat Modelling of Web / Mobile applications
  • Cloud Security Assessment & Automation
  • Write organizational level Infosec policies, review policies
  • Educate everyone at Zeta on Infosec best practices like secure coding, secure data handling, secure networking, secure crypto implementation etc.
  • What are your responsibilities?

  • Implement cloud security initiatives for entire organization Improve Cloud security posture and Kubernetes security using CI / CD Understand by regular gap assessment, Provide support in detection and mitigation of cyber security vulnerability and incidents for Cloud
  • Prepare and present reports of Vulnerability Assessment, Automation, Penetration Testing etc.
  • Oversee the planning and coordination of Cloud security Deploy, Maintain and Support Log Aggregation, Vulnerability and Threat Detection Solutions with associated visualizations so that real-time identification of issues can be performed.
  • In addition to the above specific responsibilities, as Cloud Security Engineer in Information Security division of Zeta, you will be responsible for :
  • Hiring decisions, hiring process definition, and continuous improvements.
  • Broad knowledge of security domain with an understanding of cloud & kubernetes vulnerabilities, secure configurations and mitigation mechanisms
  • Perform review and validation of all deliverables for Cloud Security
  • Educate DevOps, Devs and Security Team
  • What are you accountable for?
  • Continuous improvement of Cloud Security postureI
  • Integrating various tools into CI / CD and automate repetitive tasks
  • Make sure the environment is compliant to CIS, NIST, PCI etc.
  • Ensure that Security Standards are being adopted by the Product Team covering both Cloud, On-Prem, SaaS, PaaS and IaaS.
  • What are you expected to be good at?

    To be successful in this role, the following are the areas of expertise classified by their importance :

  • Critical : Solid understanding of public cloud technologies with hands-on technical knowledge of at least one major public cloud like AWS, Azure etc.
  • Experience of CI / CD Pipeline implementation and at least one tool (Jenkins, ArgoCD, Bitbucket Pipelines etc)
  • Experience in at least one scripting language (Bash, Python, Java etc)
  • Experience containerization and Kubernetes
  • Experience of automating and templating security processes and documentation for compliance purposes.
  • Hands on experience of vulnerability assessments, Penetration Testing, Web Application Security, data privacy, identify access management etc.
  • Experience of at least 2 active and passive security tooling (OWASP ZAP, Veracode, Checkmarx, Fiddler etc)
  • Experience on Infrastructure as Code solution (Terraform, Ansible, Chef etc)Advantage : experience with security tools like Prisma, Aqua, Clair, Hashicorp Vault, etc.
  • High :

  • Conduct Architecture and Design review to provide guidance and security assurance around best practices and frameworks.
  • Work closely with the DevOps teams and share security insight
  • Knowledge of development practices using Java and Nodejs, Docker, Kubernetes and other container orchestration services
  • Experience with Secure Code Quality Tools, Testing and Techniques - ZAP, Wireshark, Sonarqube, Metasploit etc.
  • Understanding of security frameworks, controls and processes - CIS, NIST, PCI / DSS. SOCI / II, etc
  • Medium experience in one or more languages - NodeJS, GoLang, Python, Perl, Ruby, Bash, Javascript, Java etc.
  • Ability to document risks, security controls and evidence to ensure compliance
  • Good to have :

  • Understanding of CI / CD, Jenkins
  • In-depth understanding of production operations on public cloud infrastructure
  • AWS VPC, S3 buckets, Load Balancers etc.
  • Dockers & Containers, Kubernetes
  • Certifications like AWS Certified Security Specialty, Certified Kubernetes Administrator (CKA), Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK), OSCP, OSEE, OSWE / AWAE, CISSP, SANS GPEN / GXPN etc.
  • Life At Zeta

    At Zeta, we want you to grow to be the best version of yourself by unlocking the great potential that lies within you. This is why our core philosophy is People Must Grow.

    We recognize your aspirations; act as enablers by bringing you the right opportunities, and let you grow as you chase disruptive goals.

    LifeAtZeta is adventurous and exhilarating at the same time. You get to work with some of the best minds in the industry and experience a culture that values the diversity of thoughts.

    If you want to push boundaries, learn continuously and grow to be the best version of yourself, Zeta is the place to be! Explore the life at zeta

    Zeta is an equal opportunity employer

    At Zeta, we are committed to equal employment opportunities regardless of job history, disability, gender identity, religion, race, marital / parental status, or other special status.

    We are proud to be an equitable workplace that welcomes individuals from all walks of life if they fit the roles and responsibilities.

    Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form