Manager - Cloud Security
Zeta’s platform accelerates the phenomenon of digital native neobanking, unbundling and rebundling of banking and invisible payments. The platform enables the new-age financial institutes to have faster go-to-market. Enables the existing financial institutes with the much-required capabilities to partner with the FinTechs and to offer a suite of modern banking experiences. Zeta is founded by Bhavin Turakhia and Ramki Gaddipati. Bhavin has also been the Founder/ Co-Founder of Directi, Radix, Ringo, Codechef, and Flock. Zeta products have been recognized as the Best Prepaid Card in 2018. Zeta is recognized as the Fastest Growing Company of the Year, Fin-tech Rising Star Award, and India’s Most Innovative Top 50 Product Companies by various trade journals. Zeta is a PCI DSS/3DS, ISO 27001 and SOC 2 company. Zeta has been valued at $1.45 billion in a recent fundraising round. Zeta’s platform is in use by 3 million users and by financial institutes across 7 countries. As a Cloud Security Professional, you will be playing a pivotal role in enabling Zeta in detecting and mitigating various vulnerabilities and automating the process at an early stage and making sure infrastructure and applications are secure. You will work with an amazing peer group that fuels this ambition.
Where is this role
- This role is part of the Information Security Team, Engineering division of Zeta. The Cloud Security engineer is responsible for creating the securing and automating the environment, coming up with project roadmap, setting processes in place, creating CI/CD roadmap etc. Guide Developers and DevOps teams about new threats and help harden infrastructure and applications from various attacks as needed. The objective is to make zeta applications and infrastructure secure.
What does the sub-division do?
- Responsible for entire security of Zeta’s Tech stack (Cloud & On-prem)
- Perform regular VA/PT for Web, Network and Mobile applications
- Integrate security testing tools (SAST, DAST) in to CI/CD pipelines
- Regular code reviews, involve in application design discussions
- Perform Threat Modelling of Web/Mobile applications
- Cloud Security Assessment & Automation
- Write organizational level Infosec policies, review policies
- Educate everyone at Zeta on Infosec best practices like secure coding, secure data handling, secure networking, secure crypto implementation etc.
What are your responsibilities?
- Implement cloud security initiatives for entire organization Improve Cloud security posture and Kubernetes security using CI/CD Understand by regular gap assessment, Provide support in detection and mitigation of cyber security vulnerability and incidents for Cloud
- Prepare and present reports of Vulnerability Assessment, Automation, Penetration Testing etc.
- Oversee the planning and coordination of Cloud security Deploy, Maintain and Support Log Aggregation, Vulnerability and Threat Detection Solutions with associated visualizations so that real-time identification of issues can be performed.
- In addition to the above specific responsibilities, as Cloud Security Engineer in Information Security division of Zeta, you will be responsible for:
- Hiring decisions, hiring process definition, and continuous improvements. Broad knowledge of security domain with an understanding of cloud & kubernetes vulnerabilities, secure configurations and mitigation mechanisms
- Perform review and validation of all deliverables for Cloud Security
- Educate DevOps, Devs and Security Team
What are you accountable for?
- Continuous improvement of Cloud Security postureI
- ntegrating various tools into CI/ CD and automate repetitive tasks
- Make sure the environment is compliant to CIS, NIST, PCI etc.
- Ensure that Security Standards are being adopted by the Product Team covering both Cloud, On-Prem, SaaS, PaaS and IaaS.
What are you expected to be good at?
- To be successful in this role, the following are the areas of expertise classified by their importance:
- Critical: Solid understanding of public cloud technologies with hands-on technical knowledge of at least one major public cloud like AWS, Azure etc.
- Experience of CI/CD Pipeline implementation and at least one tool (Jenkins, ArgoCD, Bitbucket Pipelines etc)Experience in at least one scripting language (Bash, Python, Java etc)Experience containerization and Kubernetes
- Experience of automating and templating security processes and documentation for compliance purposes.
- Hands on experience of vulnerability assessments, Penetration Testing, Web Application Security, data privacy, identify access management etc.
- Experience of at least 2 active and passive security tooling (OWASP ZAP, Veracode, Checkmarx, Fiddler etc)Experience on Infrastructure as Code solution (Terraform, Ansible, Chef etc)Advantage: experience with security tools like Prisma, Aqua, Clair, Hashicorp Vault, etc.
- Conduct Architecture and Design review to provide guidance and security assurance around best practices and frameworks.
- Work closely with the DevOps teams and share security insight
- Knowledge of development practices using Java and Nodejs, Docker, Kubernetes and other container orchestration services
- Experience with Secure Code Quality Tools, Testing and Techniques - ZAP, Wireshark, Sonarqube, Metasploit etc.
- Ability to document risks, security controls and evidence to ensure compliance
Perks/benefits: Startup environment
Other jobs like this
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Senior DevSecOps Engineer jobs
- Open Senior Security Operations Engineer jobs
- Open Senior Security Analyst jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Head of Information Security jobs
- Open Sr. Security Engineer jobs
- Open SOC Analyst jobs
- Open Staff Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Offensive Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Security Researcher jobs
- Open Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Security Consultant jobs
- Open Cloud Security Operations Lead jobs
- Open Cloud Security Automation Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Security Engineer II jobs
- Open Security Engineering Manager jobs
- Open GCP-related jobs
- Open Kubernetes-related jobs
- Open Analytics-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Clearance-related jobs
- Open Audits-related jobs
- Open Agile-related jobs
- Open Threat intelligence-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open CISM-related jobs
- Open Governance-related jobs
- Open CISA-related jobs
- Open Ruby-related jobs
- Open DevSecOps-related jobs
- Open ISO 27001-related jobs
- Open Open Source-related jobs
- Open Encryption-related jobs
- Open Security assessments-related jobs
- Open GDPR-related jobs