Cloud DevSecOps Engineer

New
Z
Zact Inc.Fintech
We are a fully remote company with a focus on hiring in the US., time zones will be an important consideration for collaborationFull-TimeSenior
Salary not disclosed
Apply NowOpens the employer's application page

Job Details

Experience
5+ years
Required Skills
PythonGCPKubernetes

Requirements

  • 5+ years of experience in DevSecOps, Cloud Security, or DevOps.
  • Strong expertise with Kubernetes (GKE preferred) and container security practices, including hands-on experience with Helm.
  • Solid proficiency with Google Cloud (GCP) security architecture.
  • Hands-on experience with security tooling such as SAST/DAST, container scanning (e.g., Trivy, Scout, PrismaCloud), and CSPM platforms.
  • Practical experience working within regulated fintech environments, specifically executing technical evidence collection for PCI-DSS and SOC 2 audits.
  • Proficient in scripting languages such as Python or Bash.
  • Comprehensive knowledge of networking, zero-trust architectures, and system administration in cloud environments.
  • Familiarity with configuration management tools (e.g., Terraform, OpenTofu) and IaC security scanning (e.g., tfsec, Checkov) is preferred.
  • Exposure to microservices architectures and best practices for secure deployment is preferred.

Responsibilities

  • Integrate and automate security controls directly into CI/CD pipelines, ensuring continuous vulnerability scanning, code analysis, and secure software delivery.
  • Design, implement, and maintain secure Infrastructure as Code across multiple environments, primarily focusing on Google Cloud (GCP).
  • Drive compliance and continuous auditing, acting as the primary technical point of contact for automated and manual evidence collection, with a heavy focus on PCI-DSS and supporting SOC 2 requirements.
  • Manage and enforce Identity and Access Management (IAM), network security policies, and encryption standards across all cloud environments.
  • Conduct continuous infrastructure security monitoring, threat modeling, and automated compliance auditing using tools like GCP Security Command Center (SCC) and Prisma Cloud.
  • Collaborate with development teams to resolve security vulnerabilities, streamline secure deployment workflows, and cultivate a security-first engineering culture.
View Full Description & ApplyYou'll be redirected to the employer's site
View details
Apply Now