Cloud DevSecOps Engineer
New
Z
Zact Inc.Fintech
We are a fully remote company with a focus on hiring in the US., time zones will be an important consideration for collaborationFull-TimeSenior
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Experience
- 5+ years
- Required Skills
- PythonGCPKubernetes
Requirements
- 5+ years of experience in DevSecOps, Cloud Security, or DevOps.
- Strong expertise with Kubernetes (GKE preferred) and container security practices, including hands-on experience with Helm.
- Solid proficiency with Google Cloud (GCP) security architecture.
- Hands-on experience with security tooling such as SAST/DAST, container scanning (e.g., Trivy, Scout, PrismaCloud), and CSPM platforms.
- Practical experience working within regulated fintech environments, specifically executing technical evidence collection for PCI-DSS and SOC 2 audits.
- Proficient in scripting languages such as Python or Bash.
- Comprehensive knowledge of networking, zero-trust architectures, and system administration in cloud environments.
- Familiarity with configuration management tools (e.g., Terraform, OpenTofu) and IaC security scanning (e.g., tfsec, Checkov) is preferred.
- Exposure to microservices architectures and best practices for secure deployment is preferred.
Responsibilities
- Integrate and automate security controls directly into CI/CD pipelines, ensuring continuous vulnerability scanning, code analysis, and secure software delivery.
- Design, implement, and maintain secure Infrastructure as Code across multiple environments, primarily focusing on Google Cloud (GCP).
- Drive compliance and continuous auditing, acting as the primary technical point of contact for automated and manual evidence collection, with a heavy focus on PCI-DSS and supporting SOC 2 requirements.
- Manage and enforce Identity and Access Management (IAM), network security policies, and encryption standards across all cloud environments.
- Conduct continuous infrastructure security monitoring, threat modeling, and automated compliance auditing using tools like GCP Security Command Center (SCC) and Prisma Cloud.
- Collaborate with development teams to resolve security vulnerabilities, streamline secure deployment workflows, and cultivate a security-first engineering culture.
View Full Description & ApplyYou'll be redirected to the employer's site