The Job logo

What

Where

Cloud Security Engineer II

ApplyJoin for More Updates

You must Sign In before continuing to the company website to apply.

Smart SummaryPowered by Roshi
This role is part of the Information Security Team in Zeta's Engineering division. We are looking for a Cloud Security engineer to secure and automate our environment, set processes, and guide developers and DevOps teams. Your responsibility includes hardening infrastructure, threat management, and ensuring the security of our applications. Join us in making Zeta applications and infrastructure secure!

Where is this role

  • This role is part of the Information Security Team, Engineering division of Zeta. The Cloud Security engineer is responsible for creating the securing and automating the environment, coming up with project roadmap, setting processes in place, creating CI/CD roadmap etc. Guide Developers and DevOps teams about new threats and help harden infrastructure and applications from various attacks as needed. The objective is to make zeta applications and infrastructure secure.

What does the sub-division do?

  • Responsible for entire security of Zeta’s Tech stack (Cloud & On-prem)
  • Perform regular VA/PT for Web, Network and Mobile applications
  • Integrate security testing tools (SAST, DAST) in to CI/CD pipelines
  • Regular code reviews, involve in application design discussions
  • Perform Threat Modelling of Web/Mobile applications
  • Cloud Security Assessment & Automation
  • Write organizational level Infosec policies, review policies
  • Educate everyone at Zeta on Infosec best practices like secure coding, secure data handling, secure networking, secure crypto implementation etc.

What are your responsibilities?

  • Implement cloud security initiatives for entire organization Improve Cloud security posture and Kubernetes security using CI/CD Understand by regular gap assessment, Provide support in detection and mitigation of cyber security vulnerability and incidents for Cloud
  • Prepare and present reports of Vulnerability Assessment, Automation, Penetration Testing etc.
  • Oversee the planning and coordination of Cloud security Deploy, Maintain and Support Log Aggregation, Vulnerability and Threat Detection Solutions with associated visualizations so that real-time identification of issues can be performed.
  • In addition to the above specific responsibilities, as Cloud Security Engineer in Information Security division of Zeta, you will be responsible for:  
  • Hiring decisions, hiring process definition, and continuous improvements. Broad knowledge of security domain with an understanding of cloud & kubernetes vulnerabilities, secure configurations and mitigation mechanisms
  • Perform review and validation of all deliverables for Cloud Security
  • Educate DevOps, Devs and Security Team

What are you accountable for?

  • Continuous improvement of Cloud Security postureI
  • Integrating various tools into CI/ CD and automate repetitive tasks 
  • Make sure the environment is compliant to CIS, NIST, PCI etc. 
  • Ensure that Security Standards are being adopted by the Product Team covering both Cloud, On-Prem, SaaS, PaaS and IaaS.

What are you expected to be good at?

To be successful in this role, the following are the areas of expertise classified by their importance: 

  • Critical: Solid understanding of public cloud technologies with hands-on technical knowledge of at least one major public cloud like AWS, Azure etc.
  • Experience of CI/CD Pipeline implementation and at least one tool (Jenkins, ArgoCD, Bitbucket Pipelines etc)Experience in at least one scripting language (Bash, Python, Java etc)Experience containerization and Kubernetes
  • Experience of automating and templating security processes and documentation for compliance purposes.
  • Hands on experience of vulnerability assessments, Penetration Testing, Web Application Security, data privacy, identify access management etc.
  • Experience of at least 2 active and passive security tooling (OWASP ZAP, Veracode, Checkmarx, Fiddler etc)Experience on Infrastructure as Code solution (Terraform, Ansible, Chef etc)Advantage: experience with security tools like Prisma, Aqua, Clair, Hashicorp Vault, etc. 

High:

  • Conduct Architecture and Design review to provide guidance and security assurance around best practices and frameworks.
  • Work closely with the DevOps teams and share security insight
  • Knowledge of development practices using Java and Nodejs, Docker, Kubernetes and other container orchestration services
  • Experience with Secure Code Quality Tools, Testing and Techniques - ZAP, Wireshark, Sonarqube, Metasploit etc.
  • Understanding of security frameworks, controls and processes - CIS, NIST, PCI/DSS. SOCI/II, etcMedium experience in one or more languages - NodeJS, GoLang, Python, Perl, Ruby, Bash, Javascript, Java etc.
  • Ability to document risks, security controls and evidence to ensure compliance
Set alert for similar jobsCloud Security Engineer II role in Bengaluru, India
Zeta Logo

Company

Zeta

Job Posted

a year ago

Job Type

Full-time

WorkMode

On-site

Experience Level

3-7 Years

Category

Technology

Locations

Bengaluru, Karnataka, India

Qualification

Bachelor

Applicants

Be an early applicant

Related Jobs

Meesho Logo

Security Engineer II

Meesho

Bengaluru, Karnataka, India

Posted: a year ago

As our Security Engineer II, you will ensure Meesho’s products and services are safe and secure in production environments. You will drive the integration of security within our DevOps processes, conduct manual code reviews, and identify and mitigate security threats. Your commitment will ensure robust protection and secure project delivery.

Baker Hughes Logo

Senior Lead Cloud Security Engineer

Baker Hughes

Bengaluru, Karnataka, India

Posted: a year ago

Designs, programs, documents, tests, and fixes bugs involved in creating and maintaining applications and frameworks involved in a software release lifecycle resulting in a digital product. Deep technical expertise within a field. Has comprehensive knowledge of underlying principles, approaches and methodology.   Responsibilities, authorities and accountabilities Developing, implementing, and managing Azure Policies to enforce governance and compliance standards across the organization's Azure environments Providing technical guidance and support to application teams to ensure policy compliance during application deployments Monitoring and auditing Azure Policy compliance, investigating policy violations, and providing remediation guidance to ensure continuous adherence to security standards Leading small development team and managing end to end execution of software development in the Azure space Gathering user requirements and understanding use cases, design documents, and driving implementation in accordance with project and platform goals   Required Qualifications Have a Bachelor's degree from an accredited university or college with overall 10 years of experience. Have 4-6 years of experience in Cyber Security Engineering. Be an expert with Microsoft Azure, including proficiency in Azure Policy, Azure Resource Manager, and Azure Governance Be an expert with scripting and automation languages (e.g., Python, PowerShell, Azure CLI, JSON) to author and manage Azure Policies  Have strong skills in identifying the pain areas of cloud security and automating cloud security workloads to improve Azure Governance Have a thorough understanding of CICD and DevSecOps to implement and manage Azure Policies and automations Have a thorough understanding of Power Platform, ARM templates and bicep. Have Experience with GRC frameworks (i.e., ISO27001, NIST etc.)   Desired Characteristics Strong oral and written communication skills. Strong interpersonal and leadership skills. Demonstated ability to analyze and resolve problems. Demonstrated ability to lead programs / projects. Ability to document, plan, market, and execute programs. Established project management skills.