Melbourne, FL, USA · Highbridge, UK
Posted on Thursday, June 8, 2023
At Zeller, we’re champions for businesses of all sizes, and proud to be a fast-growing Australian scale-up taking on the ambitious goal of reimagining business banking and payments.
We believe in a level playing field, where all businesses benefit from access to smarter payments and financial services solutions that accelerate their cash flow, help them get paid faster, and give them a better understanding of their finances. So we’re hard at work building the tools to make it happen.
Zeller is growing fast, backed by leading VCs, and brings together a global team of passionate payment and tech industry professionals. With an exciting roadmap of innovative new products under development, we are building a high performing team to take on the outdated banking solutions. If you are passionate about innovation, thrive in fast-paced environments, embrace a challenge, hate bureaucracy, and can’t think of anything more exciting than disrupting the status-quo, then read on to learn more.
About the role
As a Product Security Engineer you will be energetic and cool headed with experience in maintaining the product secure along with AWS security. You will be responsible for process automation, designing, developing and maintaining security of product and AWS cloud and services related to network, backup, content delivery, vulnerability scanning, config management and application security.
With automation being at the heart of our engineering principles, this position will have the enviable opportunity to adopt and promote best practices. Not limited to a single product area or type, this role will work in a cross functional team with skill sets in full stack software engineering, infrastructure, quality assurance to architecture. You will collaborate with a cross-disciplinary team to support product development, operations support, compliance activities and SLA upkeep requirements.
You’ll be tasked with researching the potential impact of software vulnerabilities and security incidents. Automation is key, Identify and develop tooling to automate that continuously improve the security and refine vulnerability management processes across the infrastructure.
Your responsibilities will include:
- Conducting penetration testing and vulnerability assessments on AWS-based systems, applications and networks to identify security weaknesses and potential risks.
- Collaborating with cross-functional teams to address security vulnerabilities and recommending appropriate mitigation strategies.
- Designing, implementing and maintaining security controls for AWS services, including Identity and Access Management (IAM), Virtual Private Cloud (VPC), Security Groups, and Network Access Control Lists (NACLs).
- Monitoring and analysis of security logs and alerts from AWS services and taking appropriate actions to mitigate potential threats.
- Staying up-to-date with the latest AWS security threats and best practices, and proactively implementing necessary countermeasures.
- Providing guidance and support to other teams regarding secure AWS development practices, security guidelines, and threat mitigation techniques.
- Documenting security processes, procedures, and guidelines, and contribute to the development of security policies and standards specific to AWS.
What we are looking for
- Proven experience as an Product Security Engineer performing threat modelling assessment, source code review, penetration testing and designing policy to bring security first culture.
- Proven experience as an AWS Security Engineer or related role with a focus on penetration testing in an AWS environment.
- In-depth knowledge of AWS services, architecture, and security best practices, including IAM, VPC, AWS Config, AWS CloudTrail, AWS WAF, etc.
- Hands-on experience with penetration testing tools and frameworks, such as Kali Linux, Burp Suite, Metasploit, and Nessus, specifically applied to AWS environments.
- Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10), network protocols, and security technologies.
- Familiarity with security frameworks and standards, such as NIST Cybersecurity Framework, ISO 27001, and PCI DSS, as applied to AWS environments.
- Experience with scripting and automation using languages like Python, PowerShell, or Bash, with a focus on AWS CLI and SDKs.
- Strong analytical and problem-solving skills, with the ability to assess risks and recommend appropriate security controls.
- Excellent communication and collaboration skills, with the ability to work effectively across cross-functional teams and present complex security concepts to non-technical stakeholders.
- AWS Certified Solutions Architect - Associate or higher certification is a plus.
- Experience in working within a high-growth environment.
- Security professional certifications encouraged (CEH, OSCP, AWS security speciality etc.)
- Experience in other cloud platforms (Azure, Google)
- Experience in payments
- Experience with PCI compliant environments (PCI-DSS, etc)
How we work
Our team thrives on the energy of being together. While technology connects us virtually, we love the in-person collaboration and spend majority of our work week at our spacious (and fully stocked with snacks) Melbourne CBD office.
Like the rest of the team, you’ll benefit from
A competitive salary package, including equity from an early stage;
A balanced, progressive, and supportive work environment;
Excellent parental leave and other leave entitlements;
A fantastic office environment;
Endless learning and development opportunities;
Plenty of fun and social opportunities - we love to come together as a team;
An ability to influence and shape the future of Zeller as our company scales both domestically and globally;
Being part of one of Australia’s most exciting scale-ups.
At Zeller, we are looking for passionate people with drive and integrity. You are encouraged to apply even if your experience doesn’t exactly match this job description.