Senior Cloud Security Engineer (7-12 Years)
India · Remote
Posted on Monday, July 31, 2023
At Zeller, we’re champions for businesses of all sizes, and proud to be a fast-growing Australian scale-up taking on the ambitious goal of reimagining business banking and payments.
We believe in a level playing field, where all businesses benefit from access to smarter payments and financial services solutions that accelerate their cash flow, help them get paid faster, and give them a better understanding of their finances. So we’re hard at work building the tools to make it happen.
Zeller is growing fast, backed by leading VCs, and brings together a global team of passionate payment and tech industry professionals. With an exciting roadmap of innovative new products under development, we are building a high performing team to take on the outdated banking solutions. If you are passionate about innovation, thrive in fast-paced environments, embrace a challenge, hate bureaucracy, and can’t think of anything more exciting than disrupting the status-quo, then read on to learn more.
About the role
We are seeking an experienced and innovative Senior Cloud Security Engineer or Cloud Security Architect with a strong focus on AWS Security Specialty. As an individual contributor with extensive expertise in cloud security, you will play a pivotal role in enhancing and maintaining the security of our AWS infrastructure and services. Your responsibilities will include driving process automation, designing and implementing cutting-edge security solutions, and overseeing various cloud-related aspects such as network security, backup, content delivery, vulnerability scanning, configuration management, application security, Route 53, Control Tower, traffic management, pattern identifications, and certificate management.
Automation will be a central aspect of your engineering work as you advocate for and implement best practices. You will be responsible for leading the technical direction in cloud security and driving the implementation of security measures to protect our AWS environment.
Your responsibilities will include
- Lead and conduct comprehensive penetration testing and vulnerability assessments on AWS-based systems, applications, and networks to identify and address security weaknesses and potential risks.
- Develop and execute advanced penetration testing plans, encompassing scoping, reconnaissance, exploitation, and thorough reporting.
- Collaborate closely with development and operations teams to address security vulnerabilities and provide expert recommendations for effective mitigation strategies.
- Design, implement, and manage robust security controls for AWS services, including Identity and Access Management (IAM), Virtual Private Cloud (VPC), AWS Security Groups, Network Access Control Lists (NACLs), Route 53, Control Tower, and Traffic Management.
- Monitor and analyse security logs and alerts from AWS services like CloudTrail, GuardDuty, and Config, proactively responding to potential threats.
- Implement pattern identification and behaviour analysis mechanisms to detect and respond to anomalous activities across the infrastructure.
- Stay updated with the latest AWS security threats, vulnerabilities, and best practices, and proactively implement necessary countermeasures to enhance security posture.
- Conduct in-depth security reviews of AWS architecture designs, deployments, and configurations, ensuring compliance with industry standards and regulatory requirements.
- Collaborate with cross-functional teams to establish and enhance incident response plans and actively participate in security incident investigations and resolution.
- Provide expert guidance and support to other teams, advising on secure AWS development practices, security guidelines, and threat mitigation techniques.
- Document sophisticated security processes, procedures, and guidelines, contributing to the development of comprehensive security policies and standards specific to AWS.
What we are looking for
- Proven experience as a Senior Cloud Security Engineer, Cloud Security Architect, or a related role with a strong focus on penetration testing in AWS environments.
- In-depth knowledge of AWS services, architecture, and security best practices, including AWS Security Specialty domains, IAM, VPC, AWS Config, AWS CloudTrail, AWS WAF, etc.
- Hands-on experience with penetration testing tools and frameworks, such as Kali Linux, Burp Suite, Metasploit, and Nessus, specifically applied to AWS environments.
- Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10), network protocols, and security technologies.
- Familiarity with security frameworks and standards, such as NIST Cybersecurity Framework and PCI DSS, as applied to AWS environments.
- Experience with scripting and automation using languages like Python, PowerShell, or Bash, with a strong emphasis on AWS CLI.
- Demonstrated analytical and problem-solving skills, with the ability to assess risks and recommend appropriate security controls.
- Excellent communication and collaboration skills, with the ability to work effectively across cross-functional teams and present complex security concepts to non-technical stakeholders.
- AWS Certified Security - Specialty or higher certification is highly desirable.
- Experience in working within a high-growth environment.
- Security professional certifications encouraged ( CISSP, CEH, OSCP etc.)
- Experience in other cloud platforms (Azure, Google)
- Experience in payments
- Experience with PCI compliant environments (PCI-DSS, etc)
Like the rest of our team, you will benefit from
A balanced, progressive, and supportive work environment;
Excellent parental leave and other leave entitlements;
Fully remote role
Annual get together with the team
Endless learning and development opportunities;
Plenty of remote friendly fun and social opportunities - we love to come together as a team;
An ability to influence and shape the future of Zeller as our company scales both domestically and globally;
Being part of one of Australia’s most exciting scale-ups.