Zact is a leading fintech innovator specializing in cutting-edge payments apps. We are currently expanding our team and looking to hire a Cloud DevSecOps Engineer to champion our "shift-left" security initiatives. This is an exciting opportunity to embed security seamlessly into our infrastructure systems, leveraging cloud technologies and automated security practices to build resilient, compliant, and highly secure solutions.
Where You Are
We are a fully remote company with a focus on hiring in the US. While we embrace a remote-first culture, time zones will be an important consideration for collaboration.
What You'll Do
- Integrate and automate security controls directly into CI/CD pipelines, ensuring continuous vulnerability scanning, code analysis, and secure software delivery.
- Design, implement, and maintain secure Infrastructure as Code across multiple environments, primarily focusing on Google Cloud (GCP).
- Drive compliance and continuous auditing, acting as the primary technical point of contact for automated and manual evidence collection, with a heavy focus on PCI-DSS and supporting SOC 2 requirements.
- Manage and enforce Identity and Access Management (IAM), network security policies, and encryption standards across all cloud environments.
- Conduct continuous infrastructure security monitoring, threat modeling, and automated compliance auditing using tools like GCP Security Command Center (SCC) and Prisma Cloud.
- Collaborate with development teams to resolve security vulnerabilities, streamline secure deployment workflows, and cultivate a security-first engineering culture.
Required Skills
- 5+ years of experience in DevSecOps, Cloud Security, or DevOps, with a deep understanding of securing cloud-native infrastructure and automation.
- Strong expertise with Kubernetes (GKE preferred) and container security practices, including hands-on experience with Helm.
- Solid proficiency with Google Cloud (GCP) security architecture, utilizing native tools for posture management and threat detection.
- Hands-on experience with security tooling such as SAST/DAST, container scanning (e.g., Trivy, Scout, PrismaCloud), and cloud security posture management (CSPM) platforms like Prisma Cloud and GCP Security Command Center.
- Practical experience working within regulated fintech environments, specifically executing technical evidence collection for PCI-DSS and SOC 2 audits.
- Proficient in scripting languages such as Python or Bash.
- Comprehensive knowledge of networking, zero-trust architectures, and system administration in cloud environments.
Preferred Skills
- Familiarity with configuration management tools (e.g., Terraform, OpenTofu) and IaC security scanning (e.g., tfsec, Checkov).
- Exposure to microservices architectures and best practices for secure deployment.
About Zact
At Zact, we are redefining expense and payment management systems for organizations. Our mission is to align employee spending with finance and accounting teams while offering built-in controls and continuous reconciliation. As we expand internationally, we're looking for the right people to join us on this exciting journey.