Cloud DevSecOps Engineer

 Posted 5 hours ago
     
⭐ 5-10 years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

The Cloud DevSecOps Engineer will integrate and automate security controls into CI/CD pipelines and design secure Infrastructure as Code primarily on Google Cloud. They will also drive compliance and continuous auditing while collaborating with development teams to resolve security vulnerabilities.

Zact is a leading fintech innovator specializing in cutting-edge payments apps. We are currently expanding our team and looking to hire a Cloud DevSecOps Engineer to champion our "shift-left" security initiatives. This is an exciting opportunity to embed security seamlessly into our infrastructure systems, leveraging cloud technologies and automated security practices to build resilient, compliant, and highly secure solutions.

Where You Are

We are a fully remote company with a focus on hiring in the US. While we embrace a remote-first culture, time zones will be an important consideration for collaboration.

What You'll Do

  • Integrate and automate security controls directly into CI/CD pipelines, ensuring continuous vulnerability scanning, code analysis, and secure software delivery.
  • Design, implement, and maintain secure Infrastructure as Code across multiple environments, primarily focusing on Google Cloud (GCP).
  • Drive compliance and continuous auditing, acting as the primary technical point of contact for automated and manual evidence collection, with a heavy focus on PCI-DSS and supporting SOC 2 requirements.
  • Manage and enforce Identity and Access Management (IAM), network security policies, and encryption standards across all cloud environments.
  • Conduct continuous infrastructure security monitoring, threat modeling, and automated compliance auditing using tools like GCP Security Command Center (SCC) and Prisma Cloud.
  • Collaborate with development teams to resolve security vulnerabilities, streamline secure deployment workflows, and cultivate a security-first engineering culture.

Required Skills

  • 5+ years of experience in DevSecOps, Cloud Security, or DevOps, with a deep understanding of securing cloud-native infrastructure and automation.
  • Strong expertise with Kubernetes (GKE preferred) and container security practices, including hands-on experience with Helm.
  • Solid proficiency with Google Cloud (GCP) security architecture, utilizing native tools for posture management and threat detection.
  • Hands-on experience with security tooling such as SAST/DAST, container scanning (e.g., Trivy, Scout, PrismaCloud), and cloud security posture management (CSPM) platforms like Prisma Cloud and GCP Security Command Center.
  • Practical experience working within regulated fintech environments, specifically executing technical evidence collection for PCI-DSS and SOC 2 audits.
  • Proficient in scripting languages such as Python or Bash.
  • Comprehensive knowledge of networking, zero-trust architectures, and system administration in cloud environments.

Preferred Skills

  • Familiarity with configuration management tools (e.g., Terraform, OpenTofu) and IaC security scanning (e.g., tfsec, Checkov).
  • Exposure to microservices architectures and best practices for secure deployment.

About Zact

At Zact, we are redefining expense and payment management systems for organizations. Our mission is to align employee spending with finance and accounting teams while offering built-in controls and continuous reconciliation. As we expand internationally, we're looking for the right people to join us on this exciting journey.

Similar Jobs

See all Remote Software Development jobs β†’

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Software Development

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified