Job description

The Engineering Manager - Cloud Security (DevSecOps) at Zeta is responsible for securing and automating the cloud environment, setting processes, creating CI/CD roadmaps, hardening infrastructure against threats, and improving the cloud and Kubernetes security posture. They require a solid understanding of public cloud technologies, experience with CI/CD pipelines, containerization, Kubernetes, scripting, vulnerability assessments, penetration testing, compliance, and various security tools.

Responsibility

• Implement cloud security initiatives for the entire organization
• Improve Cloud security posture and Kubernetes security using CI/CD
• Understand by regular gap assessment
• Provide support in detection and mitigation of cybersecurity vulnerability and incidents for Cloud
• Prepare and present reports of Vulnerability Assessment, Automation, Penetration Testing etc.
• Oversee the planning and coordination of Cloud security
• Deploy, Maintain and Support Log Aggregation, Vulnerability, and Threat Detection Solutions with associated visualizations
• Hiring decisions, hiring process definition, and continuous improvements
• Perform review and validation of all deliverables for Cloud Security
• Educate DevOps, Devs, and Security Team on best practices
• Continuous improvement of Cloud Security posture
• Integrating various tools into CI/ CD and automating repetitive tasks
• Ensure the environment is compliant with CIS, NIST, PCI etc.
• Ensure that Security Standards are adopted by the Product Team covering both Cloud, On-Prem, SaaS, PaaS, and IaaS.

Qualifications

• Solid understanding of public cloud technologies and hands-on technical knowledge of at least one major public cloud like AWS, Azure, etc.
• Experience of CI/CD Pipeline implementation and at least one tool (Jenkins, ArgoCD, Bitbucket Pipelines etc)
• Experience in at least one scripting language (Bash, Python, Java etc)
• Experience with containerization and Kubernetes
• Experience of automating and templating security processes and documentation for compliance purposes
• Hands-on experience of vulnerability assessments, Penetration Testing, Web Application Security, data privacy, identity access management etc
• Experience of at least 2 active and passive security tooling (OWASP ZAP, Veracode, Checkmarx, Fiddler etc)
• Experience on Infrastructure as Code solution (Terraform, Ansible, Chef etc)
• Experience with security tools like Prisma, Aqua, Clair, Hashicorp Vault, etc.
• Conduct Architecture and Design review to provide guidance and security assurance around best practices and frameworks
• Knowledge of development practices using Java and Nodejs, Docker, Kubernetes and other container orchestration services
• Experience with Secure Code Quality Tools, Testing and Techniques - ZAP, Wireshark, Sonarqube, Metasploit etc
• Understanding of security frameworks, controls, and processes - CIS, NIST, PCI/DSS. SOCI/II, etc
• Experience in one or more languages - NodeJS, GoLang, Python, Perl, Ruby, Bash, Javascript, Java etc.