Senior Security Engineer

Job Title - Senior Security Engineer (Infra & Cloud Security) Location:  Bangalore  About Tazapay  Tazapay is a cross border , global payment fintech . They offer local collections via local payment methods, virtual accounts and cards in over 70 markets. The merchant does not need to create local entities anywhere and Tazapay offers the additional compliance framework to take care of local regulations and requirements. This results in decreased transaction costs, fx transparency and higher auth rates.  They are licensed and backed by leading investors. What's exciting waiting for you?  This is an amazing opportunity for you to join a fantastic crew before the rocket ship launch. It will be a story you will carry with you through your life and have the unique experience of building something ground up and have the satisfaction of seeing your product being used and paid for by thousands of customers. You will be a part of a growth story in securing critical payment infrastructure that spans both application security and cloud security across 70+ markets.  We believe in a culture of openness, innovation & great memories together.  About the Senior Security Engineer Role  As a Senior Security Engineer, you will play a pivotal role in securing our entire technology stack - from application-level security to cloud infrastructure protection. You will lead comprehensive security initiatives across our AWS cloud environments and payment applications built with Node.js and GoLang microservices, while leveraging AWS security services and modern security tools to protect against evolving threats. This role combines deep technical expertise in both application security and cloud security with leadership responsibilities.  Key Responsibilities  AWS Cloud Security Architecture Design and implement comprehensive security architecture for AWS cloud environments Configure and manage AWS Shield for DDoS protection across payment processing infrastructure Implement and optimize AWS CloudFront security configurations including WAF rules, SSL/TLS, and origin protection Secure AWS services including EC2, ECS, EKS, Lambda, RDS, S3, and API Gateway Design and implement network security controls using VPC, Security Groups, NACLs, and AWS Transit Gateway Establish secure CI/CD pipelines for Node.js applications and GoLang microservices Application & Infrastructure Security Secure Node.js applications running on AWS infrastructure including container and serverless environments Implement security controls for GoLang microservices deployed across multiple AWS regions Configure and manage AWS WAF rules for web application protection Implement container security for Docker containers running Node.js and GoLang applications Secure Kubernetes clusters (EKS) hosting microservices architecture Manage secrets and configuration security using AWS Secrets Manager and Parameter Store Monitoring & Incident Response Implement comprehensive security monitoring using AWS CloudTrail, GuardDuty, and Security Hub Deploy and manage Prowler for continuous AWS security monitoring and compliance validation Utilize ScoutSuite for regular multi-cloud security posture assessments Configure Gitleaks monitoring for continuous secret detection across development workflows Implement OpenGrep rules for real-time security vulnerability detection in application code Configure CloudWatch alarms and automated incident response workflows Develop and maintain security dashboards and reporting mechanisms Respond to security incidents and conduct forensic analysis in cloud environments Implement automated threat detection and response capabilities Monitor and analyze CloudFront access logs and security events Compliance & Risk Management Ensure AWS infrastructure compliance with financial industry regulations (PCI DSS, SOX, GDPR) Conduct regular security assessments using Prowler for AWS compliance validation and ScoutSuite for comprehensive security audits Implement continuous compliance monitoring through automated tools and custom security frameworks Implement and maintain data protection controls for payment processing workloads Perform risk assessments for cloud services and architectures Develop and maintain disaster recovery and business continuity plans Support compliance audits and regulatory assessments Automation & DevSecOps Implement Infrastructure as Code (IaC) security using Terraform, CloudFormation, and AWS CDK Integrate Gitleaks for automated secret scanning in CI/CD pipelines and repositories Deploy OpenGrep (Semgrep) for static analysis and security vulnerability detection in Node.js and GoLang codebases Utilize Prowler for comprehensive AWS security assessments and compliance checks Implement ScoutSuite for multi-cloud security auditing and configuration reviews Develop security automation scripts and tools using Python, Bash, and AWS SDKs Integrate security scanning and compliance checks into CI/CD pipelines Automate security policy enforcement across AWS accounts and regions Implement automated remediation for common security misconfigurations Required Qualifications Experience 6+ years of experience in cloud security, with strong focus on AWS cloud environments Hands-on experience with AWS Shield (Standard and Advanced) for DDoS protection Extensive experience securing AWS CloudFront distributions including WAF integration and SSL/TLS configuration Strong experience securing Node.js applications in cloud environments Proven experience with GoLang microservices security in containerized and serverless architectures Hands-on experience with security automation tools including Gitleaks, OpenGrep, Prowler, and ScoutSuite Experience with AWS security services (GuardDuty, Security Hub, Config, CloudTrail) Knowledge of financial services security requirements and payment processing compliance Technical Skills Advanced proficiency in AWS security services and best practices Deep understanding of AWS Shield and DDoS mitigation strategies Expert-level knowledge of AWS CloudFront security configurations and optimization Strong security knowledge for Node.js applications including dependency management and runtime security Comprehensive understanding of GoLang microservices security patterns and secure coding practices Proficiency with security automation tools: Gitleaks (secret scanning), OpenGrep/Semgrep (static analysis), Prowler (AWS security assessment), ScoutSuite (multi-cloud auditing) Proficiency in Infrastructure as Code (Terraform, CloudFormation, AWS CDK) Experience with container security (Docker, Kubernetes/EKS) Knowledge of network security protocols and AWS networking services Scripting and automation skills (Python, Bash, PowerShell) Security Expertise Deep understanding of cloud security frameworks (NIST, CSA, AWS Well-Architected Security Pillar) Knowledge of web application security and API security best practices Experience with vulnerability management and security testing tools Understanding of cryptography, PKI, and secure communication protocols Knowledge of identity and access management (IAM) and zero-trust architecture Experience with security monitoring, SIEM, and incident response Nice to Have Certifications AWS Security Specialty certification AWS Solutions Architect or DevOps Engineer certifications Additional security certifications (CISSP, CCSP, CEH, CISSP) Cloud security certifications from other providers (Azure, GCP) Additional Skills Experience with stable coins, blockchain, cryptocurrency technologies , web3 security testing Experience with multi-cloud security architectures Knowledge of serverless security (AWS Lambda, API Gateway) Experience with compliance frameworks (SOC 2, PCI DSS, ISO 27001) Familiarity with threat modeling and risk assessment methodologies Experience with security orchestration and automated response (SOAR) Knowledge of machine learning for security analytics Experience with payment processing and financial services infrastructure Understanding of microservices mesh security (Istio, Consul Connect) Key Abilities and Traits Cloud Security Expertise: Demonstrated ability to design and implement comprehensive security controls for complex AWS environments processing sensitive financial data. Technical Leadership: Capable of leading cloud security initiatives, influencing architecture decisions, and mentoring team members on cloud security best practices. Problem-Solving: Strong analytical skills with the ability to troubleshoot complex cloud security issues and implement innovative solutions. Automation Mindset: Commitment to automating security processes and implementing security-as-code practices across the infrastructure lifecycle. Communication: Excellent verbal and written communication skills, capable of explaining complex cloud security concepts to both technical and business stakeholders. Continuous Learning: Commitment to staying current with evolving AWS services, cloud security threats, and industry best practices. Detail-Oriented: Meticulous attention to detail when implementing security controls and reviewing cloud configurations. Project Management: Ability to manage multiple cloud security projects simultaneously while ensuring compliance with regulatory requirements. Join our team and let's groove together to the rhythm of innovation and opportunity