Security Consultant

Are you interested in automating the build and deployment process of the application while ensuring application security? If yes, then Payatu is the place for you. We are always in search of passionate people to expand our renowned Bandit family at Payatu. In the quest for Bandits, here is an excellent opportunity we would like to share with you.

Who we are?

Payatu is a GPTW certified company where we strive to create a culture of excellence, growth, and innovation that empowers our employees to reach new heights in their careers. We are young and passionate folks driven by the power of the latest and innovative technologies in IoT, AI/ML, Blockchain, and many other advanced technologies. We are on the mission of making Cyberworld safe for every organization, product, and individual.

What we look for outside work parameters?

Publicly known contributions.

Research papers written, presented, and published.

Tools Developed.

Published exploits, CTF scores and hall of fame as testimonies to your work.

Learning from the community and enthusiastically contributing back.

You Have All Our Desired Qualities, if:

You have 3+ years of experience in cloud application and cloud service security assessment.

You have the knack of finding security bugs in everything you touch.

You like automating stuff.

You have excellent written and verbal communication skills, ability to express your thoughts clearly.

You have the skill to articulate and present technical things in business language.

You can work independently as well as within a team and meet project schedules and deadlines.

You have strong problem solving, troubleshooting and analysis skills.

You are comfortable working in a dynamic, fast‑paced work environment.

You are working on something on your own in your field apart from official work.

You are a perfect technical fit if:

Strong knowledge of at least two cloud platforms (for example, AWS + Azure, or AWS + GCP) and experience deploying and securing applications in them.

Proven track record of working with CI/CD pipelines, including automating builds, deployment, rollbacks, and embedding security checks (SAST, DAST, dependency scanning, secret scanning) into them.

Experience with infrastructure as code (IaC) tools (e.g. Terraform, CloudFormation, ARM templates, Pulumi) and ensuring their security (template scanning, policy enforcement).

Deep understanding of DevSecOps principles: shift‑left security, threat modeling, secrets management, artifact validation.

Experience with monitoring, logging, observability tools (e.g. Prometheus, Grafana, ELK stack, Datadog) including alerting and incident response in a cloud environment.

Hands‑on experience with containerization and orchestration technologies (Docker, Kubernetes/EKS/GKE/AKS), and securing container workloads including image scanning, runtime protection.

Strong scripting skills (e.g. Shell, Python, Ruby, or others) to automate DevOps and security tasks.

Familiarity with cloud security services and tools across platforms you've worked on (for AWS: IAM, GuardDuty, Security Hub, Macie etc.; for Azure: Azure Security Center, Key Vault, Azure Policy etc.; for GCP: IAM, Security Command Center, etc.).

Good understanding of network security in the cloud: VPCs/subnets, firewalls, transit gateways, private endpoints, peering, secure connectivity.

Experience defining security standards and ensuring compliance (e.g. CIS benchmarks, STIG, NIST, GDPR, PCI‑DSS) in cloud environments.

Exposure to DevOps tools (CI/CD tools like Jenkins, GitLab CI, CircleCI, Azure DevOps; SCM like Git; artifact repositories; configuration management tools) and ensuring they are configured securely.

Bonus: Cloud certifications relevant to multiple providers (e.g. AWS Certified Security Specialty, Azure Security Engineer, GCP Cloud Security Engineer) are a plus.

Your everyday work will look like:

Assess the environment and conduct security testing for Cloud (multiple clouds say AWS & Azure or AWS & GCP).

Cloud environment security risk assessment, governance and monitoring.

Define cloud security standards and implement them (based on CIS, STIG, etc.).

Reviewing application and infrastructure hardening baselines and implementing best practices for security.

Back your findings with proof‑of‑concept exploits where applicable.

Collect evidence and maintain detailed write‑ups of the findings.

Understand and explain the results with impact on business and compliance status.

Explain and demonstrate vulnerabilities to application/system owners.

Provide appropriate remediation and mitigations of identified vulnerabilities.

Deliver results within stipulated timelines.

Develop security guidance documentation.

Continuously sharpen your skills through research, learning; stay up‑to‑date with cloud provider security changes and DevSecOps practices.

Work closely with DevOps / Cloud / Infrastructure teams to integrate security into workflows.