DevSecOps Engineer

Description :

Vegapay Technology is a financial technology company.

It partners with banks and financial institutions to digitize its financial infrastructure.

It provides users with a credit suite featuring a wide breadth of modules and no-code configuration to design, deploy, and direct their credit programs.

It provides access to build financial asset products including Card Management System, LOS, LMS, Co-lending and more.

Founded in 2022 by Gaurav Mittal, Himanshu Agrawal and Puneet Sharma, the startup is a B2B digital lending and Card Management Platform.

Vegapays vision is to liberate financial institutions and fintech enterprises from every technical barrier which hinders offering a lending programme.

Why This Role Matters :

Were on the lookout for a passionate DevSecOps Engineer to help supercharge the security, reliability, and efficiency of our cloud infrastructure and development pipelines In this role, youll integrate security seamlessly into the DevOps lifecycle, driving robust processes, automating workflows, and championing best security practices to ensure our development cycle stays secure and smooth.

If youre excited to make an impact and take security to the next level, we want to hear from you.

The Hats You Will Wear :

- Collaborate with development, operations, and security teams to embed security protocols into the DevOps lifecycle.

- Design, implement, and manage security frameworks, ensuring continuous monitoring and incident response capabilities.

- Develop and maintain CI/CD pipelines that incorporate security testing, vulnerability scanning, and risk assessments.

- Manage and enhance the cloud infrastructure (AWS, Azure, GCP) security, ensuring compliance with industry standards (e., ISO 27001, PCI-DSS, SOC2).

- Automate and enforce security policies, configurations, and updates across the infrastructure.

- Conduct regular security audits, penetration tests, and system vulnerability assessments.

- Provide insights and recommendations for security risk mitigation and implement security best practices across the development process.

- Respond to and mitigate security incidents in a timely manner.

The Perfect Fit :

- At least 4 years of experience in DevOps/DevSecOps roles, with a focus on security.

- Strong knowledge of CI/CD tools (Jenkins, GitLab CI/CD, etc.) and infrastructure-as-code (Terraform, Ansible, etc.)

- Expertise in cloud platforms (AWS, GCP, Azure) with a focus on security configurations, identity management, and monitoring.

- Experience with container security (Docker, Kubernetes) and orchestration security.

- Familiarity with security frameworks (OWASP, NIST, etc.) and compliance standards (ISO 27001, PCI-DSS).

- Proficiency in scripting (Python, Bash, etc.) for automation and security process enhancement.

- Strong understanding of vulnerability management tools (e., Nessus, Qualys) and security incident response protocols.

- Proficiency in SonarQube,Trivy, Wazuh, OWASP ZAP.

- Ability to work in fast-paced startup environments, demonstrating agility and adaptability.

Your Edge Over the Rest :

- Certifications such as AWS Certified Security, Certified Information Systems Security Professional (CISSP), or similar.

- Prior experience in fintech or B2B SaaS companies.

- Experience with SOC2 or ISO 27001 implementation and audits.

- Strong knowledge in Aqua Security, Anchore, Checkov, Clair, Twistlock (Prisma Cloud), Snyk, Nessus, Falco, , Sysdig.