zoop
Website:
zoop.one
Job details:
You'll join our Platform Team, a collaborative group that builds the foundation for secure, compliant, and frictionless development. We're a lean, agile team that experiments with cutting-edge security tools while maintaining strict compliance with regulatory requirements. Our mission is to create a secure environment where developers can work productively without compromising on security standards. We embrace FinOps practices to ensure our security solutions are both effective and cost-efficient.
As our SecOps and Compliance Engineer, you'll be the cornerstone of our security architecture, building robust tools to ensure compliance and enhance our security posture. You'll work across teams to implement security-by-design principles and develop automated solutions for continuous security assurance.
Responsibilities
- Design and implement automated security controls within our CI/CD pipelines to detect and prevent security vulnerabilities early in the development lifecycle.
- Develop and maintain a comprehensive threat modelling framework for existing and new services.
- Create intelligent systems to streamline compliance processes, including an AI solution to manage compliance questionnaires based on our policies and previous responses.
- Perform regular security posture assessments using industry-standard frameworks and recommend strategic enhancements.
- Build internal security services that enable rapid vulnerability remediation and provide real-time security insights.
- Partner with third-party security vendors to integrate external security tools and compliance frameworks.
- Implement policy as code to ensure consistent security standards across our infrastructure.
Requirements
- Has hands-on experience implementing security controls in cloud native environments (AWS/Azure/GCP).
- Demonstrates expertise in container security, infrastructure as code, and application security practices.
- Can translate complex security requirements into practical technical implementations.
- Has experience with security automation tools and security-focused CI/CD integrations.
- Possesses strong knowledge of IAM principles and zero-trust architecture implementation.
- Is familiar with CIS Benchmarks and has implemented them in production environments.
- Can develop security tools using modern programming languages (Python, Go, Node.js )
- Has experience with security scanning tools (SAST, DAST, SCA, IAST) and can integrate them into development workflows.
- Takes ownership of security initiatives and can drive them to completion.
- Documents security processes meticulously to ensure knowledge transfer and auditability.
- Has excellent communication skills to explain security concepts to technical and nontechnical stakeholders.
Bonus Points If You Have
- Relevant security certifications (CISSP, CSSLP, CCSP, CEH, or OSCP).
- Experience implementing and maintaining ISO frameworks (27001:2022 27701:2019 27018:2019 27017:2015), SOC 2 Type II, and other industry standard frameworks.
- Knowledge of compliance requirements for specific industries (Finance, Healthcare, etc. )
- Experience with security incident response and digital forensics.
- Contributed to open source security projects or security research.
- Fullstack development experience with security-focused web applications.
- Experience implementing DevSecOps practices at scale.
This job was posted by Rutuja Bhailume from ZOOP.
Click on Apply to know more.