Cloud Security Engineer

Job Title - Cloud Security EngineerLocation: ChennaiAbout TazapayTazapay is a cross border payment service provider. They offer local collections via local payment methods, virtual accounts and cards in over 70 markets. The merchant does not need to create local entities anywhere and Tazapay offers the additional compliance framework to take care of local regulations and requirements. This results in decreased transaction costs, fx transparency and higher auth rates.They are licensed and backed by leading investors. www.tazapay.comWhat's exciting waiting for you?This is an amazing opportunity for you to join a fantastic crew before the rocket ship launch. It will be a story you will carry with you through your life and have the unique experience of building something ground up and have the satisfaction of seeing your product being used and paid for by thousands of customers. You will be a part of a growth story in securing critical cloud infrastructure that powers cross-border payments across 70+ markets.We believe in a culture of openness, innovation & great memories together.About the Cloud Security Engineer RoleAs a Cloud Security Engineer, you will be responsible for designing, implementing, and maintaining security controls for our AWS cloud infrastructure. You will ensure the security of our payment processing platform built on Node.js applications and GoLang microservices, while leveraging AWS security services including Shield and CloudFront to protect against threats and ensure optimal performance across global markets.Key ResponsibilitiesAWS Cloud Security Architecture

• Design and implement comprehensive security architecture for AWS cloud environments
• Configure and manage AWS Shield for DDoS protection across payment processing infrastructure
• Implement and optimize AWS CloudFront security configurations including WAF rules, SSL/TLS, and origin protection
• Secure AWS services including EC2, ECS, EKS, Lambda, RDS, S3, and API Gateway
• Design and implement network security controls using VPC, Security Groups, NACLs, and AWS Transit Gateway
• Establish secure CI/CD pipelines for Node.js applications and GoLang microservices

Application & Infrastructure Security

• Secure Node.js applications running on AWS infrastructure including container and serverless environments
• Implement security controls for GoLang microservices deployed across multiple AWS regions
• Configure and manage AWS WAF rules for web application protection
• Implement container security for Docker containers running Node.js and GoLang applications
• Secure Kubernetes clusters (EKS) hosting microservices architecture
• Manage secrets and configuration security using AWS Secrets Manager and Parameter Store

Monitoring & Incident Response

• Implement comprehensive security monitoring using AWS CloudTrail, GuardDuty, and Security Hub
• Deploy and manage Prowler for continuous AWS security monitoring and compliance validation
• Utilize ScoutSuite for regular multi-cloud security posture assessments
• Configure Gitleaks monitoring for continuous secret detection across development workflows
• Implement OpenGrep rules for real-time security vulnerability detection in application code
• Configure CloudWatch alarms and automated incident response workflows
• Develop and maintain security dashboards and reporting mechanisms
• Respond to security incidents and conduct forensic analysis in cloud environments
• Implement automated threat detection and response capabilities
• Monitor and analyze CloudFront access logs and security events

Compliance & Risk Management

• Ensure AWS infrastructure compliance with financial industry regulations (PCI DSS, SOX, GDPR)
• Conduct regular security assessments using Prowler for AWS compliance validation and ScoutSuite for comprehensive security audits
• Implement continuous compliance monitoring through automated tools and custom security frameworks
• Implement and maintain data protection controls for payment processing workloads
• Perform risk assessments for cloud services and architectures
• Develop and maintain disaster recovery and business continuity plans
• Support compliance audits and regulatory assessments

Automation & DevSecOps

• Implement Infrastructure as Code (IaC) security using Terraform, CloudFormation, and AWS CDK
• Integrate Gitleaks for automated secret scanning in CI/CD pipelines and repositories
• Deploy OpenGrep (Semgrep) for static analysis and security vulnerability detection in Node.js and GoLang codebases
• Utilize Prowler for comprehensive AWS security assessments and compliance checks
• Implement ScoutSuite for multi-cloud security auditing and configuration reviews
• Develop security automation scripts and tools using Python, Bash, and AWS SDKs
• Integrate security scanning and compliance checks into CI/CD pipelines
• Automate security policy enforcement across AWS accounts and regions
• Implement automated remediation for common security misconfigurations

Required QualificationsExperience

• 4+ years of experience in cloud security, with strong focus on AWS cloud environments
• Hands-on experience with AWS Shield (Standard and Advanced) for DDoS protection
• Extensive experience securing AWS CloudFront distributions including WAF integration and SSL/TLS configuration
• Strong experience securing Node.js applications in cloud environments
• Proven experience with GoLang microservices security in containerized and serverless architectures
• Hands-on experience with security automation tools including Gitleaks, OpenGrep, Prowler, and ScoutSuite
• Experience with AWS security services (GuardDuty, Security Hub, Config, CloudTrail)
• Knowledge of financial services security requirements and payment processing compliance

Technical Skills

• Advanced proficiency in AWS security services and best practices
• Deep understanding of AWS Shield and DDoS mitigation strategies
• Expert-level knowledge of AWS CloudFront security configurations and optimization
• Strong security knowledge for Node.js applications including dependency management and runtime security
• Comprehensive understanding of GoLang microservices security patterns and secure coding practices
• Proficiency with security automation tools: Gitleaks (secret scanning), OpenGrep/Semgrep (static analysis), Prowler (AWS security assessment), ScoutSuite (multi-cloud auditing)
• Proficiency in Infrastructure as Code (Terraform, CloudFormation, AWS CDK)
• Experience with container security (Docker, Kubernetes/EKS)
• Knowledge of network security protocols and AWS networking services
• Scripting and automation skills (Python, Bash, PowerShell)

Security Expertise

• Deep understanding of cloud security frameworks (NIST, CSA, AWS Well-Architected Security Pillar)
• Knowledge of web application security and API security best practices
• Experience with vulnerability management and security testing tools
• Understanding of cryptography, PKI, and secure communication protocols
• Knowledge of identity and access management (IAM) and zero-trust architecture
• Experience with security monitoring, SIEM, and incident response

Nice to HaveCertifications

• AWS Security Specialty certification
• AWS Solutions Architect or DevOps Engineer certifications
• Additional security certifications (CISSP, CCSP, CEH, CISSP)
• Cloud security certifications from other providers (Azure, GCP)

Additional Skills

• Experience with multi-cloud security architectures
• Knowledge of serverless security (AWS Lambda, API Gateway)
• Experience with compliance frameworks (SOC 2, PCI DSS, ISO 27001)
• Familiarity with threat modeling and risk assessment methodologies
• Experience with security orchestration and automated response (SOAR)
• Knowledge of machine learning for security analytics
• Experience with payment processing and financial services infrastructure
• Understanding of microservices mesh security (Istio, Consul Connect)

Key Abilities and TraitsCloud Security Expertise: Demonstrated ability to design and implement comprehensive security controls for complex AWS environments processing sensitive financial data.Technical Leadership: Capable of leading cloud security initiatives, influencing architecture decisions, and mentoring team members on cloud security best practices.Problem-Solving: Strong analytical skills with the ability to troubleshoot complex cloud security issues and implement innovative solutions.Automation Mindset: Commitment to automating security processes and implementing security-as-code practices across the infrastructure lifecycle.Communication: Excellent verbal and written communication skills, capable of explaining complex cloud security concepts to both technical and business stakeholders.Continuous Learning: Commitment to staying current with evolving AWS services, cloud security threats, and industry best practices.Detail-Oriented: Meticulous attention to detail when implementing security controls and reviewing cloud configurations.Project Management: Ability to manage multiple cloud security projects simultaneously while ensuring compliance with regulatory requirements.Join our team and let's groove together to the rhythm of innovation and opportunity!Your Buddy,
Tazapay