Senior Cloud Security Engineer

Job description

About Zeller

At Zeller, we’re champions for businesses of all sizes, and proud to be a fast-growing Australian scale-up taking on the ambitious goal of reimagining business banking and payments.

We believe in a level playing field, where all businesses benefit from access to smarter payments and financial services solutions that accelerate their cash flow, help them get paid faster, and give them a better understanding of their finances. So we’re hard at work building the tools to make it happen.

Zeller is growing fast, backed by leading VCs, and brings together a global team of passionate payment and tech industry professionals. With an exciting roadmap of innovative new products under development, we are building a high performing team to take on the outdated banking solutions. If you are passionate about innovation, thrive in fast-paced environments, embrace a challenge, hate bureaucracy, and can’t think of anything more exciting than disrupting the status-quo, then read on to learn more.

About the role

We are seeking an experienced and innovative Senior Cloud Security Engineer or Cloud Security Architect with a strong focus on AWS Security Specialty. As an individual contributor with extensive expertise in cloud security, you will play a pivotal role in enhancing and maintaining the security of our AWS infrastructure and services. Your responsibilities will include driving process automation, designing and implementing cutting-edge security solutions, and overseeing various cloud-related aspects such as network security, backup, content delivery, vulnerability scanning, configuration management, application security, Route 53, Control Tower, traffic management, pattern identifications, and certificate management.

Automation will be a central aspect of your engineering work as you advocate for and implement best practices. You will be responsible for leading the technical direction in cloud security and driving the implementation of security measures to protect our AWS environment.

Your responsibilities will include

• Conduct security assessments, including penetration testing, vulnerability assessments, and security audits, to identify security vulnerabilities in web applications, networks, systems, and infrastructure.
• Perform penetration tests on web applications, mobile applications, APIs, and network infrastructure to identify vulnerabilities such as SQL injection, XSS, CSRF, and other security issues.
• Utilize automated tools and manual techniques to assess security risks and exploit vulnerabilities, simulating real-world cyber-attacks.
• Develop and execute advanced penetration testing plans, encompassing scoping, reconnaissance, exploitation, and thorough reporting.
• Collaborate closely with development and operations teams to address security vulnerabilities and provide expert recommendations for effective mitigation strategies.
• Implement pattern identification and behaviour analysis mechanisms to detect and respond to anomalous activities across the infrastructure.
• Stay updated with the latest AWS security threats, vulnerabilities, and best practices, and proactively implement necessary countermeasures to enhance security posture.
• Collaborate with cross-functional teams to establish and enhance incident response plans and actively participate in security incident investigations and resolution.
• Provide expert guidance and support to other teams, advising on secure AWS development practices, security guidelines, and threat mitigation techniques.
• Document sophisticated security processes, procedures, and guidelines, contributing to the development of comprehensive security policies and standards specific to AWS.

What we are looking for

• Proven experience as a Senior Cloud Security Engineer, Cloud Security Architect, or a related role with a strong focus on penetration testing in AWS environments.
• Hands-on experience with penetration testing tools and frameworks, such as Kali Linux, Burp Suite, Metasploit, and Nessus, specifically applied to AWS environments.
• Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10), network protocols, and security technologies.
• Familiarity with security frameworks and standards, such as NIST Cybersecurity Framework and PCI DSS, as applied to AWS environments.
• Strong understanding of penetration testing methodologies, tools, and frameworks.
• Proficiency in using various security tools, including but not limited to Burp Suite, Metasploit, Nmap, Nessus, Wireshark, etc.
• Knowledge of web application security, mobile application security, network security, and secure coding practices.
• Demonstrated analytical and problem-solving skills, with the ability to assess risks and recommend appropriate security controls.
• Excellent communication and collaboration skills, with the ability to work effectively across cross-functional teams and present complex security concepts to non-technical stakeholders.
• AWS Certified Security - Specialty or higher certification is highly desirable.

Bonus Points

• Experience in working within a high-growth environment.
• Security professional certifications encouraged ( CISSP, CEH, OSCP etc.)
• Experience in other cloud platforms (Azure, Google)
• Experience in payments
• Experience with PCI compliant environments (PCI-DSS, etc)

Like the rest of our team, you will benefit from

Competitive remuneration

A balanced, progressive, and supportive work environment;

Excellent parental leave and other leave entitlements;

Fully remote role

Annual get together with the team

Endless learning and development opportunities;

Plenty of remote friendly fun and social opportunities - we love to come together as a team;

An ability to influence and shape the future of Zeller as our company scales both domestically and globally;

Being part of one of Australia’s most exciting scale-ups.