DevSecOps Engineer - Fintech

Trusting Social is an AI Fintech pioneer that's revolutionizing credit access in emerging markets. Our mission is "Advancing AI to Meet the Financial Needs of Everyday Consumers with Empathy." We've assessed over 1 billion consumers across four countries, and we're on a mission to provide 100 million credit lines using the power of AI and Big Data.

What You'll Do

- Security Integration: Deploy and manage security applications and solutions such as WAF, PAM, GitHub Advanced Security, GCP Security Command Center, Azure Sentinel, and AWS Security Stack.

- Vulnerability Management: Perform regular vulnerability scans, assess Common Vulnerabilities and Exposures (CVEs), and manage remediation processes.

- CI/CD Security & Infrastructure: Manage centralized shared infrastructure, and build secure CI/CD pipelines following DevSecOps principles.

- IAM (Identity & Access Management): Develop IAM policies and roles using Terraform, enforce least privilege access and conduct regular audits.

- Security Logging and Monitoring (SIEM): Build and maintain a centralized SIEM system, generate alerts, and integrate with the Security Operations Center (SOC).

- Cloud Management: Administer Google Cloud, AWS, and Azure environments, leveraging Privileged Identity Management (PIM) tools.

- Security Standardization: Enforce security best practices and standards, including ISO 27001 and PCI DSS, across engineering teams.

- Automation Development: Create automation tools for cost visibility, security assessments, and asset discovery.

- Regular Scanning & Reporting: Perform weekly/monthly scans and submit detailed reports to the GRC team.

- Incident Response: Participate in security incident triage and remediation processes.

- Cross-team Collaboration: Work with engineering teams to ensure security measures are embedded into development and infrastructure workflows.

- Bachelor's degree in Information Technology, Computer Engineering, Cybersecurity, or a related field.

- 0–2 years of experience in software development, system operations, or security.

- Proficient in at least one programming language (e.g., Python, Java, Go, Ruby).

- Familiar with DevOps tools and workflows (CI/CD, Docker, Kubernetes, Jenkins, GitHub Actions).

- Experience with or knowledge of security tools such as GitHub Advanced Security, Cloudflare, Datadog, Teleport, and various cloud-native security services.

- Understanding of cloud platforms (GCP, AWS, Azure) and infrastructure-as-code tools like Terraform.

- Strong written and verbal communication skills in English.

Preferred Qualifications:

- Experience in a similar DevSecOps or cloud security role.

- Industry certifications such as CISSP, CISM, or relevant cloud security certifications.

- Prior experience handling security incidents and investigations.

- Familiarity with security compliance standards (ISO 27001, PCI DSS).

- Experience building automation for asset tracking and cloud billing/security reports.