DevSecOps Engineer

About Snapmint

Snapmint is a leading fintech company redefining access to consumer credit in India. With over 10 million customers across 2,200+ cities, our zero-cost EMI platform enables responsible purchases without the need for a credit card across categories like fashion, electronics, and lifestyle.

India has over 300 million credit-eligible consumers, yet fewer than 35 million actively use credit cards. Snapmint addresses this gap by offering a trusted, transparent alternative grounded in financial inclusion and ethical lending practices.

Founded in 2017, Snapmint is a profitable, high-growth company doubling year-on-year. Our founding team, alumni of IIT Bombay and ISB and have successfully built and exited ventures in ad-tech, patent analytics, and bank-tech. We are building the future of responsible consumer finance, simple, transparent, and customer-first.

https://snapmint.com/

https://www.linkedin.com/company/snapmintfinserv/mycompany/

About the role

We are looking for a highly motivated DevSecOps Engineer with 4+ years of hands-on experience in integrating security into the DevOps lifecycle. The ideal candidate will work closely with development, security, and operations teams to ensure our applications and infrastructure are secure, scalable, and efficient from development through deployment as per ISO/PCI-DSS guidelines

Key Responsibilities

Integrate security best practices into CI/CD pipelines (GitLab, Jenkins, GitHub Actions, etc.)

Automate security scans (SAST, DAST, dependency checks) and enforce policies

Implement Infrastructure as Code (IaC) using tools like Terraform, CloudFormation, or Ansible

Collaborate with development teams to remediate vulnerabilities and conduct threat modeling

Monitor infrastructure and application security with tools like Wazuh/Ossec or equivalent

Manage secrets and credentials securely using Vault, AWS Secrets Manager, etc.

Perform regular security audits and assessments for cloud environments (AWS, GCP, Azure)

Improve logging, monitoring, and alerting for security anomalies (e.g., using ELK, Prometheus,

Loki, SIEM tools)

Stay current on security trends, vulnerabilities, and compliance requirements

Incident Reviews and Reporting

Requirements

4+ years of experience in DevOps/Security engineering or a related role

Strong understanding of CI/CD practices with experience automating security checks

Hands-on experience with container security (Docker, Kubernetes, image scanning)

Familiarity with cloud platforms (AWS/GCP) and cloud security principles

Experience with tools like SonarQube, OWASP ZAP, Trivy, Checkov, or snyk

Proficiency in scripting (Python, Bash, or similar)

Knowledge of IAM, RBAC, and least privilege principles

Good understanding of network and application security fundamentals

Strong collaboration and communication skills

Strong Security Framework knowledge and experience with PCI-DSS/ ISO

Patch Management, VA scan for Servers

Preferred Qualifications

Certifications: AWS Security, Certified DevSecOps Professional, CEH, or similar

Experience with compliance frameworks (SOC2, ISO 27001, PCI-DSS, etc.)

Familiarity with Zero Trust Architecture and Secure SDLC concept

Location:

Work Days: