SecOps and Compliance Engineer

Job Description

Titile: SecOps and Compliance Engineer Experience : 3+ years Location: Pune (on-site) About Our Team: You'll join our Platform Team, a collaborative group that builds the foundation for secure, compliant, and frictionless development. We're a lean, agile team that experiments with cutting-edge security tools while maintaining strict compliance with regulatory requirements. Our mission is to create a secure environment where developers can work productively without compromising on security standards. We embrace FinOps practices to ensure our security solutions are both effective and cost-efficient. Role and Responsibilities: As our SecOps and Compliance Engineer, you'll be the cornerstone of our security architecture, building robust tools to ensure compliance and enhance our security posture. You'll work across teams to implement security-by-design principles and develop automated solutions for continuous security assurance. Key responsibilities include: Design and implement automated security controls within our CI/CD pipelines to detect and prevent security vulnerabilities early in the development lifecycle Develop and maintain a comprehensive threat modeling framework for existing and new services Create intelligent systems to streamline compliance processes, including an AI solution to manage compliance questionnaires based on our policies and previous responses Perform regular security posture assessments using industry-standard frameworks and recommend strategic enhancements Build internal security services that enable rapid vulnerability remediation and provide real-time security insights Partner with third-party security vendors to integrate external security tools and compliance frameworks Implement policy-as-code to ensure consistent security standards across our infrastructure We're Looking For Someone Who: Has hands-on experience implementing security controls in cloud-native environments (AWS/Azure/GCP) Demonstrates expertise in container security, infrastructure as code, and application security practices Can translate complex security requirements into practical technical implementations Has experience with security automation tools and security-focused CI/CD integrations Possesses strong knowledge of IAM principles and zero-trust architecture implementation Is familiar with CIS Benchmarks and has implemented them in production environments Can develop security tools using modern programming languages (Python, Go, Node.js) Has experience with security scanning tools (SAST, DAST, SCA, IAST) and can integrate them into development workflows Takes ownership of security initiatives and can drive them to completion Documents security processes meticulously to ensure knowledge transfer and auditability Has excellent communication skills to explain security concepts to technical and non-technical stakeholders Bonus Points If You Have: Relevant security certifications (CISSP, CSSLP, CCSP, CEH, or OSCP) Experience implementing and maintaining ISO frameworks (27001:2022, 27701:2019, 27018:2019, 27017:2015), SOC 2 Type II, and other industry standard frameworks. Knowledge of compliance requirements for specific industries (Finance, Healthcare, etc.) Experience with security incident response and digital forensics Contributed to open-source security projects or security research Full-stack development experience with security-focused web applications Experience implementing DevSecOps practices at scale Apply or send your resume at rutuja.bhailume@zoop.one. Show more Show less