This job offer is not available in your country.

Senior Security Engineer (Application & Cloud Security)

Tazapay Pte LtdChennai, Tamil Nadu, India

25 days ago

Job description

Job Title - Senior Security Engineer (Application & Cloud Security)

Location : Chennai

About Tazapay

Tazapay is a cross border payment service provider. They offer local collections via local payment methods, virtual accounts and cards in over 70 markets. The merchant does not need to create local entities anywhere and Tazapay offers the additional compliance framework to take care of local regulations and requirements. This results in decreased transaction costs, fx transparency and higher auth rates.

They are licensed and backed by leading investors. www.tazapay.com

What's exciting waiting for you?

This is an amazing opportunity for you to join a fantastic crew before the rocket ship launch. It will be a story you will carry with you through your life and have the unique experience of building something ground up and have the satisfaction of seeing your product being used and paid for by thousands of customers. You will be a part of a growth story in securing critical payment infrastructure that spans both application security and cloud security across 70+ markets.

We believe in a culture of openness, innovation & great memories together.

About the Senior Security Engineer Role

As a Senior Security Engineer, you will play a pivotal role in securing our entire technology stack - from application-level security to cloud infrastructure protection. You will lead comprehensive security initiatives across our AWS cloud environments and payment applications built with Node.js and GoLang microservices, while leveraging AWS security services and modern security tools to protect against evolving threats. This role combines deep technical expertise in both application security and cloud security with leadership responsibilities.

Key Responsibilities

Application Security Leadership

Lead comprehensive security assessments of microservices-based applications built with GoLang, Java, or Scala
Conduct advanced security reviews of Vue.js and ReactJS frontend applications and their integration with backend services
Execute expert-level manual and automated web application penetration testing using industry-standard methodologies (OWASP Testing Guide, PTES)
Design and implement vulnerability scoring and risk assessment frameworks using CVSS, OWASP Risk Rating, and custom business impact metrics
Utilize govulncheck for Go-specific vulnerability detection and dependency analysis across microservices
Deploy Semgrep / OpenGrep for advanced static code analysis and custom security policy enforcement
Integrate Gitleaks for comprehensive secret detection across development workflows
Lead secure development lifecycle (SDLC) integration and establish security standards for development teams
Perform complex web application penetration testing including authentication bypass, authorization flaws, injection attacks, and business logic vulnerabilities

AWS Cloud Security Architecture

Design and implement enterprise-level security architecture for AWS cloud environments

Configure and optimize AWS Shield (Standard and Advanced) for comprehensive DDoS protection

Implement and manage AWS CloudFront security configurations including advanced WAF rules, SSL / TLS, and origin protection

Secure complex AWS services including EC2, ECS, EKS, Lambda, RDS, S3, API Gateway, and multi-region deployments

Design network security controls using VPC, Security Groups, NACLs, AWS Transit Gateway, and PrivateLink

Establish and lead secure CI / CD pipeline implementations for Node.js applications and GoLang microservices

Architect container security solutions for Docker and Kubernetes (EKS) environments

Security Automation & Monitoring

Implement comprehensive security monitoring using AWS CloudTrail, GuardDuty, and Security Hub

Deploy and manage Prowler for continuous AWS security assessments and compliance validation

Utilize ScoutSuite for multi-cloud security posture management and configuration auditing

Configure Gitleaks for continuous secret monitoring across enterprise development workflows

Implement Semgrep / OpenGrep rules for real-time security vulnerability detection and policy enforcement

Lead automation initiatives using Infrastructure as Code (Terraform, CloudFormation, AWS CDK)

Develop advanced security automation scripts and frameworks using Python, Bash, and AWS SDKs

Create comprehensive security dashboards and executive reporting mechanisms

Vulnerability Management & Risk Assessment

Lead enterprise vulnerability management programs with comprehensive scoring using CVSS v3.1, OWASP Risk Rating, and custom business impact assessments

Develop sophisticated risk scoring matrices incorporating technical severity, business impact, exploitability, and regulatory requirements

Create detailed penetration testing reports with executive summaries, technical findings, and strategic remediation roadmaps

Establish vulnerability SLA metrics and track remediation timelines based on risk scores and business priorities

Conduct root cause analysis (RCA) on complex security incidents and implement preventive measures

Lead threat modeling sessions and strategic risk assessments for new features and infrastructure changes

Mentor junior security engineers and provide technical guidance on vulnerability remediation

Compliance & Regulatory Security

Ensure comprehensive compliance with financial industry regulations (PCI DSS, SOX, GDPR, PSD2)

Lead compliance audits and regulatory assessments using Prowler for AWS compliance validation

Implement ScoutSuite for comprehensive multi-cloud security auditing

Design and maintain data protection controls for sensitive payment processing workloads

Develop and maintain disaster recovery and business continuity security plans

Lead security aspects of vendor risk assessments and third-party integrations

Represent security requirements to business leadership and regulatory bodies

Technical Leadership & Strategy

Serve as technical security leader for complex cross-functional projects

Influence security strategies, standards, and architectural decisions across the organization

Lead security initiatives and mentor junior engineers on advanced security practices

Participate in strategic security planning and technology evaluation

Drive security culture transformation and champion security best practices

Represent security needs to executive leadership and board-level communications

Required Qualifications

Experience

8+ years of experience in information security with demonstrated expertise in both application security and cloud security

Extensive experience securing microservices architectures , particularly those built with GoLang, Java, or Scala

Advanced experience with AWS cloud security including Shield, CloudFront, and comprehensive security service management

Expert-level web application penetration testing experience including complex business logic vulnerabilities and multi-tier architectures

Proven leadership in vulnerability scoring and risk assessment using industry-standard frameworks

Hands-on expertise with security automation tools : govulncheck, Gitleaks, Semgrep / OpenGrep, Prowler, ScoutSuite

Strong experience securing Node.js applications and modern JavaScript frameworks (Vue.js, ReactJS)

Experience leading security teams and influencing organizational security strategy

Technical Skills

Expert-level proficiency in AWS security services including Shield, CloudFront, GuardDuty, Security Hub, WAF, and comprehensive service portfolio

Advanced application security expertise across GoLang, Java, Scala, Node.js, Vue.js, and ReactJS technologies

Mastery of security automation tools : govulncheck (Go vulnerability scanning), Gitleaks (secret detection), Semgrep / OpenGrep (static analysis), Prowler (AWS security assessment), ScoutSuite (multi-cloud auditing)

Expert-level web application penetration testing skills using advanced tools and custom exploitation frameworks

Comprehensive knowledge of vulnerability scoring frameworks including CVSS v3.1, OWASP Risk Rating, and FAIR methodology

Advanced Infrastructure as Code proficiency (Terraform, CloudFormation, AWS CDK)

Expert container and orchestration security (Docker, Kubernetes / EKS, service mesh security)

Advanced scripting and automation capabilities (Python, Bash, PowerShell, Go)

Enterprise network security and cloud networking expertise

Security Expertise

Deep understanding of application security principles and advanced penetration testing methodologies

Expert knowledge of cloud security frameworks (NIST, CSA, AWS Well-Architected Security Pillar)

Advanced understanding of financial services security and payment processing compliance requirements

Expertise in security architecture design for complex distributed systems

Advanced threat modeling and risk assessment capabilities

Comprehensive knowledge of cryptography, PKI, and secure communication protocols

Expert-level incident response and forensic analysis skills

Advanced understanding of regulatory compliance frameworks and audit requirements

Nice to Have

Certifications

AWS Security Specialty certification (required)

Advanced penetration testing certifications (OSCP, GWEB, eWPT, eWPTX)

Security leadership certifications (CISSP, CISM, CISSP)

Cloud architecture certifications (AWS Solutions Architect Professional, DevOps Engineer Professional)

Additional cloud security certifications (Azure Security, GCP Security)

Additional Skills

Experience with multi-cloud security architectures and hybrid environments

Advanced knowledge of serverless security (AWS Lambda, API Gateway, serverless frameworks)

Expertise in security orchestration and automated response (SOAR) platforms

Experience with machine learning / AI security applications and threat detection

Advanced understanding of payment processing security and financial services infrastructure

Experience with regulatory examination processes and security audit leadership

Knowledge of emerging security technologies and threat landscape evolution

Experience with security product evaluation and vendor management

Advanced presentation and executive communication skills

Key Abilities and Traits

Technical Excellence : Demonstrated ability to architect and implement comprehensive security solutions across complex application and cloud environments processing sensitive financial data.

Leadership : Proven capability to lead security initiatives across multiple teams, influence strategic decisions, and mentor engineering talent while representing security needs to executive leadership.

Strategic Thinking : Ability to balance immediate security needs with long-term strategic objectives, translating business requirements into technical security solutions.

Problem-Solving : Expert-level analytical and problem-solving skills with the ability to address complex security challenges spanning application code to cloud infrastructure.

Communication : Exceptional verbal and written communication skills, capable of explaining complex security concepts to technical teams, business stakeholders, and executive leadership.

Continuous Innovation : Commitment to staying current with emerging security threats, technologies, and industry best practices while driving security innovation within the organization.

Project Management : Advanced ability to manage multiple complex security initiatives simultaneously while ensuring compliance with regulatory requirements and business objectives.

Mentorship : Strong commitment to developing junior security talent and fostering a security-conscious culture across engineering teams.

Join our team and let's groove together to the rhythm of innovation and opportunity!

Your Buddy,

Tazapay

Create a job alert for this search

Cloud Security Engineer • Chennai, Tamil Nadu, India

Related jobs

New!

Cloud Security Engineer IV

NoblQHyderabad / Chennai, TN, in

Quick Apply

Focus on creating reusable templates for automating security activities across NCR Voyix managed devices and platforms running in GCP or Azure. Increase security posture, eliminate downtime and driv...Show moreLast updated: 16 hours ago

Security Engineer I (Application Security)

coinswitchINDIA

PeepalCo is a house for brands serving India with tailored wealth-tech products, Making Money Equal for All.Founded by Ashish Singhal, Govind Soni, and Vimal Sagar Tiwari, PeepalCos products includ...Show moreLast updated: 30+ days ago

Senior Lead Application Security Engineer

BAKER HUGHESINDIA

Lead Application Security Engineer.Would you like to innovate with the latest energy technology?.Do you enjoy being part of a successful team?. Join our Digital Technology team.We operate at the hea...Show moreLast updated: 30+ days ago

Senior Application Security Architect

BinanceINDIA

Senior Application Security Architect.Security & IT Helpdesk Security.Binance is a leading global blockchain ecosystem behind the worlds largest cryptocurrency exchange by trading volume and regis...Show moreLast updated: 30+ days ago

Promoted

Cyberark Senior Security Engineer

MajorKey TechnologiesChennai, IN

NOTE : : This role requires the availability for EST hours - 8AM to 4PM OR 7AM to 3PM (Mandatory).You will be joining MajorKey Technologies as a. Senior Identity Security Engineer.Privileged Access Ma...Show moreLast updated: 17 days ago

Cloud & Data Security Engineer - Senior Security Engineer

PaytmINDIA

Information Security - Cloud and Data Security Engineer.Paytm Payments Services Limited houses the Paytm payment gateway business which enables thousands of online merchants to offer world class fr...Show moreLast updated: 30+ days ago

Promoted

Senior Security Engineer - Security Operations Center

BSRI SolutionsChennai

About the Role : Do you want to be on the frontline fighting for safe use within the digital frontier? Does describing your job to your family and...Show moreLast updated: 30+ days ago

Promoted

Application Security Lead

Oak TitaniumChennai, IN

Job Title : Application Security Lead .We are a rapidly growing cybersecurity firm delivering advanced security solutions to enterprises across the Middle East, Europe, and the United States.Our mis...Show moreLast updated: 17 days ago

Web Application Security

NETSACH GLOBALChennai, Tamil Nadu, India

Greetings from Netsach - A Cyber Security Company.We are looking for Web Application Security consultant with minimum of 3+ years of relevant experience in an information security function with goo...Show moreLast updated: 24 days ago

Engineer Cloud Security

Anicalls (Pty) LtdChennai, India

Hands-on experience in designing and implementing large complex size products in the area of ZeroTrust, SSLVPN, Cloud Security. Broad system-level knowledge, preferably with Unix variant.Proficient ...Show moreLast updated: 30+ days ago

Cloud Security Engineer

ServiceNowINDIA

It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today ServiceNow stands as a global market l...Show moreLast updated: 30+ days ago

Promoted

Senior Application Security Analyst

Global Infovision Private LimitedChennai, IN

Job Title : Application Security Analyst.Skills : Threat Modeling, Secure SDL, Dev secops & (Comm skills).Show moreLast updated: 1 day ago

Security Engineer, Hardware Security, Cloud CISO

Google India Pvt LtdINDIA

Security Engineer, Hardware Security.Bachelor's degree in Computer Science, a related field, or equivalent practical experience. Experience in a Reverse Engineering role.Experience with Hardware Sys...Show moreLast updated: 30+ days ago

Cloud Security Engineer

SYNECHRONINDIA

Job Title : Cloud Security Engineer.We are seeking a highly skilled Cloud Security Engineer to join our team.The ideal candidate will have extensive experience in cloud system engineering, security ...Show moreLast updated: 30+ days ago

Cloud Security Engineer

TemenosChennai, TAMIL NADU, IN

The Cloud Security Engineer will act as the most senior technical authority within the Cloud Security Operations team based in India. The role will ensure the security of our banking clients in publ...Show moreLast updated: 16 days ago

Promoted

Senior Cyber Security Engineer

YITRO BUSINESS CONSULTANTS (INDIA) PRIVATE LIMITEDChennai

Senior Security Compliance (Cyber Security) Experience : 8+ years Location : Chennai ...Show moreLast updated: 30+ days ago

Promoted

Application Security Engineer

TELUS DigitalChennai, IN

We are a Digital Customer Experience organization, with a comprehensive coverage of IT Services from Traditional Services to Next Gen Digital Services. At TELUS Digital, we focus on lean, agile, hum...Show moreLast updated: 1 day ago

Senior Application Security Engineer

GenChennai,Tamil Nadu,IND

We’re not just a company; we’re a global force.Fiercely committed to ensuring that everyone, everywhere, can live their lives digitally safe. Our family of brands – Norton, Avast, LifeLock, Avira, A...Show moreLast updated: 17 days ago