Logo for Zact

Cloud DevSecOps Engineer

Role overview

Qualifications

  • 5+ years of experience in DevSecOps, Cloud Security, or DevOps
  • Strong expertise with Kubernetes (GKE preferred) and container security practices
  • Solid proficiency with Google Cloud (GCP) security architecture
  • Proficient in scripting languages such as Python or Bash

Responsibilities

  • Integrate and automate security controls directly into CI/CD pipelines
  • Design, implement, and maintain secure Infrastructure as Code across multiple environments
  • Drive compliance and continuous auditing, serving as the primary technical point of contact
  • Collaborate with development teams to resolve security vulnerabilities and streamline workflows

About the company

Zact logo

Zact

The Platform for Payment Apps

Company details

Company typeTPE
Company size11 - 50

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Zact is a leading fintech innovator specializing in cutting-edge payments apps. We are currently expanding our team and looking to hire a Cloud DevSecOps Engineer to champion our "shift-left" security initiatives. This is an exciting opportunity to embed security seamlessly into our infrastructure systems, leveraging cloud technologies and automated security practices to build resilient, compliant, and highly secure solutions.

Where You Are

We are a fully remote company with a focus on hiring in the US. While we embrace a remote-first culture, time zones will be an important consideration for collaboration.

What You'll Do

  • Integrate and automate security controls directly into CI/CD pipelines, ensuring continuous vulnerability scanning, code analysis, and secure software delivery.
  • Design, implement, and maintain secure Infrastructure as Code across multiple environments, primarily focusing on Google Cloud (GCP).
  • Drive compliance and continuous auditing, acting as the primary technical point of contact for automated and manual evidence collection, with a heavy focus on PCI-DSS and supporting SOC 2 requirements.
  • Manage and enforce Identity and Access Management (IAM), network security policies, and encryption standards across all cloud environments.
  • Conduct continuous infrastructure security monitoring, threat modeling, and automated compliance auditing using tools like GCP Security Command Center (SCC) and Prisma Cloud.
  • Collaborate with development teams to resolve security vulnerabilities, streamline secure deployment workflows, and cultivate a security-first engineering culture.

Required Skills

  • 5+ years of experience in DevSecOps, Cloud Security, or DevOps, with a deep understanding of securing cloud-native infrastructure and automation.
  • Strong expertise with Kubernetes (GKE preferred) and container security practices, including hands-on experience with Helm.
  • Solid proficiency with Google Cloud (GCP) security architecture, utilizing native tools for posture management and threat detection.
  • Hands-on experience with security tooling such as SAST/DAST, container scanning (e.g., Trivy, Scout, PrismaCloud), and cloud security posture management (CSPM) platforms like Prisma Cloud and GCP Security Command Center.
  • Practical experience working within regulated fintech environments, specifically executing technical evidence collection for PCI-DSS and SOC 2 audits.
  • Proficient in scripting languages such as Python or Bash.
  • Comprehensive knowledge of networking, zero-trust architectures, and system administration in cloud environments.

Preferred Skills

  • Familiarity with configuration management tools (e.g., Terraform, OpenTofu) and IaC security scanning (e.g., tfsec, Checkov).
  • Exposure to microservices architectures and best practices for secure deployment.

About Zact

At Zact, we are redefining expense and payment management systems for organizations. Our mission is to align employee spending with finance and accounting teams while offering built-in controls and continuous reconciliation. As we expand internationally, we're looking for the right people to join us on this exciting journey.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

DevSecOps Engineer Related jobs

Other jobs at Zact

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.