Cloud Security Engineer (Junior/Mid) at Zeller

Devices and Frontend, Full Time, Melbourne (Hybrid) melbourne engineering full-time
Posted 6 months ago

About Zeller

At Zeller, we’re champions for businesses of all sizes, and proud to be a fast-growing Australian scale-up taking on the ambitious goal of reimagining business banking and payments.

We believe in a level playing field, where all businesses benefit from access to smarter payments and financial services solutions that accelerate their cash flow, help them get paid faster, and give them a better understanding of their finances. So we’re hard at work building the tools to make it happen.

Zeller is growing fast, backed by leading VCs, and brings together a global team of passionate payment and tech industry professionals. With an exciting roadmap of innovative new products under development, we are building a high performing team to take on the outdated banking solutions. If you are passionate about innovation, thrive in fast-paced environments, embrace a challenge, hate bureaucracy, and can’t think of anything more exciting than disrupting the status-quo, then read on to learn more.

About the role
As a Cloud Security Engineer you will be energetic and cool headed with experiences in maintaining AWS security. You will be responsible for process automation, designing, developing and maintaining AWS cloud and  services related to network, backup, content delivery, vulnerability scanning, config management and application security.

With automation being at the heart of our engineering principles, this position will have the enviable opportunity to adopt and promote best practises, not limited to a single product area or type, this role will work in a cross functional team with skill sets in full stack software engineering, infrastructure, quality assurance to architecture. You will collaborate with a cross-disciplinary team to support product development, operations support, compliance activities and SLA upkeep requirements.

You’ll be tasked with researching the potential impact of software vulnerabilities and security incidents. Automation is key, so you'll get to identify and develop tooling to automate and continuously improve the security and refine vulnerability management processes across the infrastructure.

Your responsibilities will include:

  • Conduct penetration testing and vulnerability assessments on AWS-based systems, applications, and networks to identify security weaknesses and potential risks.
  • Develop and execute comprehensive penetration testing plans, including scoping, reconnaissance, exploitation, and reporting.
  • Collaborate with development and operations teams to address security vulnerabilities and recommend appropriate mitigation strategies.
  • Design, implement, and maintain security controls for AWS services, including Identity and Access Management (IAM), Virtual Private Cloud (VPC), Security Groups, and Network Access Control Lists (NACLs).
  • Monitor and analyze security logs and alerts from AWS services, such as CloudTrail, GuardDuty, and Config, and take appropriate actions to mitigate potential threats.
  • Stay up-to-date with the latest AWS security threats, vulnerabilities, and best practices, and proactively implement necessary countermeasures.
  • Conduct security reviews of AWS architecture designs, deployments, and configurations to ensure compliance with industry standards and regulatory requirements.
  • Collaborate with cross-functional teams to establish incident response plans and participate in security incident investigations and resolution.
  • Provide guidance and support to other teams regarding secure AWS development practices, security guidelines, and threat mitigation techniques.
  • Document security processes, procedures, and guidelines, and contribute to the development of security policies and standards specific to AWS.
  • What we are looking for

  • Proven experience as an AWS Security Engineer or related role with a focus on penetration testing in an AWS environment.
  • In-depth knowledge of AWS services, architecture, and security best practices, including IAM, VPC, AWS Config, AWS CloudTrail, AWS WAF, etc.
  • Hands-on experience with penetration testing tools and frameworks, such as Kali Linux, Burp Suite, Metasploit, and Nessus, specifically applied to AWS environments.
  • Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10), network protocols, and security technologies.
  • Familiarity with security frameworks and standards, such as NIST Cybersecurity Framework, ISO 27001, and PCI DSS, as applied to AWS environments.
  • Experience with scripting and automation using languages like Python, PowerShell, or Bash, with a focus on AWS CLI and SDKs.
  • Strong analytical and problem-solving skills, with the ability to assess risks and recommend appropriate security controls.
  • Excellent communication and collaboration skills, with the ability to work effectively across cross-functional teams and present complex security concepts to non-technical stakeholders.
  • AWS Certified Solutions Architect - Associate or higher certification is a plus.
  • Bonus points

  • Experience in working within a high-growth environment.
  • Security professional certifications encouraged (AWS Advanced Sec Specialist, CISSP etc.) 
  • Experience in other cloud platforms (Azure, Google)
  • Experience in payments
  • Experience with PCI compliant environments (PCI-DSS, etc)
  • Like the rest of the team, you’ll benefit from:

    A competitive salary package, including equity from an early stage;
    A balanced, progressive, and supportive work environment;
    Excellent parental leave and other leave entitlements;
    A fantastic office environment;
    Endless learning and development opportunities;
    Plenty of fun and social opportunities - we love to come together as a team;
    An ability to influence and shape the future of Zeller as our company scales both domestically and globally;
    Being part of one of Australia’s most exciting scale-ups.