Secure Site Reliability Engineer

Zenus Bank

El Cinco, San Juan, Puerto Rico

Published: 6/14/2022

Technology

Full Time

Job Description

Job DescriptionSalary:

About Zenus

Zenus mission is to facilitate banking beyond borders. Operating in over 150 countries, we enable people and businesses to open a US bank account online, without the need to be a US citizen, resident, or a company registered in the US opening up the security, stability and freedom of US banking to the world. As a signatory of the UNs Principles for Responsible Banking, we are committed to making finance fair.

Our state-of-the-art technology, exclusive partnerships and proprietary processes are now being made available via our embedded banking services to enable other businesses to create new financial service experiences for their customers.

Headquartered in San Juan, Puerto Rico and with offices in Europe, the US, Central and South America, we have a diverse and inclusive team.

About the role

The Security Site Reliability Engineer (SSRE) is responsible for ensuring the reliability, consistency, and continuous execution of security controls across CI/CD pipelines and cloud delivery workflows.
Operating within the SecOps domain and reporting to the Information Security Officer (ISO), the SSRE focuses on automating security controls, enforcing policy-as-code, and guaranteeing that security validations always execute as designed throughout the delivery lifecycle.

This role owns how security controls are executed and enforced, not application security testing, cloud configuration ownership, or service uptime.

Responsibilities & duties:

Integrate and maintain automated security controls within CI/CD pipelines (SAST, SCA, DAST, IaC scans).
Enforce security gates and policy-as-code validations across all delivery stages.
Ensure the reliability and consistency of security checks (controls never skipped or bypassed).
Monitor execution health of security controls and detect failures or misconfigurations.
Maintain dashboards and metrics related to security control execution (not service availability).
Collaborate with AppSec to ensure application security scans are executed correctly.
Collaborate with CloudSec to ensure cloud security policies are enforced during deployments.
Support security incident investigations related to control failures or pipeline bypasses, under ISO guidance.
Maintain automated security evidence (logs, reports, pipeline artifacts) for audit purposes (minimum 24 months).
Develop and maintain SSRE runbooks, control definitions, and operational workflows.

What you need for this role:

3+ years of experience in DevSecOps, security engineering, or CI/CD automation roles.
Strong hands-on experience with CI/CD platforms (Azure DevOps, GitHub Actions, Jenkins).
Experience integrating security scanning tools into pipelines.
Knowledge of Infrastructure as Code (Terraform, Bicep, ARM) from a validation perspective.
Experience with scripting and automation (Python, PowerShell, Bash).
Understanding of cloud-native security concepts and delivery pipelines.
Familiarity with compliance-driven environments (ISO 27001, SOC 2).