Who we are
Founded in 2002, Zafin offers a SaaS product and pricing platform that simplifies core modernization for top banks worldwide. Our platform enables business users to work collaboratively to design and manage pricing, products, and packages, while technologists streamline core banking systems.
With Zafin, banks accelerate time to market for new products and offers while lowering the cost of change and achieving tangible business and risk outcomes. The Zafin platform increases business agility while enabling personalized pricing and dynamic responses to evolving customer and market needs.
Zafin is headquartered in Vancouver, Canada, with offices and customers around the globe including ING, CIBC, HSBC, Wells Fargo, PNC, and ANZ. Zafin is proud to be recognized as a top employer and certified Great Place to Work® in Canada, India and the UK.
What is the opportunity?
Zafin is seeking a detail-oriented and technically adept DevSecOps Engineer to join our Information Security Team. The candidate will play a key role in integrating security practices across the software development lifecycle, ensuring that security is considered at every stage, from development through to deployment and maintenance. The role requires close collaboration with both development and engineering teams to implement security measures, automate security processes, and respond to security incidents in cloud environments. The ideal candidate will have experience with DevOps practices, application security, and cloud security, with a strong focus on automation.
What will you do?
Infrastructure as Code (IaC) and Security Automation: Assist the relevant teams to Implement and maintain security configurations using Infrastructure as Code (IaC) in cloud environments (e.g., Azure,). Automate security practices in CI/CD pipelines using tools such as Jenkins, GitLab, or Azure DevOps. Ensure that all security checks are automated, including vulnerability scans, code analysis, and compliance checks before deployments.
Application Security: Collaborate with development teams to ensure secure coding practices and integrate application security tools (e.g., Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA)) into the CI/CD pipeline. Perform code reviews to identify and mitigate security vulnerabilities, ensuring that applications adhere to security best practices such as OWASP Top 10.
Security Monitoring and Incident Response: Assist in monitoring application and infrastructure environments for security incidents using tools like SIEM (e.g., Azure Sentinel) and Cloud Security Posture Management (CSPM). Respond to security alerts and coordinate with the security team to investigate and mitigate incidents. Participate in post-incident analysis and recommend enhancements to prevent recurrence.
Collaboration and Support: Collaborate with DevOps, security, and development teams to incorporate security measures into application development and deployment. Provide training and support to development teams on secure coding practices and security tooling. Assist with troubleshooting security issues and conducting root cause analysis
Compliance and Governance: Ensure adherence to security frameworks, such as ISO 27001, NIST, and regulatory requirements like GDPR or SOC 2. Work with compliance teams to support security audits, identify gaps, and implement controls. Ensure applications and infrastructure are configured in line with the organization’s security policies and regulatory requirements.
Security Tool Optimization and Maintenance: Configure, optimize, and maintain security tools, including vulnerability scanners, identity management solutions, and cloud security tools (e.g., Azure Security Center). Ensure that these tools are kept up to date with the latest security policies and are functioning efficiently in detecting and mitigating threats
What you’ll need to succeed?
Experience with CI/CD pipelines (Jenkins, GitLab, Azure DevOps)
Familiarity with application security practices, including secure coding and vulnerability management
Knowledge of security tools (e.g., SAST, DAST, CSPM)
Minimum 2-4 years of experience in DevSecOps, Cloud Security, or Application Security
Experience in cloud environments (Azure, AWS) and scripting (Python, Bash)
Experience with containerization (Docker, Kubernetes)
Ability to analyze complex situations, make sound judgments, and take decisive actions in high-pressure situations.
Strong verbal and written communication skills to effectively convey security issues and recommendations to both technical and non-technical stakeholders.
Certifications Few of the following certifications:
Microsoft Azure Administrator (AZ-104) or Azure Security Engineer (AZ-500)
Certified Kubernetes Security Specialist (CKS)
CompTIA Security+, CEH, or equivalent security certifications
Certified Application Security Engineer (CASE) or equivalent for application security expertise
Azure/ Microsoft 365 Experience working on Azure Environment
What’s in it for you
Joining our team means being part of a culture that values diversity, teamwork, and high-quality work. We offer competitive salaries, annual bonus potential, generous paid time off, paid volunteering days, wellness benefits, and robust opportunities for professional growth and career advancement. Want to learn more about what you can look forward to during your career with us? Visit our careers site and our openings: zafin.com/careers
Zafin welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.
Zafin is committed to protecting the privacy and security of the personal information collected from all applicants throughout the recruitment process. The methods by which Zafin contains uses, stores, handles, retains, or discloses applicant information can be accessed by reviewing Zafin’s privacy policy at https://zafin.com/privacy-notice/. By submitting a job application, you confirm that you agree to the processing of your personal data by Zafin described in the candidate privacy notice.
