Job Description

About Snapmint Snapmint is a leading fintech company redefining access to consumer credit in India. With over 10 million customers across 2,200+ cities, our zero-cost EMI platform enables responsible purchases without the need for a credit card across categories like fashion, electronics, and lifestyle. India has over 300 million credit-eligible consumers, yet fewer than 35 million actively use credit cards. Snapmint addresses this gap by offering a trusted, transparent alternative grounded in financial inclusion and ethical lending practices. Founded in 2017, Snapmint is a profitable, high-growth company doubling year-on-year. Our founding team, alumni of IIT Bombay and ISB and have successfully built and exited ventures in ad-tech, patent analytics, and bank-tech. We are building the future of responsible consumer finance, simple, transparent, and customer-first. https://snapmint.com/ https://www.linkedin.com/company/snapmintfinserv/mycompany/ About the role We are looking for a highly motivated DevSecOps Engineer with 4+ years of hands-on experience in integrating security into the DevOps lifecycle. The ideal candidate will work closely with development, security, and operations teams to ensure our applications and infrastructure are secure, scalable, and efficient from development through deployment as per ISO/PCI-DSS guidelines Key Responsibilities ?Integrate security best practices into CI/CD pipelines (GitLab, Jenkins, GitHub Actions, etc.) ?Automate security scans (SAST, DAST, dependency checks) and enforce policies ?Implement Infrastructure as Code (IaC) using tools like Terraform, CloudFormation, or Ansible ?Collaborate with development teams to remediate vulnerabilities and conduct threat modeling ?Monitor infrastructure and application security with tools like Wazuh/Ossec or equivalent ?Manage secrets and credentials securely using Vault, AWS Secrets Manager, etc. ?Perform regular security audits and assessments for cloud environments (AWS, GCP, Azure) ?Improve logging, monitoring, and alerting for security anomalies (e.g., using ELK, Prometheus, Loki, SIEM tools) ?Stay current on security trends, vulnerabilities, and compliance requirements ?Incident Reviews and Reporting Requirements ? 4+ years of experience in DevOps/Security engineering or a related role ?Strong understanding of CI/CD practices with experience automating security checks ?Hands-on experience with container security (Docker, Kubernetes, image scanning) ?Familiarity with cloud platforms (AWS/GCP) and cloud security principles ?Experience with tools like SonarQube, OWASP ZAP, Trivy, Checkov, or snyk ?Proficiency in scripting (Python, Bash, or similar) ?Knowledge of IAM, RBAC, and least privilege principles ?Good understanding of network and application security fundamentals ?Strong collaboration and communication skills ?Strong Security Framework knowledge and experience with PCI-DSS/ ISO ?Patch Management, VA scan for Servers Preferred Qualifications ?Certifications: AWS Security, Certified DevSecOps Professional, CEH, or similar ?Experience with compliance frameworks (SOC2, ISO 27001, PCI-DSS, etc.) ?Familiarity with Zero Trust Architecture and Secure SDLC concept Location: Gurugram (Unitech Cyber Park, Sector 39) Work Days: Monday - Friday(on-site)