Senior Technical Cloud Security Assessor



  • Security professional with strong expertise in cloud-native (Azure) environments and proficiency in compliance frameworks
  • A Cloud Security Assessor with the keen ability to design automated solutions and collaborate with stakeholders, ideally holding certifications like CISSP and CISA
  • Remote-first opportunity for US-based employees with the option to work in-person out of our Manhattan office 

Start your adventure with Zip 

Join Zip’s Engineering function and put your name to solving fascinating challenges at scale in an agile, test-driven development environment. If you value good domain-driven design and enjoy delivering quality work at pace, you’ll be a great fit with the squads responsible for building cloud-native software applications that serve millions of customers and process billions of dollars in payments. 

As a Senior Technical Cloud Security Assessor, you will conduct extensive and ongoing technical evaluations of our cloud-native ecosystem and its integrations with third-party products,  to ensure the security and compliance of our Buy Now, Pay Later (BNPL) service. You will collaborate with multiple engineering teams across Zip US to  contribute to the effectiveness and productivity of our SecOps function. You will champion cross-functional risk remediation focus across security, infrastructure, engineering and risk teams.

Interesting problems you’ll get to solve

  • Define, document and assess the catalog of security control requirements at the software application, system, identity and network level, to meet the internal and external security audit requirements using frameworks such as PCI-DSS, ISO 27001, NIST-CSF, SOX and ITGC. 
  • Develop and maintain security control requirements for third party services (e.g., cloud service providers, contractors, vendors, third party products)
  • Continuously collaborate and communicate with internal application owners, legal, compliance and external stakeholders using workflows and collaboration tools such as JIRA, confluence, etc.
  • Monitor and document security impacts across major changes in infrastructure, platforms and software. Receive control gaps from detection & monitoring, incident response and change management activities and track findings to overall security posture
  • Participate in the Policy and Governance process to provide recommendations on security controls, risks, mitigations, and other technical parameters. 
  • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) at major changes or audit intervals. Deliver inherent and residual risk interpretations of controls, gaps and standard remediations in collaboration with engineering and risk functions
  • Maintain management reporting capabilities to describe and communicate KRIs across frameworks
  • Document best practices and control implementations, BCP plans, operational SLAs, procedures and runbooks

Key FY Initiatives

  • Uplifting the Zip U.S. security maturity via standardized security implementations
  • Elevating the application security program to ensure proper security controls from design through production
  • Automate security solutions for automated patching, identity and access management, and API security

What you’ll bring to the team 

  • You have a strong foundation of technical security concepts (such as cloud, virtual machines, microservices, Kubernetes, network appliances, VPN, zero trust IAM, SIEM, EDR) and cloud-native (Azure) primitives (such as Active Directory, PIM, Azure Front Door, Azure WAF, etc).
  • 7+ years experience in the FinTech and Payment industry and deep understanding of security and compliance frameworks such as PCI-DSS, ISO 27001, NIST and SOX.
  • Ability to prioritize and execute programs in a high-growth business environment, collaborating painstakingly with stakeholders across multiple time zones.
  • You have a strong attention to detail, and good command over the English language to translate risk and control requirements into technical control implementation contexts (and vice-versa) 
  • You have a passion for security. You align with big picture business objectives, and understand cost-benefit-risk considerations.
  • Experience reading and interpreting the telemetry from security monitoring tools, incident response analysis and risk remediation processes.
  • Preferred certifications: CISSP, CISA, Microsoft cybersecurity architect 

What you’ll get in return

Zip is a place where you’ll get out what you put in. The newness of our sector means we need to move at pace and embrace change, and our promise to you when you join the team is that you’ll feel empowered and trusted to make big things happen quickly. 

We want you to feel welcome and as though you have the support to be yourself, and care for yourself at work. Because it’s important to us that you make the most of the opportunities you’ll get to grow your skills and your career, and be surrounded by smart, friendly people and leaders that have your back.

We think these are just some of the best things about being a Zipster. We will also offer you:

  • Flexible working culture
  • Incentive programs
  • 20 days PTO every year
  • Generous paid parental leave
  • Leading family support policies
  • 100% employer covered insurance
  • Beautiful Midtown office with a casual dress code
  • Learning and wellness subscription stipend
  • Company-sponsored 401k match

The Pay Range for this position: $135,000 - $186,000 USD based on the industry benchmark for position, function, level and Zip's compensation strategies. However, actual base salary will depend on varying circumstances and individualized factors, such as job-related knowledge, skills, experience, and other objective business considerations. 

Subject to those same considerations, the total compensation package for this position may also include other elements, including a bonus and/or equity awards, in addition to a full range of medical, financial, and/or other benefits. 

Be a part of a team that reflects the diversity of our customers

We pride ourselves on being a workplace that provides equal opportunities to people of all ages, cultural backgrounds, sexual orientations, gender identities, abilities, veteran status, and everything else that makes you unique.

Equally, we’re committed to ensuring our recruitment processes are accessible and inclusive. Please let us know If there are any adjustments that need to be made to ensure you have a fair and equitable experience.

And finally…get to know us


Zip Co Limited (ASX: ZIP) is a digital financial services company, offering innovative, people-centred products that bring customers and merchants together.

Operating in two core markets - Australia and New Zealand (ANZ) and the Americas, Zip offers point-of-sale credit and digital payment services, connecting millions of customers with its global network of tens of thousands of merchants.

We’re proud to be a values-led business and our values - Customer First, Own it, Stronger Together and Change the Game - guide us in everything we do.

I acknowledge by clicking "Submit Application", that the information provided is true and correct. I also understand that any willful dishonesty may render for refusal of this application or immediate termination of employment. By providing your information, you acknowledge that you have read our Zip Applicant and Candidate Privacy Notice and authorize Zip to process your data subject to those terms.

Before you apply, give Zip a try   -> rebrand.ly/check-zip-out

 Before you apply, give Zip a try

We are a proud 2024 Circle Back initiative employer and will respond to every applicant.

  • United States
  • Full-Time
  • IT & Cyber
Apply for this job

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept all cookies”, you consent to the use of ALL the cookies. However, you may visit "Customise settings" to provide a controlled consent.