About Zenus
Zenus mission is to facilitate banking beyond borders. Operating in over 150 countries, we enable people and businesses to open a US bank account online, without the need to be a US citizen, resident, or a company registered in the US opening up the security, stability and freedom of US banking to the world. As a signatory of the UNs Principles for Responsible Banking, we are committed to making finance fair.
Our state-of-the-art technology, exclusive partnerships and proprietary processes are now being made available via our embedded banking services to enable other businesses to create new financial service experiences for their customers.
Headquartered in San Juan, Puerto Rico and with offices in Europe, the US, Central and South America, we have a diverse and inclusive team.
About the role
The Security Site Reliability Engineer (SSRE) is responsible for ensuring the reliability, consistency, and continuous execution of security controls across CI/CD pipelines and cloud delivery workflows.
Operating within the SecOps domain and reporting to the Information Security Officer (ISO), the SSRE focuses on automating security controls, enforcing policy-as-code, and guaranteeing that security validations always execute as designed throughout the delivery lifecycle.
This role owns how security controls are executed and enforced, not application security testing, cloud configuration ownership, or service uptime.
Responsibilities & duties:
Integrate and maintain automated security controls within CI/CD pipelines (SAST, SCA, DAST, IaC scans).Enforce security gates and policy-as-code validations across all delivery stages.Ensure the reliability and consistency of security checks (controls never skipped or bypassed).Monitor execution health of security controls and detect failures or misconfigurations.Maintain dashboards and metrics related to security control execution (not service availability).Collaborate with AppSec to ensure application security scans are executed correctly.Collaborate with CloudSec to ensure cloud security policies are enforced during deployments.Support security incident investigations related to control failures or pipeline bypasses, under ISO guidance.Maintain automated security evidence (logs, reports, pipeline artifacts) for audit purposes (minimum 24 months).Develop and maintain SSRE runbooks, control definitions, and operational workflows.What you need for this role:
About Zenus
Zenus mission is to facilitate banking beyond borders. Operating in over 150 countries, we enable people and businesses to open a US bank account online, without the need to be a US citizen, resident, or a company registered in the US opening up the security, stability and freedom of US banking to the world. As a signatory of the UNs Principles for Responsible Banking, we are committed to making finance fair.
Our state-of-the-art technology, exclusive partnerships and proprietary processes are now being made available via our embedded banking services to enable other businesses to create new financial service experiences for their customers.
Headquartered in San Juan, Puerto Rico and with offices in Europe, the US, Central and South America, we have a diverse and inclusive team.
About the role
The Application Security Engineer (AppSec) is responsible for ensuring the security of applications, APIs, and software components throughout the software development lifecycle.
Operating within the SecOps domain and reporting to the Information Security Officer (ISO), the AppSec role focuses on secure design, code-level security, vulnerability identification, and controlled offensive testing, ensuring that applications meet organizational security standards before and after deployment.
This role owns what is built securely, not cloud platform configuration or CI/CD automation.
Responsibilities & duties:
Perform application security testing, including SAST, SCA, and DAST analysis.Execute internal manual penetration testing of applications and APIs on a quarterly basis, within approved scope.Conduct threat modeling for new applications and significant changes.Identify, analyze, and document application-level vulnerabilities and security weaknesses.Work directly with development teams to support secure remediation and secure coding practices.Define and maintain secure coding standards aligned with OWASP Top 10 and OWASP API Top 10.Validate that security findings are properly remediated before release.Maintain vulnerability tracking and reporting in Archer or approved systems.Support ISO during audits and security assessments by providing application security evidence.What you need for this role:
