DevSecOps Engineer

Branch Overview
Branch is a leading AI-based lending fintech with 50M+ downloads across India and Africa. We use alternative data to reach millions of people that are largely excluded from the financial sector. Headquartered in Silicon Valley with operations in India, Nigeria and Kenya, Branch is a for-profit, socially conscious company built for scale and impact. Our mission-driven team—founded and led by the former CEO of Kiva.org—now spans 400+ employees globally. We’re backed by investors such as Andreessen Horowitz, Visa, and the IFC.

Job Overview

We are seeking a hands-on Cloud Security Engineer to help secure the infrastructure and platforms that power our global Fin-Tech systems. In this role, you will work at the intersection of cloud infrastructure, security engineering, and DevSecOps to identify attack surfaces, strengthen security guardrails, and embed security directly into our engineering workflows. You will focus on securing our AWS environments, container platforms, and deployment pipelines while helping engineers design systems that are resilient to real-world threats.

You will collaborate closely with platform engineers, DevOps teams, and application developers to proactively identify risks, automate security controls, and improve the overall security posture of our systems. This role requires someone who can think like an attacker but build like an engineer. You are someone who enjoys identifying weaknesses, designing preventative controls, and building security automation that scales with the platform.
You will work closely with our engineering teams across India, the United States, Nigeria, and Kenya, collaborating across time zones to help build and secure a world-class Fin-Tech platform serving millions of users globally.
As a company, we are passionate about our customers, fearless in the face of barriers, and driven by data. As an engineering team, we value bottom-up innovation and decentralized decision-making. We believe the best ideas can come from anyone in the company. We work hard to create an environment where everyone feels empowered to propose solutions, challenge assumptions, and drive meaningful impact. We are looking for individuals who thrive in a fast-moving, innovative, and customer-focused setting and want to contribute to building scalable, reliable, and efficient backend systems.
Responsibilities

• Identify and secure attack surfaces across our AWS infrastructure, Kubernetes clusters, and internal platforms by proactively assessing misconfigurations, access risks, and exposed services.
• Design and implement preventative cloud security guardrails including IAM hardening, network controls, secrets management, and infrastructure security best practices.
• Conduct security design reviews for new services and infrastructure changes to identify architectural risks before systems reach production.
• Build and integrate security checks directly into CI/CD pipelines to enforce automated scanning for vulnerabilities, container images, infrastructure configurations, and application dependencies.
• Develop automation and internal tooling to detect, prevent, and remediate security issues such as leaked secrets, excessive permissions, insecure configurations, and vulnerable dependencies.
• Perform threat modeling and adversarial analysis of infrastructure and application systems to identify realistic attack paths and improve system defenses.
• Improve visibility into the security posture of our systems through monitoring, logging, and security signal generation across cloud infrastructure and workloads.
• Investigate security incidents and vulnerabilities, perform root cause analysis, and implement long-term fixes to prevent recurrence.
• Collaborate closely with platform, infrastructure, and application engineering teams to ensure security is embedded in development workflows and infrastructure design.
• Contribute to building scalable security practices including vulnerability management processes, security automation frameworks, and infrastructure security standards.

Qualifications

• 4–8 years of experience in cloud security, DevSecOps, security engineering, or related roles involving infrastructure and application security.
• Strong understanding of applied cryptography and ability to choose the right security tools, techniques, and approach for securing systems from a variety of threats.
• Strong hands-on experience securing AWS environments including IAM policies, networking controls, access management, logging, and infrastructure hardening.
• Practical experience working with Kubernetes and containerized environments, including securing container images, workloads, and cluster configurations.
• Experience integrating security controls into CI/CD pipelines and development workflows, including automated vulnerability scanning and dependency security checks.
• Ability to write automation and security tooling using scripting or programming languages such as Python, Go, or similar.
• Familiarity with Infrastructure-as-Code tools such as Terraform and an understanding of securing infrastructure configurations and deployment pipelines.
• Experience identifying and remediating cloud security risks such as excessive IAM permissions, exposed services, insecure secrets management, and vulnerable infrastructure components.
• Understanding of common cloud and application security threats including privilege escalation, credential leakage, network exposure, and supply chain vulnerabilities.
• Strong problem-solving mindset with the ability to think adversarially about systems and proactively identify potential attack paths.
• Excellent collaboration and communication skills (verbal as well as written) with the ability to work closely with engineering teams and other stakeholders to improve security posture without slowing development velocity.
• Bonus experience includes security research, penetration testing, bug bounty participation, building internal security tooling, or contributions to security-focused open-source projects.
• Bonus abilities include ability to lead and mentor a team, and ability to drive complex projects spanning code bases, systems, and people.

Benefits of Joining

• Be part of a mission-driven, fast-paced, and entrepreneurial environment that fosters innovation and impact.
• Receive a competitive salary and equity package, reflecting your value and contributions.
• Thrive in a collaborative and flat company culture that encourages open communication and idea-sharing.
• Enjoy the flexibility of a remote-first work setup, with opportunities for occasional in-person collaboration.
• Benefit from fully-paid Health Insurance to support your well-being.
• Work-life balance is not a myth. Take advantage of paid time off, including personal leave, bereavement leave, and sick leave.
• Access fully paid parental leave, with 6 months of maternity leave and 3 months of paternity leave.
• Leverage annual professional development budget to upskill and advance your career.
• Enjoy team meals and social events, both virtual and in-person, to connect and bond with colleagues.

We’re looking for more than just qualifications – if you’re unsure that you meet the criteria but identify with our vision of providing equal opportunity to everyone to access financial services, please do not hesitate to apply!

Branch International is an Equal Opportunity Employer. The company does not and will not discriminate in employment on any basis prohibited by applicable law.