DevSecOps Engineer (Cloud Security and Compliance)

Come Back Agency supports US software and technology companies by running their hiring process. We work with delivery and leadership teams to define roles, screen candidates, and manage interviews. Successful candidates are hired directly by the company and become part of its team.
 

This position is with a US-based software company providing custom development and AI implementation for North American clients. The team builds and maintains production software, including AI-enabled systems, and works in long-term client engagements. Team members operate as part of an internal, distributed team and collaborate directly with client stakeholders.
 

About the role:

The company is moving deeper into enterprise work. We need a DevOps leader who can harden our infrastructure, implement security best practices, and drive compliance readiness so we can pass enterprise vendor reviews and pursue certifications like SOC 2 and ISO 27001. You will work directly with engineering and leadership and own the technical program end to end.
 

What you will do

• Build and maintain secure cloud infrastructure and CI CD pipelines
• Implement access control, least privilege, and secrets management across environments
• Standardize logging, monitoring, alerting, and audit trails
• Create and maintain secure SDLC practices, including code scanning, dependency scanning, and change control
• Set up incident response basics, including runbooks, on call expectations, and post incident process
• Drive compliance readiness for SOC 2 and ISO 27001 by implementing required technical controls and gathering evidence
• Own vulnerability management and patching routines for infrastructure and dependencies
• Improve backup, disaster recovery, and business continuity practices
• Support client security questionnaires with clear technical answers and evidence
   

Requirements

• Strong DevOps experience with cloud infrastructure and deployment pipelines
• Hands on experience with AWS, including IAM, networking, compute, and logging services
• Experience with Infrastructure as Code such as Terraform
• Experience with containerization and orchestration, Docker and Kubernetes preferred
• Comfort setting up security tooling, SAST, DAST, dependency scanning, secret scanning
• Ability to document systems clearly and work with auditors or compliance tools when needed
   

Nice to have

• SOC 2 or ISO 27001 experience, even if you were the technical owner not the compliance PM
• Experience with Vanta, Drata, Secureframe, or similar evidence automation tools
• Experience working with HIPAA or other regulated client environments
• AWS certifications such as Solutions Architect or Security Specialty
   

What We Offer:

• Working hours aligned with US time zones, typically 16:00-23:59 Kyiv time.
• English lessons to support clear and confident communication.
• Paid vacation and sick days.
• Fully remote work.
• Opportunities for professional growth within the team.
• Structured, personalized onboarding to help you ramp up effectively.
   

Apply with your resume and a short note outlining your relevant experience. You can also submit it through our website at comeback.ua. Selected candidates will be contacted by Come Back Agency