Lead DevSecOps Engineer

We are now building a Platform & Cloud Security function and are looking for the first hire to launch and lead it. This is a rare opportunity to set the standards from scratch and shape how security is embedded into a modern, high-load, cloud-native environment.

Main Responsibilities

– Establish the DevSecOps function, defining best practices and security standards across the Platform Tribe

– Integrate security into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning)

– Harden infrastructure and runtime environments (Linux, Docker, Kubernetes/EKS, RBAC)

– Design and enforce cloud security controls in AWS (IAM least-privilege, GuardDuty, Security Hub, encryption at rest/in transit)

– Define and maintain IaC security policies (Terraform/Terragrunt, drift detection, policy-as-code)

– Implement and manage secrets management solutions (Vault, AWS Secrets Manager)

– Build centralized security monitoring & alerting (Datadog, ELK, CloudWatch, SIEM/SOAR)

– Lead vulnerability management and threat modeling practices

– Automate workflows through scripting (Python, Bash)

– Partner with backend, infrastructure, and platform engineers to embed security in design & delivery

– Contribute to compliance readiness (ISO 27001, GDPR, PCI-DSS)

– Act as a security subject-matter expert, mentoring engineers and raising awareness

– Continuously evaluate and implement new security tools and approaches

Mandatory Requirements

– 5+ years in Security Engineering / DevSecOps roles , with proven success delivering secure infrastructure and applications

– Strong skills in Python and Bash for building and automating security workflows

– Cloud Security (AWS focus) — Deep knowledge of IAM least-privilege design, encryption at rest/in transit, GuardDuty, Security Hub, and best practices for securing multi-account environments

– Implementation of security controls in pipelines (SAST, DAST, dependency scanning, container image scanning, policy-as-code)

– Hardening of Linux systems, Docker, Kubernetes/EKS; strong experience with RBAC, PodSecurity/OPA/Gatekeeper/Kyverno policies

– Terraform/Terragrunt, including policy-as-code, drift detection, and compliance enforcement

– Expertise with HashiCorp Vault, AWS Secrets Manager, or equivalent

– Hands-on with centralized logging, SIEM/SOAR tools (Datadog Security, ELK, CloudWatch, etc.) and incident response workflows

– In-depth understanding of secure network design, segmentation, and monitoring

– Experience with tools enabling temporary, approval-based access (Teleport, AWS IAM Identity Center, Okta, etc.)

– Ability to design and enforce zero trust principles (continuous verification, microsegmentation, contextual access)

– Familiarity with SBOM generation (CycloneDX, Syft), artifact signing (Cosign, Sigstore), and applying SLSA/in-toto frameworks

– Understanding of ISO 27001, GDPR, PCI-DSS (iGaming relevance), plus experience automating compliance checks with IaC and policy engines

Nice to have

– Exposure to Kafka or ClickHouse in security-sensitive environments

– Familiarity with GitOps tooling (FluxCD/ArgoCD)

– Broader knowledge of SOC 2, HIPAA, or other regulatory frameworks

We offer

– Compensation at top industry standards + quarterly bonuses based on transparent evaluation

– Remote-first flexibility and adaptable working hours

– Unlimited paid vacation & sick leave

– Comprehensive medical insurance (for you and your partner)

– Financial support for major life events

– Professional growth budget for courses, training, and certifications