Lead DevSecOps Engineer
Would you be open to leading the Platform & Cloud Security direction in a top-tier iGaming product? Weβre looking for a DevSecOps Engineer to work on a high-load system. Youβll collaborate closely with the CTO, have full ownership of decisions, remote, and top-of-the-market terms.
Main Responsibilities
β Establish the DevSecOps function, defining best practices and security standards across the Platform Tribe
β Integrate security into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning)
β Harden infrastructure and runtime environments (Linux, Docker, Kubernetes/EKS, RBAC)
β Design and enforce cloud security controls in AWS (IAM least-privilege, GuardDuty, Security Hub, encryption at rest/in transit)
β Define and maintain IaC security policies (Terraform/Terragrunt, drift detection, policy-as-code)
β Implement and manage secrets management solutions (Vault, AWS Secrets Manager)
β Build centralized security monitoring & alerting (Datadog, ELK, CloudWatch, SIEM/SOAR)
β Lead vulnerability management and threat modeling practices
β Automate workflows through scripting (Python, Bash)
β Partner with backend, infrastructure, and platform engineers to embed security in design & delivery
β Contribute to compliance readiness (ISO 27001, GDPR, PCI-DSS)
β Act as a security subject-matter expert, mentoring engineers and raising awareness
β Continuously evaluate and implement new security tools and approaches
Mandatory Requirements
β 5+ years in Security Engineering / DevSecOps roles , with proven success delivering secure infrastructure and applications
β Strong skills in Python and Bash for building and automating security workflows
β Cloud Security (AWS focus) β Deep knowledge of IAM least-privilege design, encryption at rest/in transit, GuardDuty, Security Hub, and best practices for securing multi-account environments
β Implementation of security controls in pipelines (SAST, DAST, dependency scanning, container image scanning, policy-as-code)
β Hardening of Linux systems, Docker, Kubernetes/EKS; strong experience with RBAC, PodSecurity/OPA/Gatekeeper/Kyverno policies
β Terraform/Terragrunt, including policy-as-code, drift detection, and compliance enforcement
β Expertise with HashiCorp Vault, AWS Secrets Manager, or equivalent
β Hands-on with centralized logging, SIEM/SOAR tools (Datadog Security, ELK, CloudWatch, etc.) and incident response workflows
β In-depth understanding of secure network design, segmentation, and monitoring
β Experience with tools enabling temporary, approval-based access (Teleport, AWS IAM Identity Center, Okta, etc.)
β Ability to design and enforce zero trust principles (continuous verification, microsegmentation, contextual access)
β Familiarity with SBOM generation (CycloneDX, Syft), artifact signing (Cosign, Sigstore), and applying SLSA/in-toto frameworks
β Understanding of ISO 27001, GDPR, PCI-DSS (iGaming relevance), plus experience automating compliance checks with IaC and policy engines
Nice to have
β Exposure to Kafka or ClickHouse in security-sensitive environments
β Familiarity with GitOps tooling (FluxCD/ArgoCD)
β Broader knowledge of SOC 2, HIPAA, or other regulatory frameworks
We offer
β Compensation at top industry standards + quarterly bonuses based on transparent evaluation
β Remote-first flexibility and adaptable working hours
β Unlimited paid vacation & sick leave
β Comprehensive medical insurance (for you and your partner)
β Financial support for major life events
β Professional growth budget for courses, training, and certifications
Required skills experience
| Linux | 1 year |
| Docker | 1 year |
| Kubernetes | 1 year |
| RBAC | 1 year |
| Terraform | 1 year |
| AWS | 1 year |
Required languages
| English | B2 - Upper Intermediate |
| Ukrainian | Native |