Security Engineer

RedCore is an international business group that creates technological solutions for digital markets. Our products and services cover fintech, marketing, e-commerce, customer service, communications, and regulatory technologies. 

We are looking for a Security Engineer to join our team!

Requirements:

- 3–4+ years of hands-on experience in DevSecOps, Cloud Security, or Application Security
- Strong understanding of DevOps practices and tools: GitLab CI/CD, ArgoCD, Helm, Terraform, Ansible
- Solid experience securing Kubernetes clusters (EKS, GKE, or self-hosted): NetworkPolicy, Pod Security Standards, RBAC, Kyverno / Gatekeeper, secrets management, and runtime security
- Practical experience with Service Mesh — Istio (and related solutions: Linkerd, Cilium Service Mesh)
- Hands-on experience with IaC scanning and hardening (Terraform, Crossplane): Checkov, Terrascan, tfsec, OPA/Gatekeeper
- Experience with SAST/DAST/SCA tools: Semgrep, SonarQube, Trivy, Grype, Snyk, OWASP ZAP, Nuclei
- Good knowledge of Secure SDLC, Shift-Left approach, Zero Trust, and Secure by Design principles
- Solid understanding of cloud platforms (AWS + GCP required, OpenStack is a plus): IAM, encryption at rest/transit, KMS, and native security services
- Strong Linux administration skills and scripting (Bash, Python).
Experience with SIEM/SOAR and security logging solutions (ELK, Loki+Promtail, OpenSearch)

Will be plus:

- Deep expertise with Cloudflare (WAF, Zero Trust, Page Shield, Workers) or similar solutions
- Experience building Platform Security and Internal Developer Platforms with embedded security
- Strong automation skills for security processes (Policy as Code, automated remediation)
- Familiarity with eBPF-based tools (Falco, Cilium, Tetragon)
- Experience with OpenStack security components (Keystone, Barbican, Neutron, Nova hardening) 
-Knowledge of compliance frameworks (ISO 27001, SOC2, PCI DSS, GDPR)

Responsibilities:

- Design, implement, and maintain secure CI/CD pipelines with maximum automation of security checks (Shift-Left)
- Develop and maintain Security as Code (policies, baselines, compliance checks)
- Ensure security of Kubernetes platforms, workloads, and Service Mesh (Istio)
- Perform security reviews of Terraform modules and infrastructure code
- Configure and maintain WAF, runtime protection, vulnerability management, and secrets management solutions
- Automate detection, triage, and remediation of security findings
- Conduct regular audits of cloud environments and Kubernetes clusters
- Collaborate closely with Development, Platform, and SRE teams to embed security into their processes
- Participate in incident response and post-mortems with a focus on security improvements

Our benefits to you:
🍀 An exciting and challenging job in a fast-growing business group, the opportunity to be part of a multicultural team of top professionals in Development, Architecture, Management, Operations, Marketing, Legal, Finance, and more
🤝🏻 Great working atmosphere with passionate experts and leaders, sharing a friendly culture and a success-driven mindset is guaranteed
🧑🏻‍💻 Modern corporate equipment based on macOS or Windows, and additional equipment is provided
🏖️ Paid vacations, sick leave, personal events days, days off
💵 Referral program — enjoy cooperation with your colleagues and get a bonus
📚 Educational programs: regular internal training sessions, compensation for external education, attendance of specialized global conferences
🎯 Rewards program for mentoring and coaching colleagues
🗣️ Free internal English courses
✈️ In-house Travel Service
🦄 Multiple internal activities: online platform for employees with quests, gamification, presents and news, clubs for movie/book/pets lovers, and more
🎳 Other benefits could be added based on your location