Jobs

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a talented and motivated Junior Pentester who will join our security team to work on penetration testing and vulnerability/cloud security assessment projects.

We expect a short motivation letter where you can explain your skills, achievements and motivation.

Required skills

- Solid non-commercial cybersecurity experience, such as HTB/THM

- Junior-level cybersecurity certifications would be a plus.

- Comfortable with basic application security testing and common vulnerabilities (like OWASP Top 10, CWE Top 25) and cybersecurity fundamentals

- Strong basic IT skills: Linux, networking (TCP/IP, DNS, HTTP etc.)

- Some experience in scripting/coding languages, such as Java, JS, Python, Shell, etc.

- Strong drive to learn and develop cybersecurity skills

- Technical English (Intermediate)

We offer

- Good salary + bonus system

- Rewarding environment: brilliant team ready to share knowledge and collaborate

- Support in obtaining professional certifications, such as BSCP, OSCP, eWPTX, cloud certifications, etc.

- Courses and conferences which are relevant to the position are sponsored by the company.

- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Execute penetration tests and security assessments as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more

- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps

- Conduct security research

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a Middle/Senior Security Consultant / Penetration tester to work on and lead penetration testing and vulnerability/cloud security assessment projects.

In this role, you will work on technically challenging projects and also spend some time leading/mentoring our junior pentesting colleagues.

Required skills

- 1.5+ years of intensive commercial experience

- OSCP, eWPTx2 or similar would be a plus

- Scripting/coding skills and being comfortable with advanced pentesting tooling

- Strong knowledge of mobile/web security

- Comfortable with cloud and container security

- Basic RE skills

- Ability to mentor/lead colleagues

- Strong ability and drive to learn and develop cybersecurity skills

- Technical English (Intermediate+)

We offer

- Good salary + bonus system

- Diverse project portfolio and technologies to work with

- Rewarding environment: brilliant team ready to share knowledge and collaborate

- Courses and conferences which are relevant to the position are sponsored by the company.

- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Participate in various pentesting projects

- Lead junior colleagues

- Perform threat modeling in pentesting and security assessment projects

- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps

- Consult clients on efficient issues remediation

- Conduct security researches

- Develop tools and scripts to automate and improve current pentesting processes

SOFTPROM VAD distrtibutor is looking for IT security engineer in Warsaw office.

Requirements:

• Experience in installation, administration and technical supporting of security solutions on windows and Linux

• Experience on the position of security/network engineer more than 2 years

• Experience in installation, administration and technical supporting of security solutions on windows and linux

• Knowledge of security technology Network Monitoring, Privileged Account Management, Endpoint Detection and Response

• Working with widespread information systems based on virtualization technology

• Strong presentation, business communication and interpersonal skills

• Strong knowledge of network technology

• Knowledge of English to reading technical documentation and higher

• Polish language C2

Desired skills:

• Experience in Unix-like environments

• Experience in installation, administration and supporting of SIEM solutions, SOAR, Attack Surface Management

• Deep understanding of networking

• Understanding of regular expressions

Responsibilities:

• Preparing and delivering customer presentations, demonstrations and webinars of the software

• PoC providing

• Delivering of technical courses

• Technical consulting

• Writing the project documentation

• Supporting of demo environment

Working conditions:

• 3 month probationary period

• Fix + bonuses

• B2B Contract with the Austrian company

• work from home office

We are inviting you, a highly motivated and results-oriented Security Engineer to join our team for ensuring and developing solutions, as well as strengthening the product infrastructure.

Our team has unique expertise in research, analysis, and product development. By relying on technical insights and a data-driven approach, we create disruptive future-defining innovations of the fin-tech industry that remain our basis for success.

Responsibilities

• Develop, implement, maintain, upgrade, and test cybersecurity products
• Provide cybersecurity-related support to users and customers
• Integrate cybersecurity solutions into systems and services, ensuring their stability and performance
• Securely configure systems, services, and products
• Maintain and upgrade the security of systems, services, and products
• Implement cybersecurity procedures and controls
• Monitor and ensure the performance of the implemented cybersecurity controls
• Document and report on the security of systems, services, and products
• Work closely with the Engineering teams on cybersecurity-related actions
• Implement, apply, and manage patches to products to address technical vulnerabilities

Requirements

• 3+ years of experience in information security and cybersecurity roles
• Background in development, DevOps, system administration, etc.
• Hands-on experience in developing, integrating, and testing security solutions
• Experience with vulnerability analysis and incident response
• Proficiency in scripting languages such as Python, Bash, PowerShell, etc
• Solid understanding of secure development lifecycle, operating system security, and computer network security
• Experience with both offensive and defensive security practices
• Knowledge of cybersecurity controls, solutions, and technologies
• Ability to collaborate with cross-functional teams and colleagues
• Effective communication and presentation skills to report to stakeholders
• Strong analytical and problem-solving skills
• Reliability, integrity, and responsibility in handling sensitive information and security tasks

• Upper-Intermediate English

   

Will be a plus

• Experience with Ruby, Go, or other programming languages

• Security certifications 

   

We offer

• Compensation for tax expenses of private entrepreneurs in Ukraine
• Qualified assistance and support for Ukrainian private entrepreneurs
• 10 paid sick leave days per year
• 20 paid vacation days per year
• Public holidays according to current Ukrainian legislation
• Medical insurance for employees
• Compensation for professional education and learning English
• Compensation for a sports subscription or sports equipment

LoopMe, the leading outcomes-based platform, closes the loop on digital advertising. By leveraging our patented AI technology to optimize media delivery in real-time, we drive measurable uplift for business outcomes across brand lift, purchase intent, consideration, foot traffic, and sales.

We are looking for a motivated Junior InfoSec Specialist to join our security team. The ideal candidate will have a basic understanding of information security principles and a strong desire to develop practical skills in a dynamic, cloud-driven environment. You will assist with securing LoopMe’s platforms, learning from experienced team members and gaining exposure to modern technologies like Kubernetes, GCP, PostgreSQL, ClickHouse, Envoy, and Kafka.

Responsibilities:

• Support the development and maintenance of information security policies and procedures.
• Assist in performing risk assessments, security audits, and threat monitoring.
• Help monitor and respond to security incidents under supervision.
• Participate in maintaining security tools such as SIEM, DLP, and WAF.
• Learn and assist with integrating security practices into development workflows (Secure SDLC, code reviews).
• Help ensure compliance with security standards (ISO/IEC 27001, NIST, OWASP, CIS Controls).
• Participate in security awareness training for employees.
• Support the secure architecture of platforms including GCP, Kubernetes, ClickHouse, Kafka, PostgreSQL, and Envoy.
• Stay updated with emerging threats and vulnerabilities.

Requirements:

Education & Experience:

• Foundational knowledge of IT, cybersecurity, or system administration, demonstrated through formal education, self-learning, online courses, or hands-on experience.
• Internship, project participation, or up to 1 year of relevant experience is a plus.

Technical Skills:

• Basic understanding of computer networks and common protocols (TCP/IP, DNS, HTTP/S, VPN).
• Familiarity with at least one scripting language (Bash, Python, or PowerShell) and willingness to learn automation.
• Interest in cloud platforms (preferably GCP, AWS, or Azure).
• Basic knowledge of Linux/Unix administration.
• Understanding of information security principles (encryption, authentication, access control) is a plus.
• Willingness to learn and work with tools like SIEM, IAM/SSO/MFA, and modern cloud/data technologies (Kubernetes, Kafka, PostgreSQL, ClickHouse, Envoy).

Nice-to-Have Qualifications:

• Participation in security courses, bootcamps, or open-source security projects.
• Relevant certifications (e.g., CompTIA Security+, AWS/GCP/Azure Fundamentals, or similar) are a plus.
• Good written and verbal communication skills, attention to detail, and strong motivation to grow in information security.

Benefits:

• Competitive compensation package
• Flexible working schedule and the hybrid type of work
• Annual performance bonus
• One month of workation (you can work from any part of the world for one month)

We are looking for a hands-on, proactive IT Infrastructure & Security Manager to lead and scale our internal IT systems, security practices, and workflows across distributed teams. You will be responsible for ensuring the integrity, availability, and security of systems used across the organization.

You’ll work cross-functionally with various teams to design and enforce systems that protect our clients and our people.

Requirements

• 5+ years of experience as a IT help desk engineer/system admin or network engineer
• Experience with internal network management: LANs, WANs, WLANs, VPNs, Firewalls, Routers
• Excellent Linux/Windows system administration and troubleshooting skills
• Experience with configuring and extending monitoring tools
• Excellent problem solving, interpersonal communication and project management skills a must
• Ability to prioritize and execute tasks in a high-pressure environment and make sound decisions in emergency situations
• Strong customer service orientation. Experience working in a team-oriented, collaborative environment

Would be a strong plus:

• Experience managing distributed environments (across EU, LATAM, APAC, etc)

Responsibilities:

• Own and manage all IT infrastructure, access controls, and endpoint security practices across global teams.
• Develop/implement/support internal IT infrastructure;
• Develop/implement/support company IT security policy;
• Communicate with our internal stakeholders in a professional and service-oriented way;
• Create and maintain documentation of the IT environment;
• Test server performance and provide network presentation statistics
• Own budget management for the network infrastructure services
• Support business continuity planning, failover design, and vendor selection for critical IT services.
• Stay on top of cybersecurity and compliance trends, propose infrastructure improvements, and help assess third-party risk.

Benefits

• 35 paid absence days per year for work-life balance
• Up to 15 unused absence days can be add to income after 12 month of cooperation
• Health insurance
• Depreciation coverage for personal laptop usage for project needs
• Udemy courses of your choice
• English courses with native-speaker
• Regular soft-skills trainings
• Excellence Сenters meetups
• Online/offline team-buildings

Looking for a security-focused DevOps Engineer to join our CEX.IO team.
We are seeking a DevSecOps professional with a strong security focus to implement security best practices across the SDLC, collaborate with DevOps and IT teams, support audit preparation, and help maintain a balance between security and usability in internal policies.

Requirements

• 2+ years of practical experience in information security as DevSecOps, SecOps, DevOps, or SRE.
• Proven experience in implementing security best practices at every stage of the SDLC.
• Hands-on experience with vulnerability scanning and prevention.
• Strong knowledge of cloud providers: AWS, GCP, Azure.
• Experience with CI/CD tools: GitLab CI, GitHub Actions, Jenkins.
• Knowledge of containerization and orchestration tools: Docker, Kubernetes.
• Knowledge of Infrastructure as Code (IaC) and configuration management Tools, including Terraform and Ansible.
• Participation in projects to prepare infrastructure for compliance with international and industry standards (PCI DSS, ISO 27001, NIST, CIS, SOC2, OWASP, MICA, DORA)

Responsibilities

• Investigate and implement security best practices at every stage of the SDLC (SAST/DAST, image scanning, infrastructure hardening, WAF, secrets management, IAM, data protection, etc.).
• Perform tasks and controls required by compliance standards (PCI DSS, MICA, DORA, etc.).
• Manage vulnerabilities by identifying, assessing, prioritizing, and remediating risks.
• Collaborate with the IT Security department to prepare for and pass audits.
• Monitor CVE reports and security events.
• Work closely with internal teams to achieve a balance between security, flexibility, and cost.
• Participate in information security incident investigations.

Would be a plus

• Higher education in Computer Science
• Experience in fintech or crypto domains
• Hands-on penetration testing experience
• Practical experience administering network infrastructure, databases, and on-prem systems
• Security and relevant certifications

We are seeking a Senior Information Security Consultant / IT Audit Manager to join our TechMagic team. You will work on a diverse portfolio of clients, providing expert guidance on their security and compliance journeys. This is a full-time, remote position, and we are looking for a highly skilled professional with a strong background in GRC and IT audit.

Must have

• Experience: 4–7+ years in GRC, IT audit, or compliance, with a proven track record of successfully completing at least two end-to-end ISO 27001 and/or SOC 2 programs.
• Primary Stack: Deep expertise in ISO/IEC 27001:2022, SOC 2, NIST CSF 2.0, and OWASP ASVS/SAMM/DSOMM.
• Cloud & Compliance: Strong knowledge of cloud security best practices on AWS/Azure/GCP and a solid understanding of HITRUST, GDPR, and HIPAA.
• Tools: Hands-on experience with GRC platforms like Drata, Vanta, or Secureframe.
• English: Upper-Intermediate or Advanced level proficiency.

Will be a plus

• Certifications: ISO 27001 Lead Implementer/Lead Auditor, CISSP, CISM, or CISA.
• Regulatory Knowledge: Familiarity with Microsoft SSPA/DPR and NIS2/DORA.
• Security Operations: Exposure to SIEM/SOC (e.g., Microsoft Sentinel).
• Domain Experience: Prior experience in the fintech or healthcare industries.

Responsibilities

• Lead GRC Engagements: You will manage end-to-end ISO 27001, SOC 2, and HITRUST readiness projects. This includes everything from gap assessments and risk analysis to coaching clients on implementation and providing support during external audits.
• Act as a vCISO: Serve as a fractional vCISO for our clients, taking ownership of their security roadmaps, risk registers, security awareness programs, and reporting to executive leadership and boards.
• Implement and Manage ISMS: Build and maintain Information Security Management Systems (ISMS), handling all aspects from policy lifecycle management and internal audits to continual improvement.
• Drive Risk Management: Conduct enterprise risk assessments and facilitate threat modeling to proactively identify and mitigate security risks.
• Consult on Core Security Practices: Advise clients on key security practices, including secure SDLC, change management, incident response, and business continuity planning, with a focus on cloud security in AWS, Azure, and GCP.

Work Schedule

Full-time working day in our Lviv or Kyiv office, (flexible hours) or full-time remote

Interview Stages

• 1st stage - call with Recruiter
• 2nd stage - Technical interview

Our Benefits

• Opportunity to improve your skills in stong technical team
• Work from anywhere (fully remotely or in our office) 
• Paid vacations and sick leaves, additional days off, relocation bonus;
• Wellness: Medical insurance/sports compensation/ health check-up+flu vaccination at your choice
• Education: regular tech talks, educational courses, paid certifications, English classes;
• Fun: own football team, budget for team lunches, branded gifts
• One of the best IT employers in Lviv based on DOU rating.

Who We’re Looking For You’re an accomplished IT Audit leader with a passion for cybersecurity, a sharp strategic mind, and the ability to inspire and guide a high-performing team. You're proactive, detail-oriented, and thrive in environments that challenge you to lead, build, and innovate. Your Strengths: • Deep understanding of assurance and cybersecurity frameworks (PCI DSS, SOC, HITRUST, ISO 27001, etc.) • Proven leadership and mentoring ability • Strategic thinker with hands-on problem-solving skills • Strong client engagement and relationship-building experience • A self-starter who thrives in a collaborative, remote-first environment Key Responsibilities Strategic Leadership • Drive the vision and delivery of assurance services across diverse projects • Inspire and mentor a team of cybersecurity and IT audit professionals • Foster a culture of quality, collaboration, and innovation Client Engagement • Develop deep knowledge of client industries and needs • Build long-term client relationships and deliver tailored, high-impact solutions • Lead high-profile engagements and serve as a trusted advisor Service Delivery Excellence • Oversee high-quality delivery of assessments and consulting services • Lead assurance engagements across standards like PCI DSS, SOC 2, ISO 27001, NIST, GDPR, and CCPA • Ensure alignment with client goals, timelines, and compliance obligations Training & Compliance • Stay current on evolving regulations and industry trends • Design and lead internal training initiatives to enhance team capabilities What You Bring • Education: Bachelor’s or Master’s degree in Computer Science, Business, Accounting, or related field • Certifications (preferred): CISSP, CISA, CISM, PCI QSA, ISO 27001 Lead Auditor • Experience: Minimum 10 years in IT audit, cybersecurity, or assurance, including leadership in professional services • Skills: o Outstanding written and verbal communication o Strong technical acumen in cybersecurity and IT audit o Ability to manage multiple projects in a fast-paced, high-growth environment o Confidentiality, professionalism, and common sense in all matters

As a Security Engineer, you will own end-to-end security across multiple enterprise and mid-market cloud projects. Your initial mission is to embed automated controls and best practices into every AWS- and Azure-based delivery, shifting the organisation from reactive fixes to a proactive security posture. Reporting directly to the Director of Engineering, Cloud, you will partner daily with Technology, Cloud, Engineering and Account-Management teams and act as a client-facing security authority - able to brief both technical staff and C-level executives.

Your Responsibilities

• Design, implement and enforce comprehensive Secure SDLC processes, integrating automated security controls, threat modeling, secure coding standards, and continuous security testing throughout the entire development lifecycle.
• Develop, document and enforce security policies in our Confluence-based knowledge base and project DMS.
• Harden multi-account AWS and Azure estates (EC2, S3, IAM, VPC, CloudTrail, CloudFront; Virtual Machines, Storage Accounts, Key Vault, NSG, Policy, Monitor).
• Deploy and tune SIEM/log-management platforms (Splunk, ELK, Microsoft Sentinel); craft queries and dashboards that surface actionable threats.
• Run scheduled and continuous vulnerability scans (Qualys, Rapid7, Defender), interpret results and drive remediation with Engineering.
• Configure and manage security edge controls—firewalls, WAFs (Akamai, AWS/Azure WAF) and IDS/IPS—tailored to each client’s risk profile.
• Integrate SCA (Trivy, Grype, Snyk) and DAST (OWASP ZAP) tooling into build pipelines; champion secure-by-design coding practices.
• Lead security architecture reviews and threat-model sessions with cross-functional, multi-country delivery teams.
• Present findings, roadmaps and risk mitigation strategies directly to enterprise clients, translating technical issues into clear business impact.
• Continuously evaluate emerging threats, Zero-Trust patterns and supply-chain risks; recommend tooling and process improvements that keep us ahead of third-party scans.
• Application Security Reviews: Conduct security assessments of applications, APIs, and services to identify misconfigurations, design flaws, and vulnerabilities.
• Secure API Integrations: Validate that connections to external and internal APIs are implemented securely (authentication, authorization, rate limiting, data validation, etc.).
• Code & Dependency Security: Review application code, libraries, and dependencies to ensure secure coding practices, remediation of vulnerabilities, and alignment with security standards.

Requirements

• 7 + years of hands-on security engineering in cloud-native, agile environments.
• Expert knowledge of core AWS and Azure services and how to secure them at scale.
• Proven SIEM experience—log ingestion, correlation rule creation and dashboarding.
• Deep understanding of vulnerability management tools and remediation cycles.
• Practical experience with WAF/IDS/IPS configuration, network protocols (TCP/IP, DNS, HTTP) and Zero-Trust/IAM best practices (AD, Azure AD, Okta).
• Comfort operating as a solo security function: you set the standards, choose the tools (budget approved) and drive adoption company-wide.
• Consultative mindset with excellent written and verbal English; able to brief board-level stakeholders and guide client teams through complex security topics.

Will be a plus

• Container and Kubernetes hardening, DevSecOps pipeline design, CNAPP familiarity, compliance frameworks (SOC 2, ISO 27001, PCI DSS) and industry certifications (CISSP, AWS Security Specialty, Azure Security Engineer Associate, CKS).

Benefits

• Experience working with US clients
• Competitive compensation depending on experience and skills
• Unlimited, paid time off and vacation
• Budget for certifications and IT conferences
• Friendly team to work with around the world
• Be a team player in an agile software development environment focused on collaboration and continuous integration

We are seeking a highly skilled DevSecOps Engineer with expertise in integrating security practices into DevOps pipelines and cloud-native environments. You will be responsible for building secure, automated CI/CD processes, implementing security controls, and ensuring compliance across infrastructure and applications. The ideal candidate has a strong background in DevOps, cloud platforms, and security engineering, with hands-on experience in securing large-scale, distributed systems.

Details:
Location: Remote in EU
Employment Type: Full-Time, B2B Contract
Start Date: ASAP
Language Requirements: Fluent English

Key Responsibilities

• Design and implement security automation in CI/CD pipelines for applications and infrastructure.
• Integrate static (SAST), dynamic (DAST), and dependency (SCA) security scanning tools.
• Collaborate with DevOps and engineering teams to ensure security best practices are embedded from design to deployment.
• Manage secrets, IAM, and encryption policies across cloud environments (AWS, Azure, GCP).
• Define and enforce compliance standards (ISO, SOC2, GDPR, HIPAA).
• Build monitoring and alerting systems for threat detection and vulnerability management.
• Implement container and Kubernetes security (runtime protection, image scanning, RBAC).
• Support penetration testing and incident response processes.
• Conduct security training and awareness for developers and operations teams.

Requirements

• 5+ years of experience in DevOps or Security Engineering, with at least 2+ years in DevSecOps.
• Strong knowledge of CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps).
• Hands-on expertise with security tools (SonarQube, Snyk, Checkmarx, Aqua, Prisma, Twistlock).
• Solid understanding of cloud platforms (AWS, Azure, GCP) and their security services.
• Experience with infrastructure-as-code (Terraform, CloudFormation, Ansible) and policy-as-code (OPA, Sentinel).
• Knowledge of containerization and orchestration security (Docker, Kubernetes).
• Familiarity with monitoring and logging tools (ELK, Prometheus, Grafana).
• Strong scripting/programming skills (Python, Bash, Go).
• Excellent problem-solving and communication skills.

Nice to Have

• Security certifications (CISSP, CISM, OSCP, CCSP, AWS/Azure/GCP Security).
• Experience with zero-trust architectures and microsegmentation.
• Familiarity with service mesh security (Istio, Linkerd).
• Knowledge of SIEM/SOAR platforms (Splunk, QRadar, Sentinel).
• Background in regulated industries (finance, healthcare, telecom).
• Contributions to security open-source projects or DevSecOps communities.

We are seeking a highly skilled SCADA / OT Security Engineer with strong expertise in securing industrial control systems (ICS), supervisory control and data acquisition (SCADA) environments, and operational technology (OT) networks. You will be responsible for assessing, designing, and implementing security solutions that protect critical infrastructure from cyber threats, ensuring compliance, resilience, and operational continuity. The ideal candidate has hands-on experience with ICS protocols, OT environments, and modern cybersecurity practices.

Details:
Location: Remote in EU (occasional onsite at client facilities)
Employment Type: Full-Time, B2B Contract
Start Date: ASAP
Language Requirements: Fluent English

Key Responsibilities

Assess and secure SCADA/ICS/OT systems, networks, and protocols.

Design and implement security controls tailored for industrial environments.

Conduct risk assessments, vulnerability management, and incident response in OT contexts.

Collaborate with engineering and operations teams to integrate security without impacting system availability.

Develop and enforce OT cybersecurity policies, standards, and procedures.

Monitor OT systems for anomalies, threats, and unauthorized access attempts.

Support compliance with NERC CIP, IEC 62443, ISO 27001, and industry-specific standards.

Integrate OT security with IT security monitoring (SOC, SIEM, SOAR).

Conduct security awareness and training for OT/ICS operators.

Requirements

5+ years of experience in cybersecurity with at least 3+ years in OT/SCADA/ICS environments.

Strong knowledge of ICS/OT protocols (Modbus, DNP3, OPC, Profibus, etc.).

Hands-on experience with firewalls, IDS/IPS, and network segmentation in OT environments.

Familiarity with SCADA platforms (Siemens, Schneider Electric, ABB, Honeywell, Rockwell).

Strong understanding of OT threat landscapes, attack vectors, and defense strategies.

Knowledge of risk assessment frameworks and regulatory standards (IEC 62443, NIST CSF, NERC CIP).

Experience with SIEM/SOC tools for OT environments.

Strong problem-solving skills with the ability to work in mission-critical industrial setups.

Excellent communication skills to interface with both IT security and OT operations teams.

Nice to Have

Security certifications (GICSP, GRID, CISSP, CISM, ISA/IEC 62443).

Experience with penetration testing and red teaming in OT environments.

Familiarity with cloud-based monitoring for OT/ICS.

Knowledge of IIoT (Industrial Internet of Things) security.

Industry background in energy, utilities, oil & gas, manufacturing, or transportation.

Contributions to OT cybersecurity communities or research.

💼 MISSION STATEMENT

We’re not just posting—we’re shaping narrative. As our Social & Reputation Commander, you’ll own the brand battlefield: crafting content, controlling perception, and driving reach across Twitter, LinkedIn, Telegram, and beyond.

🎯 CRITICAL OBJECTIVE

Make our voice unavoidable. Build presence, grow audience, and keep reputation bulletproof—even when competitors aim to kill it.

🧠 THE UNORTHODOX ATHLETE WE NEED

You’re not a “social media manager.” You’re a content sniper and reputation fighter who thrives on virality, speed, and narrative control.

🏆 WHAT YOU’LL ACCOMPLISH

• Build social presence from zero to industry dominance.
• Handle ORM with precision: bury threats, amplify wins.
• Create viral loops and content ecosystems.

❌ THE ANTI-RESUME

We don’t care about marketing degrees. We care about content that bends the conversation in our favor.

🚀 OUR STANDARD

This isn’t scheduled posts—it’s narrative warfare.

🔥 THE KEEPER TEST

We’ll fight to keep you if you dominate channels and shape perception.

⚠️ IMPORTANT NOTE

If you’re scared of pressure, don’t apply. If you want to weaponize voice and reputation, step up.

Cloudfresh ⛅️ is a Global Google Cloud Premier Partner, Zendesk Premier Partner, Asana Solutions Partner, GitLab Select Partner, Hubspot Platinum Partner, Okta Activate Partner, and Microsoft Partner.

Since 2017, we’ve been specializing in the implementation, migration, integration, audit, administration, support, and training for top-tier cloud solutions. Our products focus on cutting-edge cloud computing, advanced location and mapping, seamless collaboration from anywhere, unparalleled customer service, and innovative DevSecOps.

We’re looking for a Google Cloud Security Engineer to harden client environments across GCP. You’ll implement and help design security controls, automate guardrails, improve detection & response, and guide stakeholders through pragmatic, risk-based decisions across EMEA.

Requirements:

• 2+ years proven, hands-on experience in a Security Engineer, SecOps (or similar) role building and operating cloud security controls (GCP).
• Strong knowledge of Google Cloud architecture and native security services: Cloud IAM (least privilege, Conditions), Organization Policies, VPC / Private Service Connect, VPC Service Controls, Cloud Armor (WAF/DDoS), Security Command Center (SCC), Cloud KMS/CMEK/HSM, Secret Manager, IAP/BeyondCorp Enterprise (Context-Aware Access), Cloud Logging/Monitoring and GKE security.
• Technical certifications related to Cloud Solutions are an advantage (Google Professional Cloud Security Engineer, Professional Cloud Architect; CISSP/CCSP/ISO 27001 LI/LA a plus).
• Experience executing changes across multiple clients/verticals in EMEA/CEE with sound change control (CABs), documentation and participation in incident response/on-call.
• Excellent communication and strategic planning abilities, able to explain trade-offs, influence remediation, and drive adoption of guardrails.
• Proficient with engineering – tooling stacks: Terraform, GitHub/GitLab CI, OPA/Conftest / Policy Controller (Config Sync), Cloud Build/Deploy, Artifact Registry; comfortable with HubSpot and Asana for collaboration with account teams when needed.
• Basic scripting experience (e.g., Python, Bash, or gcloud CLI).
• Strong Plus experience with Cloudflare.
• Fluency in English.

Responsibilities:

• Design, implement, and operate security controls for GCPfor SMB & Enterprise clients across EMEA & CEE.
• Perform security audits for GCP and Google Workspace environments.
• Implement key features: Org Policies, IAM Conditions, break-glass flows, VPC design (private subnets, Cloud NAT), Private Service Connect, VPC Service Controls perimeters, Cloud Armor (WAF/MPA, rate limiting, geo/IP policies), IAP/BeyondCorp with Context-Aware Access, KMS/CMEK/HSM, Secret Manager, Confidential/Shielded VMs, Cloud IDS.
• Configure and monitor Security Command Center, audit logs, and threat protection
• Harden GKE & Workloads: private clusters, Workload Identity, Binary Authorization, Pod Security standards, NetworkPolicy, image scanning/provenance, OS patching via OS Config/VM Manager.
• Automate guardrails: Reusable Terraform modules, gated CI checks (OPA/Conftest/Policy Controller), drift detection and safe automated remediation; codify SCC mute rules and Cloud Armor policies.
• Establish logging, detection & IR: Standardize Cloud Audit Logs and Log Router sinks to CMEK log buckets; integrate to Chronicle SIEM; tune SCC (ETD/CTD/VM TD), build IR runbooks, triage incidents, and continuously improve MTTR.
• Assist clients with implementation of 2FA, DLP, and compliance controls.
• Generate security assessment reports and provide actionable recommendations.
• Collaborate with DevOps and infrastructure teams to fix vulnerabilities.
• Collaborate with ISSM: Work on maintaining ISO 27001 Security standards, performing annual networking tests.
• Continuously assess the landscape: track new GCP features (e.g., Assured Workloads, Confidential Space, reCAPTCHA Enterprise) and update baselines to improve posture, reliability, and cost efficiency.

Would be a plus:

• Experience with multi-cloud or hybrid environments
• Familiarity with Google Workspace Enterprise security features
• Basic knowledge of SIEM or zero trust architectures

Work conditions:

• Competitive Salary & Transparent Motivation: Receive a competitive base salary with performance-based bonuses, providing clear financial rewards for your success.
• Flexible Work Format: Work remotely with flexible hours, allowing you to balance your professional and personal life efficiently.
• Training with Leading Cloud Products: Access in-depth training on cutting-edge cloud solutions, enhancing your expertise and equipping you with the tools to succeed in an ever-evolving industry.
• International Collaboration: Work alongside A-players and seasoned professionals in the cloud industry. Expand your expertise by engaging with international markets across the EMEA and CEE regions.
• Vibrant Team Environment: Be part of an innovative, dynamic team that fosters both personal and professional growth, creating opportunities for you to advance in your career.
• When applying to this position, you consent to the processing of your personal data by CLOUDFRESH for the purposes necessary to conduct the recruitment process, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).
• Additionally, you agree that CLOUDFRESH may process your personal data for future recruitment processes.

PrivatBank is the largest bank in Ukraine and one of the most innovative banks around the world. It holds a leading position for all the financial indicators in the area and comprises about a quarter of the whole banking system of our country.

We are looking for an Application Security Engineer. We are searching for the person who seeks to work in a dynamic environment and shares the values of initiative, openness and mutual trust.

We are striving to find a goal-oriented and multitask professional who would be focused on making good results and high quality.

Requirements:

• At least 3 years of experience in application security or related fields such as penetration testing and security architecture
• Proficiency in using security scanners such as SAST, DAST, SCA, Secret Detection, and Container scanning
• Experience integrating security scanners in CI/CD pipelines using Jenkins for GitLab
• Certifications such as CEH, OSCP, CSSLP, AWS Certified Security Specialty, etc. is preferred
• Background in software development, including roles such as Developer, Business Analyst, Architect, DevOps, etc
• Knowledge of Secure Software Development Life Cycle (S-SDLC) and frameworks like OWASP SAMM, BSIM, and Microsoft SDL
• Familiarity with the software development process and stages
• Basic understanding of software code
• Knowledge of key infrastructure components like databases, queues, application servers, load balancers, NoSQL, etc
• Understanding of major types of vulnerabilities
• Understanding of software architecture
• Knowledge of network protocols such as DNS, HTTP/S, SMTP, SSH, and FTP
• Ability to independently research information and solve complex problems
• Critical thinking skills

Responsibilities:

• Conduct security audits using the OWASP SAMM framework to assess current practices, identify gaps, and evaluate compliance levels within the organization
• Develop and implement strategic plans aimed at enhancing security maturity levels throughout the organization, with gradual improvements
• Application security governance and metrics
• Collaborate with various team members, including developers and top management, to advocate and implement application security best practices
• Improve our application security management platform
• Manage security architecture, focusing on integrating security at every stage of the software development lifecycle
• Integrate and oversee security automation tools to enhance security processes and reduce manual error
• Oversee security testing across various stages of software development to identify and mitigate potential security vulnerabilities
• Engage in threat modeling activities to predict and neutralize potential security threats before they impact the system
• Ensure compliance with relevant industry standards and regulations by regularly updating security policies and standards
• Track and manage software defects to ensure timely resolution of security-related issues
• Develop and conduct training and awareness programs to enhance security knowledge and practices across the organization
• Spearhead the secure integration of CI/CD practices into software development processes to ensure continuous security
• Use cloud services for application security

We offer:

• Work in the largest and most innovative bank of Ukraine
• Official employment and 24 calendar days of vacation
• Sick leave compensation
• Medical Insurance
• Competitive salary
• Bonuses, premium according to company policy
• Corporate training
• Modern comfortable office
• Interesting projects, ambitious tasks and dynamic growth
• Corporate financial assistance in critical situations
• A friendly professional and strong team
• Possibility of remote work format

PrivatBank is open to support and employ veterans and people with disabilities.

We believe that discrimination due to health conditions, physical abilities, age, race and ethnicity, gender or marital status is unacceptable.

We are ready to train veterans and candidates with disabilities without banking experience.