Jobs Security

PIN-UP Global is an international holding specializing in the development and implementation of advanced technologies, B2B solutions and innovative products. We provide certification and licensing of our products, providing customers and partners of the holding with high-quality and reliable solutions.

We are looking for a Security Officer to join our team!

Requirements:

- Higher education in Law or Economics;

- At least 3 years of experience in HR/internal and economic security within private enterprises;

- Proven experience in background checks of individuals and legal entities;

- Previous experience in law enforcement is a strong advantage;

- Knowledge of security systems and protocols;

- Experience collaborating with polygraph specialists;

- Strong experience working with databases;

- Proficient PC user;

- Ukrainian or Russian language C1 and above;

- Fluent English, including spoken communication;

- Willingness to travel abroad to ensure security at exhibitions and conferences.

Responsibilities:

- Conduct regular risk assessments to identify vulnerabilities and threats affecting the holding’s assets;

- Respond promptly to security-related incidents, including investigation and corrective measures;

- Prepare security status reports, analyze incidents, and develop recommendations for improvement;

- Collaborate with other departments to integrate security considerations into business processes;

- Ensure protection of personal data (GDPR compliance) and trade secrets;

- Conduct background checks during recruitment and support exit processes;

- Organize security measures during corporate events, exhibitions, and conferences.

Benefits:
☘️ An exciting and challenging job in a fast-growing holding, the opportunity to be part of a multicultural team of top professionals in Development, Architecture, Management, Operations, Marketing, Legal, Finance and more;
🤝🏻 Great working atmosphere with passionate experts and leaders, sharing a friendly culture and a success-driven mindset is guaranteed;
📍 Beautiful offices in Warsaw, Limassol, Kyiv, Almaty, Yerevan work remotely or on-site with comfort and enjoy the opportunity to build a network of connections with professionals day by day;
🧑🏻‍💻 Modern corporate equipment based on macOS or Windows and additional equipment are provided;
🏖 Paid vacations, sick leave, personal events days, days off;
👨🏻‍⚕️ Corporate health insurance program for your well-being;
💵 Referral program enjoy cooperation with your colleagues and get the bonus;
📚 Educational programs: regular internal training sessions, compensation for external education, attendance of specialized global conferences;
🎯 Rewards program for mentoring and coaching colleagues;
🗣 Free internal English courses;
🧘 Yoga classes to help you stay active and energized;
🦄 Multiple internal activities: online platform for employees with quests, gamification, presents and news, PIN-UP clubs for movie and book lovers, board games cozy evenings, special office days dedicated to holidays;
🎳 Company events, team buildings.

Responsibilities:

• Conduct regular analysis of affiliate traffic to identify fraud across CPA, Hybrid, RevShare, and Fixed models using both internal and third-party analytics tools.
• Analyze user behavior (FTD, retention, unusual patterns) to detect suspicious or incentivized traffic schemes.
• Prepare and update affiliate offer terms and Insertion Orders (IO) with clear anti-fraud conditions.
• Perform pre-checks of new affiliates and deal terms before campaign activation.
• Approve or reject affiliate payouts based on traffic quality evaluation (final compliance check before payment execution).
• Collaborate with affiliate managers to explain payout rejections and clarify reasons for non-payment.
• Suggest improvements to anti-fraud processes and contribute to the development of internal fraud prevention policies.
  
   

Requirements:

• Minimum 1 year of experience in iGaming or Betting as an Affiliate Analyst, Traffic Analyst, or Anti-Fraud Specialist.
• Solid understanding of CPA, Hybrid, and RevShare models and the fraud risks associated with each.
• Proficiency in traffic analysis using tools like Google Sheets and Power BI (user-level).
• Knowledge of common fraudulent patterns such as multi-accounting, bonus abuse, incentivized traffic, and geolocation manipulation.
• Experience in drafting clear and contract-compliant IO (Insertion Order) terms for affiliates.
• Strong attention to detail, high level of accountability, and ability to work with large datasets effectively.
• English B1
  
   

Hard Skills:

• Experience working with affiliate tracking platforms
• Knowledge of CPA, Hybrid, and RevShare models, including payout logic and traffic evaluation
• Proficient in Excel / Google Sheets: formulas, pivot tables, data filtering
• Basic experience with BI tools such as Power BI, Tableau, Looker (a plus)
• Understanding of tracking mechanics: link structure, SubID, S2S postbacks, tracking pixels
• Familiarity with common types of affiliate fraud: incentivized traffic, multi-accounting, bonus abuse, cloaking, proxy/VPN usage
• Experience drafting and reviewing Insertion Order (IO) terms and affiliate agreements
• Ability to analyze traffic anomalies using key metrics such as CR, EPC, Retention, LTV, and ROI
  
   

Soft Skills:

• Strong attention to detail
• Analytical and critical thinking skills
• Ability to clearly argue decisions, including payout rejections
• Flexible and diplomatic communication style
• High sense of responsibility and reliability when handling data and deadlines
• Comfortable working in cross-functional teams (finance, affiliate, legal)
• High ethical standards and respect for confidentiality
• Proactive mindset with a drive to identify issues and suggest improvements
  
   

What do we offer?

1. Remote work.
2. Flexible working hours.
3. Competitive salary paid on time.
4. Friendly and proactive team.
5. No bureaucracy, unnecessary reports, or calls.
6. 20 days of paid leave, 5 sick leave and holidays are days off.

Job Description

We are seeking a seasoned Security Architect & Offensive Specialist to serve as the technical anchor for our Product Security program. This is a high-visibility role for a "security-first" engineer who can navigate a whiteboard session on threat modeling just as comfortably as they can exploit a logic flaw in an API or automate a security gate in a CI/CD pipeline.

Job requirements:

Technical Experience & Expertise

• Offensive Security Mastery: Extensive experience in manual Penetration Testing focusing on Web Applications, APIs, and Cloud environments.
• Security Architecture: Proven ability to conduct deep-dive Security Architecture Reviews and enforce secure design patterns across complex systems.
• Threat Modeling: Hands-on experience leading threat modeling sessions using industry-standard frameworks such as STRIDE or PASTA.
• Vulnerability Management: Expertise in validating, triaging, and prioritizing vulnerabilities from external bug bounty programs or third-party vendors.
• AI/ML Security: Emerging expertise in securing Large Language Models (LLMs), including implementing AI Guardrails and defending against prompt injection and data leakage.

DevSecOps & Automation:

• CI/CD Integration: Demonstrated experience embedding security "gates" and automated scanners directly into DevOps pipelines.
• Application Security Tooling: Deep technical proficiency with the following categories:
• SAST: (e.g., Checkmarx, SonarQube)
• SCA: (e.g., Snyk, Black Duck)
• DAST: (e.g., Burp Suite Enterprise, OWASP ZAP)
• Automation: Ability to automate security workflows and "blocking" mechanisms for critical-severity issues to ensure high developer adoption.

Preferred Qualifications

• Relevant certifications such as OSCP (Offensive Security Certified Professional), CISSP-ISSAP, or specialized Cloud Security certifications (AWS/Azure/GCP).
• Experience securing Machine Learning (ML) pipelines.

Job Responsibilities

Core Responsibilities:

1. Architecture & Threat Modeling

• Lead Threat Modeling sessions (STRIDE/PASTA) for critical features early in the design phase.
• Conduct Security Architecture Reviews to identify logical flaws and enforce secure design patterns.

2. Penetration Testing (Offensive Security):

• Perform deep-dive manual Penetration Testing (Web, API, Cloud) to validate critical vulnerabilities
• Manage external bug bounties or pen-test vendors and validate their findings.

3. DevSecOps & Tooling (SAST, DAST, SCA):

• Pipeline Integration: Embed and tune security scanners into the CI/CD pipeline to minimize noise and maximize developer adoption.
• SAST: (e.g., Checkmarx, SonarQube) for code analysis.
• SCA: (e.g., Snyk, Black Duck) for open-source dependency management.
• DAST: (e.g., Burp Suite Ent, OWASP ZAP) for runtime testing.
• Automate "blocking" gates for critical severity issues.

4. AI Security & Guardrails (Strategic Growth):

• Research and implement AI Guardrails to secure LLM usage (preventing prompt injection, PII leakage)
• Collaborate with data teams to secure the ML pipeline and define AI usage policies.

Department/Project Description

We’re building a platform of cutting-edge Generative AI services that automate the boring parts of software development—from test generation to infra setup. We’re hiring a highly technical AQA who lives in code, understands cloud-native stacks (Azure, GCP, Kubernetes, Terraform), and enjoys transforming complex real-world scenarios into reliable automated checks. You’ll validate that our platform truly covers real customer workflows, highlight gaps, and drive improvements.

Job Description

We are seeking a highly skilled Security Architect to lead and drive our on-premises business engagements. This is a customer-facing, hands-on technical role responsible for designing, deploying, and supporting enterprise-scale solutions in complex customer environments. You will serve as the trusted technical advisor for customers, bridging Customer Success, R&D, and Product Management, and acting as the voice of the customer within the organization.
You will help customers architect secure, scalable, and high-performing deployments, oversee complex upgrades, and ensure the overall success of on-premises implementations.

Key Responsibilities

• Serve as the primary technical point of contact for on-premises deployments and upgrades.
• Engage directly with customers to understand their infrastructure, security requirements, and business objectives.
• Architect and design on-premises deployments aligned with customer needs, best practices, and security principles.
• Drive deployment, integration, and optimization of platforms in customer environments.
• Perform and oversee complex upgrades, migrations, and architecture transformations.
• Act as the escalation point for on-premises technical and deployment challenges.
• Collaborate with R&D, Product, and Support teams to drive continuous improvement and provide structured customer feedback.
• Provide technical guidance and mentorship to Professional Services and support engineers.
• Support proof-of-concept activities, architectural review, and security validation with customers.
• Participate in post-deployment reviews to ensure reliability, performance, and compliance with best practices.
• Represent the voice of the customer to internal teams, influencing roadmap and product decisions.
• Develop and maintain documentation, reference architectures, and deployment methodologies for on-premises environments.

Job Responsibilities

Required Qualifications

• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or related technical field.
• 7+ years of experience in cybersecurity, infrastructure, or solution architecture roles.
• Strong expertise in on-premises deployments, including servers, storage, virtualization, and networking.
• Deep understanding of security architectures, endpoint protection, and defense-in-depth concepts.
• Hands-on experience with Linux, Windows Server, and enterprise IT ecosystems.
• Proven ability to design and deliver complex, high-availability enterprise deployments.
• Excellent customer-facing communication skills, capable of translating technical solutions into business value.
• Experience working with Professional Services teams and managing customer escalations.
• Strong problem-solving and troubleshooting skills in mission-critical environments.
• Familiarity with agile project delivery and cross-functional collaboration.

Preferred Qualifications

• Master’s degree in Cybersecurity, Computer Science, or Engineering.
• Relevant certifications: CISSP, CSSLP, CCSP, OSCP, CEH, or similar.
• Experience with endpoint detection & response (EDR), SIEM, or threat intelligence platforms.
• Working knowledge of cloud and hybrid architectures.
• Understanding of security compliance frameworks (NIST, ISO 27001, SOC 2, GDPR, etc.).
• Experience with DevOps/CI-CD processes for product deployment and upgrades.
• Scripting or programming familiarity (Python, Bash, PowerShell).
• Demonstrated ability to lead technical workshops, customer briefings, and architecture reviews.

Department/Project Description

The client is a product international company that provides a defence platform that enables development and security teams to protect critical workloads against emerging threats and undiscovered vulnerabilities with a lightweight agent that protects the organisation's public, private and hybrid cloud deployments on-premises data centres managed. In addition, it is an advanced endpoint detection and response platform, which gathers as much information as possible to detect and analyse complex threats while being as non-intrusive as possible, minimising the impact on the network and the endpoint.

• Project Description:

  One of the world's largest providers of products and services to the energy industry has a need to develop, support and integrate software system in Oil & Gas domain.
  You will be a member of a cross functional team.
  Key project stakeholders are open for innovative ideas.
  Project is based on SCRUM methodology.
  This is a great opportunity to work in an international team, apply and learn modern IT technologies

   

• Responsibilities:

  Application Security with strong AI/ML security exposure
  Threat modeling and risk assessment for AI systems, APIs, and cloud-native applications
  Protection against prompt injection, adversarial ML, data poisoning, and model abuse
  Secure SDLC and CI/CD integration, including MLOps pipelines
  Hands-on experience with SAST, DAST, SCA, container scanning, and security automation
  Strong collaboration with development and data science teams

   

• Mandatory Skills Description:

  5+ years in Application Security, with at least 1-2 years focused on AI/ML security
  Strong secure coding and vulnerability management background (OWASP Top 10)
  Experience with cloud platforms (AWS and/or Azure)
  Strong programming skills in Python or Java
  Familiarity with AI platforms such as Amazon Bedrock, SageMaker, or Spark
  Strong communication skills

We are looking for an Information Security Compliance Manager to join our teams!

📌 Requirements

— 5+ years of experience in Information Security, GRC, or Compliance roles within regulated industries (iGaming, fintech, payments, or similar)
— Proven hands-on experience with information security frameworks and standards such as ISO/IEC 27001 and/or PCI DSS
— Practical knowledge of GLI standards and requirements applicable to iGaming platforms and gaming systems
— Strong understanding of regulatory-driven security and compliance environments
— Experience leading and managing a GRC or security compliance team (2–5 specialists), including task prioritization, performance management, and mentoring
— Proven ability to manage security audits, certifications, and interactions with external auditors, testing laboratories, and regulators
— Practical experience with risk management, policy development, and control governance
— Experience working with cloud-based environments and modern technology stacks
— Strong documentation, analytical, and stakeholder communication skills
— Ability to operate independently, take ownership, and scale compliance processes in a fast-paced, multi-jurisdiction environment

⭐ Will be a plus

— Experience working in iGaming B2C or B2B platforms
— Previous participation in AGCO/Ontario, MGA, UKGC licensing projects
— Hands-on experience with GLI-19 / GLI-33 compliance
— Experience implementing or maintaining ISO 27001 ISMS end-to-end
— Certifications: ISO 27001 Lead Implementer / Lead Auditor, CISM, CISA, CRISC, PCI ISA / PCIP
— Experience supporting SOC 2 Type II or PCI DSS assessments
— Knowledge of responsible gambling controls and player protection requirements
— Experience building documentation frameworks (Confluence, data flows, diagrams)
— Familiarity with Jira workflows for compliance, audits, and evidence tracking
— Understanding of DevSecOps and security testing practices

💭 Soft Skills

— Strong communication skills with both technical and non-technical stakeholders
— Ability to translate regulatory and legal requirements into clear technical tasks
— High level of ownership, structure, and attention to detail
— Strong analytical and documentation skills
— Ability to manage multiple concurrent audits and compliance initiatives
— Proactive problem-solving mindset and ability to challenge assumptions
— Ability to work cross-functionally with Product, Engineering, DevOps, Security, and Legal
— Resilience and ability to work in a fast-paced, high-growth environment
— Excellent English, written and spoken

📌 Responsibilities

— Own and manage information security compliance across the iGaming business, including ISO/IEC 27001, PCI DSS, and applicable GLI standards
— Define, maintain, and continuously improve the GRC framework, including security policies, risk management processes, and control governance
— Lead and coordinate information security audits, certifications, and regulatory or laboratory assessments
— Manage and develop a small Security Compliance team, ensuring effective delivery of compliance and audit activities
— Oversee third-party and vendor security compliance, including payment providers, game providers, and technology partners
— Ensure security and compliance requirements are embedded into products, platforms, and operational processes
— Oversee security incident handling from a compliance, audit, and regulatory reporting perspective

• Project Description:

  One of the world's largest providers of products and services to the energy industry has a need to develop, support and integrate software system in Oil & Gas domain.
  You will be a member of a cross functional team.
  Key project stakeholders are open for innovative ideas.
  Project is based on SCRUM methodology.
  This is a great opportunity to work in an international team, apply and learn modern IT technologies

• Responsibilities:

  Quickly learn new technologies and improve proficiency
  Follow up with Developer on open vulnerabilities
  Share reports of open, closed vulnerabilities
  Develop unique, effective security strategies for software systems, networks, and cloud provider
  Safeguards information system assets by
  identifying and solving potential and actual security problems
  Maintain quality service by following
  organization standards
  Contribute to team effort by accomplishing
  related results as needed

• Mandatory Skills Description:

  Understanding of definitions related to cyber security: Vulnerability, attack vector, threat , security risk, SAST, DAST, WAF ets
  Understanding of networking, Operating systems (Windows and Linux)
  Basic concepts in programming Ex: Python
  Very good English as team is multinational

• Nice-to-Have Skills Description:

  Willing to have a hacker mindset and methodology
  Familiar with agile methodologies

• Languages:
  • English: B2 Upper Intermediate

RubyPlay is a place where passion meets competence. Since 2017, we’ve made more than 200 innovative games and built more than 100 strong partnerships globally!

Proud to be:

• The Winner at BFTH Arena Awards — Best Online Casino Game
• Shortlisted for SBC Awards 2024 — Casino/Slots Developer of the Year
• A strong player on 10+ markets globally
• Beloved workplace for hundreds of specialists from 34 countries

We are now growing our team and looking for driven professionals ready to build their careers in a strong, international studio with a product that’s making waves worldwide.

We are seeking a talented and experienced Security Engineer to join our growing team. 
As a Security Engineer, you will play a critical role in ensuring the security and integrity of our platform, as well as implementing and maintaining robust security measures to safeguard our systems and data.

Here’s How You’ll Make an Impact:

• Design, implement, and maintain security systems and solutions to protect our platform from different types of threats, exploits and attacks
• Conduct regular security assessments and penetration tests to identify vulnerabilities and weaknesses in our systems, and develop and implement remediation plans
• Monitor and analyze security logs and alerts to identify suspicious activities and security incidents
• Collaborate with various teams, including development, devops, operations and product management to integrate security best practices into the software development lifecycle and ensure that security is considered at every stage of the development process
• Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices, and proactively recommend and implement security improvements and enhancements
• Provide security guidance and support to internal teams and external partners, and assist with security-related inquiries and incidents
• Build up policies and procedures in line with industry standards (including ISO27001, ISMS) and support our compliance team in the various audit processes required for the company’s compliance with a multitude of  regulated markets we operate in

What Makes You A Strong Candidate:

• Bachelor's degree in Computer Science, Information Technology, or a related field
• Solid understanding of information security principles and concepts with a focus on cloud security and DevSecOps practices
• Proven experience in building and executing security testing including penetration testing, vulnerability scanning, ethical hacking on systems running on GCP/AWS/Azure and VMWare
• ISO27001- Lead Implementer Certification
• Hands-on experience with security tools and technologies, including SIEM systems, endpoint security solutions, and encryption technologies
• Very good English level, with the ability to write official security documentation, processes and procedures
• Strong analytical and problem-solving skills, with the ability to analyze complex systems and identify security vulnerabilities and weaknesses
• Excellent communication and interpersonal skills, with the ability to effectively communicate technical concepts to both technical and non-technical audiences
• Relevant industry certifications, such as CISSP (Certified Information Systems Security Professional), CCSP (Certified Cloud Security Professional) and CEH (Certified Ethical Hacker) are a plus

Why You’ll Love It Here:

• Remote-first flexibility — Work from anywhere with a setup for deep focus and work-life balance
• Learning & growth — Development budgets and dedicated days to upskill and explore new areas
• Health & wellness — Medical coverage and well-being budgets to help you feel balanced, strong, and supported
• Yearly bonus — Rewards based on company success and your impact
• Career growth — Vertical and horizontal opportunities to grow and advance
• Global team — Talented, diverse colleagues you’ll enjoy working with

Interested in becoming a RubyPlayer and making a mark in the iGaming world? Join us!

Our Mission and Vision

At Solidgate, our mission is clear: to empower outstanding entrepreneurs to build exceptional internet companies. We exist to fuel the builders — the ones shaping the digital economy — with the financial infrastructure they deserve. To achieve that, we’re on a bold path: to become the #1 payments orchestration platform in the world.

We believe the future of payments is shaped by people who think big, take ownership, and bring curiosity and drive to everything they do. That’s exactly the kind of teammates we want on board.
 

About the Role

Solidgate builds financial infrastructure for fast-growing internet businesses worldwide. Our platform processes millions of payments daily and operates in a highly regulated fintech environment, where security is a fundamental business requirement.

As our company scales, we are strengthening and expanding our Information Security team and are looking for an Information Security Engineer to support and develop our corporate and operational security practices.
 

The mission of this role is to reduce the risk of compromise of corporate accounts, devices, and SaaS systems by:

• maintaining compliance with international security standards
• ensuring controlled and auditable access
• strengthening security awareness across the company
• and supporting effective incident response

This role focuses on corporate security, access management, vulnerability management, and compliance, working closely with engineering, IT, and business teams to ensure Solidgate remains secure, resilient, and audit-ready at all times.
 

What You Will Own

As an Information Security Engineer, you will be responsible for corporate and operational security controls, including:

• Supporting and maintaining ISMS, PIMS, and BCMS frameworks
• Participating in external certifications and audits (PCI DSS, ISO 27001, ISO 27701, ISO 22301, GDPR, DORA)
• Managing access control processes: IAM / SSO / MFA, Joiner—Mover—Leaver processes, regular access reviews and privilege control
• Operating and tuning information security tools, including: vulnerability scanners, IAM and access control systems, anti-phishing tools and security awareness platforms
• Analyzing alerts and findings, including false positives, and driving remediation
• Maintaining and updating asset and information security risk registers
• Supporting incident response activities and post-incident analysis
• Conducting and tracking Disaster Recovery (DRP) and Business Continuity (BCP) tests, ensuring identified gaps are addressed
   

You are a great fit if you have

• 3+ years of experience in Information Security
• Knowledge of at least one security standard: ISO/IEC 27001, SOC 2, or PCI DSS
• Hands-on experience with building and operating an information security management framework, including policies, risk management, and incident response.
• Strong experience with access management (IAM): least privilege principles, RBAC / ABAC, MFA / SSO, Joiner—Mover—Leaver processes and regular access reviews
• Experience configuring and administering security tools such as: IAM solutions, vulnerability scanners, XDR / endpoint protection, anti-phishing and phishing simulation platforms
• Ability to communicate effectively with engineers, IT teams, and external auditors
   

Nice to Have

• Experience participating in or leading external security audits
• Hands-on experience with ISO 22301, ISO 27701, GDPR, or DORA
• Experience automating information security or compliance processes
• Background in security operations or security engineering within a regulated environment
   

Why Join Solidgate?

Build security that protects the business. Own and evolve corporate security controls that safeguard our people, systems, and data at scale.

Your expertise counts. Enjoy real autonomy to improve access management, compliance processes, and operational security tooling.

Room to experiment. Apply modern approaches to security operations, automation, and awareness with strong leadership support.

Impact & visibility. See the results of your work directly in successful audits, reduced risk exposure, and stronger organizational security.

Collaborative environment. Work alongside experienced security professionals, engineers, and stakeholders who value clarity, ownership, and partnership.

The Extras: 30+ days off, unlimited sick leave, free office meals, health coverage, and Apple gear to keep you productive. Courses, conferences, sports and wellness benefits — all designed for ideas, focus, and fun.

Tomorrow’s fintech needs your mindset. Come build it with us.

We are looking for a Senior Backend Engineer with strong DevOps experience to join a modern, large-scale cybersecurity platform. This role focuses on backend architecture, distributed systems, and production infrastructure, with a high level of ownership of critical systems running in cloud environments.

The project is a well-funded, post–Series B cybersecurity product with a strong engineering-driven culture. You will work on complex, production-grade systems, collaborate closely with engineering leadership, and contribute to long-term architectural decisions in a fast-paced startup environment.

Benefits

• Long-term, full-time engagement
• High level of ownership over backend architecture and production systems
• Challenging engineering problems in a cybersecurity domain
• Modern cloud-native stack and distributed systems
• Close collaboration with senior engineers and product leadership
• Opportunity to influence technical direction and system evolution

About the client:

FlexMade is a software development company headquartered in Seattle, USA. We have delivery centers and branch offices in the USA, Germany, Poland, and Ukraine.

We create reliable and scalable software for businesses from North America and Europe. We do it using modern programming technologies and, of course, by hiring highly experienced and qualified personnel.

With over 15 years of experience in the IT market, we have polished the high efficiency of our software development processes. We’re fast and responsive, honest and professional. Besides, we’re a crew of really easy-going people!

Requirements:

• 8+ years of professional software development experience
• Strong backend expertise with Node.js (TypeScript, NestJS) and Python
• Proven experience designing and maintaining distributed systems / microservices architectures
• Strong DevOps experience with production cloud infrastructure
• Deep understanding of scalable systems and backend architecture
• Strong experience with AWS (mandatory)
• Hands-on experience with Kubernetes and containerized environments
• Strong experience with PostgreSQL and data-intensive systems
• Prior startup experience (mandatory)
• Ability to operate independently with high ownership and technical maturity

Responsibilities:

• Design, develop, and maintain backend services using Node.js (TypeScript) and Python
• Lead architectural improvements and major refactoring initiatives across distributed systems
• Own production systems, including monitoring, debugging, and incident response
• Drive improvements in system reliability, performance, and operational excellence
• Work closely with cloud infrastructure and DevOps tooling
• Collaborate with multiple engineering and product teams to deeply understand system workflows
• Design scalable backend architectures with clear trade-off analysis (performance, cost, scalability, maintainability)
• Participate in technical decision-making and long-term architectural planning
• Review code and contribute to raising overall engineering quality and standards
• Nice to Have:
• Experience with Dagster or other data orchestration platforms
• Experience with GCP or Azure in addition to AWS
• Infrastructure-as-Code experience (Terraform or CloudFormation)
• Experience with cloud cost optimization initiatives
• Experience working closely with senior stakeholders or leadership teams

Our Mission and Vision

At Solidgate, our mission is clear: to empower outstanding entrepreneurs to build exceptional internet companies. We exist to fuel the builders — the ones shaping the digital economy — with the financial infrastructure they deserve. To achieve that, we’re on a bold path: to become the #1 payments orchestration platform in the world.
 

About the Role

Solidgate builds financial infrastructure for fast-growing internet businesses worldwide. Our platform processes millions of payments daily and operates in a highly regulated fintech environment, where security is a core product requirement — not an afterthought.
 

Our engineering organization builds and scales a complex cloud-native platform with over 120 microservices. As the company continues to grow, we are strengthening our security organization and introducing a dedicated Application Security Engineer role.
 

The mission of this role is to keep our business and revenue safe by building security into the way we develop software — from early design decisions to CI/CD pipelines and live production systems.
 

This is a hands-on Application Security role focused on embedding security into the software development lifecycle and reducing real product risks.
 

You will work closely with engineering teams to:

• design secure application architectures
• improve secure coding practices
• detect vulnerabilities early in the development lifecycle

• continuously improve application security as part of everyday engineering work

   

You will have a direct impact on how secure software is built across a large microservices ecosystem, influencing standards, tooling, and engineering culture.
 

Explore our technology stack ➡️ here (https://solidgate-tech.github.io/)

 

What You Will Own

As an Application Security Engineer, you will be responsible for application-level security across our fintech platform, including:
 

• Building and maintaining secure coding standards and supporting their adoptionl across development teams
• Conducting threat modeling during architecture and design stages
• Implementing and improving application security testing, including: SAST, DAST, Dependency and secrets scanning, CI/CD security checks
• Performing regular application security assessments and maturity evaluations (OWASP ASVS, OWASP SAMM)
• Managing the full vulnerability lifecycle: triage, prioritization, remediation support, and validation
• Supporting external penetration testing and Bug Bounty programs
• Identifying and mitigating security risks in cloud environments and CI/CD pipelines
   

You are a great fit if you have

• At least 2 years of experience in Application Security or Product Security
• Hands-on experience with OWASP Top 10 vulnerabilities
• Practical experience with: secure code reviews, threat modeling, SAST and DAST tools and their integration into CI/CD pipelines
• Strong understanding of web application and API security
• Ability to communicate clearly with engineers and work as a partner rather than a blocker
   

Nice to Have

• Experience with container security and cloud security tooling
• Familiarity with DevSecOps and shift-left security practices
• Experience automating application security processes
• Background as a software engineer or close collaboration with development teams
  
   

Why Join Solidgate?
 

Build security that matters. Lead initiatives that define how security is embedded into our software development lifecycle across multiple teams and products.

Your expertise counts. Enjoy real autonomy — propose, test, and implement security practices and tooling that directly improve product resilience and reduce risk.

Room to experiment. Apply modern AppSec, automation, and shift-left approaches with full support from engineering and security leadership.

Impact & visibility. See the results of your work directly in more secure products, fewer vulnerabilities, and stronger engineering practices.

Collaborative environment. Work side by side with experienced, curious engineers who treat security as a shared responsibility and value partnership over gatekeeping.

The Extras: 30+ days off, unlimited sick leave, free office meals, health coverage, and Apple gear to keep you productive. Courses, conferences, sports and wellness benefits — all designed for ideas, focus, and fun.
 

Tomorrow’s fintech needs your mindset. Come build it with us.
 

🫂 Know top talent? We’re always on the lookout. Recommend someone for our role, and if they get hired, there’s a bonus waiting for you — simple as that.

Продуктова компанія в пошуках Anti-fraud менеджера, який розуміє спеціфіку роботи в iGaming ніші.

Вимоги:

• Досвід роботи на аналогічній позиції від 0,5 року;
• Знання інструментів моніторингу фінансових операцій та аналітики даних;
• Досвід роботи з SQL, Excel або іншими інструментами аналізу даних буде перевагою;
• Аналітичне мислення, увага до деталей та навички вирішення проблем;
• Уміння працювати з великими обсягами даних та приймати обґрунтовані рішення;
• Англійська мова на рівні Intermediate+ (для роботи з документацією та комунікації).

Обов'язки:

• Моніторинг та аналіз транзакцій для виявлення підозрілих активностей;
• Розслідування випадків фроду та розробка механізмів його запобігання;
• Використання аналітичних інструментів та алгоритмів для виявлення патернів шахрайської діяльності;
• Підготовка звітності та рекомендацій щодо зниження ризиків.
• Вдосконалення автоматизованих систем виявлення фроду;

• Робота з відділом підтримки.

   

Ми пропонуємо:

• Cтабільну конкурентну заробітну плату;
• Можливість працювати у динамічному середовищі;
• Віддалений формат роботи;
• Кар'єрні можливості;
• Оплачувана відпустка та лікарняні.

TemaBit Fozzy Group — команда фанатів технологій, які змінюють користувацький досвід українців.  

TemaBit є частиною Fozzy Group — однієї з найбільших торгово-промислових груп України. Розробками нашої команди щодня користуються 60 000 співробітників Fozzy Group, тисячі партнерів та мільйони гостей «Сільпо», «Фора», Fozzy і «THRASH!ТРАШ!».  

Зараз ми шукаємо M365 Exchange Engineer, який долучиться до підтримки, адміністрування та розвитку поштової інфраструктури компанії на базі Microsoft Exchange (On-prem / Online) та Microsoft 365.
Роль передбачає роботу з корпоративною електронною поштою, участь у забезпеченні стабільності, безпеки та безперебійної доставки поштових сервісів, а також поступове занурення в enterprise-інфраструктуру, інтеграції та best practices Microsoft-екосистеми.

Задачі на посаді:

• Забезпечення стабільної та безпечної роботи сервісів гібридної Exchange-інфраструктури (On-Premise + Exchange Online).
• Адміністрування та підтримка поштових та дотичних сервісів Microsoft 365: управління поштовим трафіком, правилами маршрутизації, anti-spam / anti-phishing політиками та інтеграцією між Exchange, security та archiving-сервісами.
• Адміністрування та підтримка email security-рішень, зокрема Cisco IronPort (Email Security Appliance) та CheckPoint SandBlast (sandboxing): політики, фільтрація, аналіз загроз, оптимізація.
• Підтримка та адміністрування систем email archiving (GFI MailArchiver, ArcTitan): зберігання, пошук, відповідність вимогам комплаєнсу та аудитів.
• Автоматизація операційних задач за допомогою PowerShell (створення скриптів, підтримка, оптимізація процесів).
• Аналіз інцидентів, troubleshooting складних проблем, взаємодія з Microsoft Support та іншими командами.
• Підготовка та актуалізація технічної документації, operational procedures, участь у покращенні сервісних процесів.

Ми очікуємо, що ти маєш:

• 3+ роки релевантного досвіду;
• Глибокі знання Microsoft Exchange Online та Exchange Server (Hybrid): архітектура, транспорт пошти, managed availability, DAG, hybrid configuration.
• Практичний досвід роботи з Microsoft 365: інтеграція сервісів, політики безпеки та відповідності (retention, compliance, audit).
• Сильні навички PowerShell-автоматизації для адміністрування M365 та Exchange.
• Досвід моніторингу та troubleshooting: аналіз логів, message trace, root cause analysis, робота з інцидентами.
• Досвід адміністрування та підтримки Microsoft Teams у середовищі Microsoft 365, зокрема налаштування політик, інтеграції з Exchange Online та вирішення інцидентів.
• Навички створення та підтримки технічної документації, участь у стандартизації та governance процесах.

Буде перевагою:

• Наявність сертифікацій Microsoft за напрямами Microsoft 365 та/або Exchange Server, зокрема:
  • Microsoft Certified: Administrator Expert (MS-102 / раніше MS-100, MS-101)
  • Microsoft 365 Certified: Messaging Administrator Associate (MS-203)
  • Сертифікації по Exchange Server (On-Premise)
• Сертифікації або навчання, пов’язані з хмарними рішеннями Microsoft (Azure / Microsoft 365)
• Підтверджений досвід або сертифікації з гібридних інфраструктур (On-Prem + Cloud)

Ми пропонуємо: 

• Гнучкий формат роботи: працюй з дому або з офісу (з надійним укриттям). 
• Підтримку ФОП / Гіг контракт.  
• Навчання для поглиблення твоєї експертизи у Fozzy Campus — нашому корпоративному університеті з топовими спікерами. 
• Бенефіти, які вибираєш самостійно — у нашому кафетерії кожен обирає свій ідеальний набір (чи то медичне страхування, чи то компенсація спорту). 
• Широчезна колекція приємних пропозицій від бізнесів Fozzy Group та наших партнерів.  
• Консьєрж-сервіс для працівників, який звільняє тебе від побутового клопоту. 

MODUS X — українська ІТ-компанія, команда 700+ досвідчених спеціалістів — розширюємо горизонти можливостей бізнесу, розкриваючи потенціал людей, ідей та технологій. Ми розпочали та продовжуємо супровід цифрової трансформації ДТЕК та вже протягом останніх 18 років проєктуємо, розробляємо та впроваджуємо бізнесові застосунки, комплексні ІТ й кібербезпекові рішення, та data-driven продукти. Нині виділились в окрему компанію, щоби ділитися своїм досвідом та експертизою, залишаючись ІТ-опорою для тих, хто несе світло та сприяє відновленню країни.

Наразі шукаємо Cloud Security Engineer.
 

Навички:

• Практичний досвід роботи хмарними сервісами AWS/Azure/GCP
• Знання принципів функціонування хмарних сервісів захисту (Entra ID, AWS IAM, Azure/AWS Cloud Security (основні бест-практіс по захисту хмарних ресурсів), O365 Security, Microsoft Defender, AWS Config, GuardDuty, Microsoft Intune та інші)
• Практичний досвід створення автоматизацій/скриптів (Powershell, KQL, Azure Function, AWS lambda, Azure Policies, AWS Organization, SCP)
• Розуміння призначення, області застосування, типових сценаріїв використання систем інформаційної безпеки
• Розуміння стандартів і регламентів кібербезпеки в сфері захисту хмарних обчислювань , таких як ISO 27001, NIST, CIS, GDPR тощо

Обов’язки:

• Виконання регулярних аудитів налаштувань та прав доступу в хмарах Azure/AWS та хмарних сервісах, та впровадження заходів щодо їх коригування
• Розробляти скрипти для автоматизації та оптимізації процесів, спрямованих на підвищення ефективності, прискорення виконання завдань і мінімізацію ручної роботи
• Забезпечення впровадження нових технологій безпеки у хмарних сервісах
• Проведення планових аудитів з безпеки хмарних рішень
• Забезпечення захисту корпоративної інформації при доступі з особистих пристроїв.

Ми пропонуємо:

• Офіційне працевлаштування
• Kонкурентний рівень заробітної плати та соціальні гарантії
• Корпоративну програму медичного страхування та програму психологічної підтримки співробітників
• Роботу в інноваційному парку Unit City
• Можливості навчання та професійний розвиток (онлайн курси, аудиторні тренінги, майстер-класи, професійні спільноти)

Ми цінуємо ваш інтерес до MODUS X та готовність приймати виклики. Тут кожен може розкрити свої таланти й зробити внесок у спільний успіх. Ми інвестуємо в розвиток, допомагаємо отримувати нові знання та досягати професійних цілей.
 

Нaша команда уважно розглядає всі заявки, і якщо ваша кандидатура відповідає вимогам вакансії, рекрутер обов’язково зв’яжеться з вами впродовж 2 тижнів.
 

Більше інформації про компанію та наш досвід на офіційній сторінці MODUS X в LinkedIn.
 

Направляючи резюме на цю вакансію, Ви надаєте згоду ТОВ «МОДУС ІКС» на обробку наданих Вами персональних даних згідно Закону України «Про захист персональних даних». Згода надається в тому числі для їх обробки в зовнішніх системах, з метою супроводження процесу найму.

Запрошуємо Senior Malware / Ransomware Engineer приєднатись до нашої команди, яка розробляє передовий продукт у сфері кібербезпеки - захист даних, malware та ransomware detection.

Elastio - це комплексна платформа для захисту та відновлення даних після кібератак. Наш продукт дозволяє виявляти ransomware та інші загрози в хмарних середовищах та аналізувати пошкодження.

Команда складається з інженерів безпеки, розробників, QA, DevOps та дослідників, які працюють над різними компонентами платформи.

Ми шукаємо досвідченого спеціаліста, який стане технічним напарником існуючого malware engineer та допоможе зменшити критичну залежність від однієї людини, а також розвивати нові напрямки досліджень.
 

Ваші задачі на проєкті:

• Аналіз та дослідження ransomware
  • пошук та дослідження нових ransomware-сімейств;
  • запуск та детонація зразків у контрольованих тестових середовищах;
  • перевірка ефективності існуючих механізмів детекції та виявлення прогалин.
• Покращення detection engine
  • розробка та підтримка правил і сигнатур для виявлення ransomware;
  • аналіз false positives та інших знахідок у співпраці з support-командою;
  • участь у вдосконаленні алгоритмів та логіки детекції.
• Дослідницькі задачі з безпеки (research-oriented security work)
  • дослідження сучасних технік закріплення в системах (persistence mechanisms);
  • аналіз слідів persistence у снапшотах та файлових системах;
  • побудова тестових сценаріїв і PoC для перевірки нових детекторів;
  • участь у валідації та розвитку нових підходів до виявлення загроз у співпраці з security research командою.
• Автоматизація та внутрішні інструменти
  • розробка Python-скриптів для автоматизації аналізу та дослідницьких процесів;
  • участь у впровадженні інструментів для прискорення внутрішніх workflow (у т.ч. використання LLM як частини детермінованих процесів).
     

Вимоги:

• Досвід роботи у сфері malware / ransomware analysis або offensive security від 4 - 5 років.
• Практичний досвід:
  • аналізу malware;
  • реверс інжинірингу;
  • роботи з Windows та/або Linux internals.
• Розуміння сучасних технік атак, post-exploitation та persistence-механізмів.
• Досвід написання скриптів на Python для автоматизації.
• Вміння працювати в умовах досліджень та невизначеності (research-driven environment)
• Англійська мова - від рівня B2 (усна та письмова).
   

Плюсом буде:

• Досвід участі у red team / penetration testing проєктах.
• Досвід роботи з cloud-інфраструктурою (AWS, EBS, snapshots).
• Досвід використання LLM як частини аналітичних або automation-workflow.
   

Якщо вам близький практичний security-research підхід і робота з реальними ransomware-кейсами - будемо раді познайомитись!