Jobs Security

Security isn’t a state — it’s a process. And we’re looking for someone who knows how to drive it.

Softsich is a young and ambitious international product tech company that develops scalable B2B digital platforms. We combine strategic vision with deep tech expertise to build and scale high-performance products. Right now, we’re looking for a Security Engineer to strengthen our internal infrastructure and help automate key security workflows.

Your key responsibilities will include:
– Monitor and analyze security alerts across multiple security platforms (SIEM, EDR, SOAR)
– Lead Incident Response -  serve as primary responder to security alerts, perform initial triage, conduct investigations, and coordinate remediation
– Enhance Detection Capabilities - design, implement, and fine-tune detection rules and alerts across cloud environments
– Conduct endpoint, network, and application log analysis to identify suspicious activity
– Collaborate with IT, DevOps, and Compliance teams to enforce security standards and best practices
– Assist in improving incident response processes, playbooks, and operational practices
– Stay informed about emerging cybersecurity threats, trends, and industry developments
– Deploy and manage MDM/UEM solutions (Jamf, Jumpcloud) across all endpoints
– Advocate for best practices in IT and change management to strengthen security posture
– Define and enforce security policies for workstations (passwords, encryption, restrictions, app controls)
– Perform regular audits and compliance checks aligned with corporate standards
– Monitor device health and security compliance, respond to related alerts
– Coordinate patching and updates on endpoints through MDM
– Conduct inventory and asset tracking, including remote wipe and lock management
– Provide endpoint security reporting and metrics to IT leadership and compliance
– Collaborate with incident response teams on mobile endpoint incidents
 

It’s a match if you have:
– 3+ years in IT Operations, System Administration, or related roles
– Experience in security threat analysis or incident response, ideally within a SOC
– Proven experience responding to and managing incidents in cloud environments (AWS, Azure, GCP) and SaaS services (Google Workspace, Atlassian)
– Proficiency with SIEM platforms, including rule creation, tuning, and maintenance
– Strong knowledge of cloud security monitoring tools and techniques
– Understanding of network infrastructure
– Experience analyzing endpoint, network, and application logs for anomalies
– Practical understanding of common attack vectors and how to detect them
– Experience with security automation and scripting for incident response workflows
– Understanding of IT system architecture, network design, and IT/change management processes
– Experience with virtualization technologies
– Familiarity with identity management
– Proficiency in platforms used for information security investigations and triage
 

Nice to have:
– Experience with cloud-native security tools and services
– Familiarity with scripting or automation (PowerShell, Bash, Python)
– Experience with endpoint detection solutions and email security technologies
– Knowledge of IT security audit techniques

What we offer:
– A competitive salary
– Remote work format or a modern office in Warsaw and/or Kyiv
– Flexible working hours
– An incredibly friendly team where everyone is ready to share knowledge, help, and support
– 24 working days of paid annual vacation
– Paid sick leave
– Health insurance (available for specialists based in Ukraine; other countries — in progress)
– Zero joules of energy to the aggressor state, its affiliated businesses, or partners
– Conference and business travel expenses covered (where applicable)
– Birthday greetings (because you matter!)
– Online and offline teambuilding events
– Corporate celebrations
 

Send over your CV now — we’d love to get to know you better!

Responsibilities:
•     Implement and maintain security best practices in cloud environments
•     Configure and monitor network security
•     Integrate security into CI/CD pipelines (SAST, DAST, dependency and secret scanning)
•     Manage secrets securely
•     Work with container security (image scanning, runtime protection)
•     Set up logging, auditing, and security monitoring
•     Collaborate with DevOps and backend teams on secure‑by‑design solutions
Requirements:
•     Experience working with cloud environments
•     Understanding of container security
•     Experience configuring CI/CD pipelines
•     Knowledge of networks and related concepts (TCP/IP, VPN, firewall)
•     Experience with IAM/RBAC
•     Hands‑on experience with security tools (Trivy, Snyk, etc.)
•     Experience with secret management tools
•     Basic understanding of incident management
We Offer:
•     Official reservation (бронювання) of employees
•     Relocation and accommodation compensation
•     Competitive salary and transparent conditions
•     Work in a modern technical environment
•     Opportunities for professional growth and continuous learning
•     A supportive team that values quality and results

About the Role

We are looking for a DevSecOps Developer to help build and evolve secure, scalable cloud development platforms and tooling.

You will play a key role in automating infrastructure, improving developer experience, and integrating modern AI-powered tools into the development lifecycle. Projects are primarily in the financial domain, with a strong focus on reliability, security, and scalability.

What You’ll Do

• Develop clean, maintainable code using Python and TypeScript
• Build and automate cloud environments and developer tooling on AWS
• Implement Infrastructure as Code using Terraform and AWS CDK
• Design and maintain CI/CD pipelines using GitLab
• Perform code reviews and enforce best practices (including SonarQube)
• Automate deployment, configuration, and monitoring processes
• Collaborate with architects, system administrators, and developers to ensure seamless integration
• Participate in Agile ceremonies (planning, stand-ups, reviews)
• Document code, scripts, and configurations for long-term maintainability
• Contribute to AI-powered developer tooling, including agentic AI pipelines

Technical Requirements

• Strong hands-on experience with AWS (core services, automation)
• Experience with Infrastructure as Code (Terraform, AWS CDK)
• Experience building and maintaining CI/CD pipelines (GitLab)
• Strong programming skills in Python and TypeScript
• Experience with Git-based workflows
• Familiarity with AI tools for developers (e.g., Amazon Q, Claude, coding agents)
• Experience working with modern IDEs (VS Code, IntelliJ)
• Solid understanding of IT security principles and service management (ITIL or similar)

Experience

• 5+ years of experience in software development
• Proven experience in Agile, collaborative environments
• Experience delivering AI solutions at scale is a plus

Soft Skills

• Strong communication skills — able to explain technical concepts clearly
• Proactive mindset with a focus on continuous improvement
• Team-oriented and collaborative
• Experience in support, community interaction, or cross-team communication is a plus

Education & Requirements

• Bachelor’s degree in Computer Science, IT, or a related field
• EU residence required (EU citizenship preferred)
• Fluent in English; additional European languages are a plus

Why Join

• Work on cutting-edge cloud, DevSecOps, and AI-driven developer tools
• Contribute to large-scale automation and secure infrastructure
• Be part of a highly skilled, international engineering team
• Flexible remote work within the EU, with occasional on-site collaboration

JarvisHeart is a rapidly expanding global IT & Tech company based in Cyprus, dedicated to its team, providing an inspiring dynamic work culture.Established in 2024, we are aimed to deliver services and solutions for businesses. We attract and retain the best IT professionals, offering avenues for development and progress to provide exceptional solutions to clients around the globe. Join us and become a part of JarvisHeart’s success story.

We are seeking a highly skilled Anti-Fraud manager to spearhead fraud detection efforts. The ideal candidate will have a strong background in fraud prevention and risk management.

Key Responsibilities:
• Real-time monitoring and analysis of player activity, including deposits, withdrawals, bets, gaming patterns, and behavioral data.
• Detection and investigation of suspicious activities such as bonus abuse, multi-accounting, collusion, chargebacks, money laundering (AML), and other fraud schemes.
• Working with the verification system: review of KYC documents, verification of payment methods and Source of Funds analysis.
• Analysis of fraud incidents, preparation of reports, and development of recommendations for risk mitigation.
• Monitoring fraud trends in the iGaming industry and proposing improvements.

Work Schedule: 5-Day Rotating Schedule (8-hour shifts)

Option A: Working days — Sunday + Monday + Tuesday + Wednesday + Thursday Option B: Working days — Tuesday + Wednesday + Thursday + Friday + Saturday

5 working days per week with 8-hour shifts and 2 consecutive days off.
 

Required Qualifications:

• At least 1–2 years of experience in anti-fraud, fraud prevention, or risk management within the iGaming / online casino / betting industry (experience in financial services or payment processing will also be considered).
• Proficiency in English.
• Strong analytical and problem-solving skills.
• Ability to work in a fast-paced, high-pressure environment.
• Readiness to work on a weekend-priority schedule (Saturday or Sunday as regular working days)

• Experience with anti-fraud and KYC tools will be considered a strong advantage.

   

Optional Qualifications:

• Experience with international fraud prevention strategies.

• Knowledge of compliance requirements in Canada and Europe.

   

What we offer:

• 17 vacation days (Enjoy vacation policy to recharge and explore. We believe work-life balance is key to personal and professional well-being.)
• 15 paid sick days (Your health matters. We offer paid sick leave to ensure you can recover without financial stress)
• Insurance after the probation period (Your well-being is our priority. After completing the probationary period, you’ll gain access to our comprehensive insurance plan to support your health and peace of mind.)
• Public holidays off (Take time to celebrate and enjoy national holidays with friends and family without worrying about work.)

• Work equipment provided (Start your journey with the best tools for success! We provide all the necessary equipment to help you work efficiently and comfortably.)

   

If you’re ready to take on this exciting challenge and contribute to a fast-growing industry, apply now!

We are a software development company building our own iGaming platform and business solutions for Sportsbook operations worldwide.

We are looking for a Security Operations Engineer to help us centralize and optimize our security incident workflows. Your mission is to bridge the gap between detection and remediation by integrating AWS security services and Vulnerability Assessment tools into a single, unified system.
You will focus on refining our security services configurations, organizing monitoring channels, and developing practical playbooks to transform security events into structured, automated actions. We don’t require extensive knowledge of incident management. We need an engineer with foundational AWS skills who’s interested in learning our security services and optimizing them for better maturity.

Requirements:

• At least 3 years of experience as an Information Security Engineer.
• Hands-on experience with AWS Cloud (IAM policies and roles, CloudTrail, CloudWatch).
• Hands-on experience with vulnerability scanning and assessment tools.
• Basic knowledge of incident response processes, including automation integration and playbook development.
• Understanding of authentication and authorization within web services (OAuth, OIDC, SAML).
• Basic knowledge of security solutions such as VPN, WAF, and firewalls.
• Familiarity with cybersecurity frameworks such as ISO 27001 and OWASP Top

Responsibilities:

• Audit and refine existing AWS security configurations to ensure high-quality detection and centralize security telemetry into a unified system.
• Establish and maintain incident classification and registration processes, ensuring all security events are tracked and prioritized.
• Streamline monitoring channels and develop practical Incident Response Playbooks.
• Respond to and mitigate security incidents, conduct root cause analysis, and tune playbooks for improved performance.
• Conduct regular vulnerability scans and assist with remediation efforts.
• Perform security assessments of the company’s cloud infrastructure.
• Collaborate with cross-functional teams to integrate security best practices into development and deployment pipelines.

Nice to have:

• Security certifications
• Prior experience with SIEM/SOC workflows and AWS security tools (Security Hub, GuardDuty, AWS Config) is big plus.

The Interview Process:

• 30 minute Recruiter call.
• 60 minute call with Security Team Lead.

Career Growth & Opportunities:

• Become part of a global leader in iGaming innovation.
• Access to professional development programs and industry events.
• Opportunity to work with top-tier experts in cutting-edge technology.
• Drive real impact in a fast-growing international market.
• Flexible career progression within a scalable and adaptable platform

Working Conditions:

• Vacation: 22 working days per year.
• Sick leave: 5 paid days per year.
• Sick lists: 100% paid with medical certificate up to 10 days per year
• Benefit cafeteria personal limit for health support

Join our passionate and talented team and be at the forefront of transforming the iGaming industry with groundbreaking live tech solutions. If you’re a visionary professional eager to shape the future of iGaming, Atlaslive invites you to apply and drive our continued success in this dynamic market.

Atlaslive — The Tech Behind the Game.

*All submitted resumes undergo a thorough review. If we do not contact you within 5 business days after your application, it means that we are unable to proceed with your candidacy at this time. However, we appreciate your interest in our company and will keep your contact details on file for future opportunities.

CodeGeeks Solutions is a software company led by top-notch experts with over 10 years of experience in product design & software development. We are able to comprehensively cover the needs of our clients and focus on the full cycle of development.

Now we are looking for a Trainee Test Engineer in Lviv to join our team!

Why us?

— we trust our team, love and care that everyone feels as comfortable as possible with their work and our atmosphere
— this work will bring you pleasure: you will be able to develop and acquire new skills, and we will help you with this
— here you will find like-minded people and true friends
— here you will feel happy even with thought that Monday is tomorrow
— we are young, promising and successful :)

We Offer:

• 15 days of annual time off paid + company-wide New Year’s holiday in the last week of the year (5 days)
• 20 days of sick leave paid (5 — 100%, 15 — 50%)
• IT Cluster membership
• Flexible work schedule and remote work options
• Chance to make a real impact and shape the future of our company
• Education compensation
• Clear career map, continued professional development and growth opportunities
• Opportunity to work with a talented and dynamic team of experts
• Internal training and meetups
• Access to corporate learning materials
• High-level compensation and regular performance-based salary and career development reviews
• PE accounting and support
• Work in a comfortable, modern and cozy office in Lviv
• Team buildings & corporate events

• Referral program

   

Requirements:

• Solid understanding of the Fundamental Test Process
• Experience working in Agile/Scrum environments
• Knowledge of VPN protocols and technologies (IPsec, OpenVPN, WireGuard, SSL/TLS VPN)
• Understanding of core networking concepts: OSI model, TCP/IP stack, routing, DNS, firewalls, NAT, and subnetting
• Familiarity with cybersecurity principles and OWASP testing guidelines
• Experience testing network security features: authentication, encryption, access control, and session management
• Web application testing experience and understanding of its specifics
• Proficiency in testing techniques and test design (boundary analysis, equivalence partitioning, exploratory testing)
• Ability to prepare test designs aligned with the defined test approach
• Skilled in defect analysis and writing clear, detailed bug reports with reproduction steps and expected results
• Experience creating, updating, and reviewing requirements, user stories, and QA-related documentation
• API testing experience (REST/gRPC), including security-focused API tests — strong plus
• Familiarity with network testing tools: Wireshark, nmap, curl, Postman, or similar

• Upper Intermediate English level (B2+)

   

Your responsibilities:

• Participating in all aspects of the QA product lifecycle
• Designing and executing test cases for VPN connectivity, tunneling, failover, and security scenarios
• Testing VPN behavior across different network conditions: packet loss, latency, NAT traversal, and split tunneling
• Verifying authentication flows (MFA, certificate-based auth, SSO integration)
• Performing root cause analysis on defects found in test environments
• Validating encryption correctness, data integrity, and session handling
• Estimating, prioritizing, planning, and coordinating testing activities

• Collaborating with developers and security engineers to maintain high product quality

   

Together we will:

• Run the project for our client to build a great product that makes an impact on the client
• Build an excellent team with a friendly atmosphere

• Support your technical and personal growth — we have a dedicated career plan for all roles in our company

   

Our Recruiting process:

• Interview with HR
• Technical Interview with Head of QA Office

If you want to develop professionally in a team of like-minded people and make this world better — we are waiting for your resume!

We are looking for an IT Security Analyst with hands-on experience working with IT infrastructure and understanding cybersecurity compliance requirements.

The primary objective of the role is to conduct technical audits of security systems, infrastructure and processes, verify compliance with standards requirements and help departments implement secure practices. 
 

Main responsibilities:
 

• Conducting technical audits of IT infrastructure (servers, network, cloud services, access systems);
• Checking compliance with standards and regulatory requirements: ISO 27001,PCI DSS, NIST, internal security policies;
• Analysis of system configurations (Windows/Linux, network devices, IAM);
• Verification of: logging and monitoring, access management, network segmentation, backup, vulnerability management;
• Assessing the security architecture of IT systems;
• Preparing technical audit reports and recommendations;
• Interacting with IT teams to address identified risks;
• Participating in the implementation of security processes.
   

Main requirements:
 

• 4+ years in IT administration;
• 1–2 years in cybersecurity;
• Experience working in a company with formal security compliance requirements.
   

Technical knowledge:

• Windows Server / Linux, VMware;
• Networking (TCP/IP, VLAN, VPN, firewall);
• Active Directory / IAM;
• Logging and SIEM;
• Cloud infrastructure (AWS / Azure / GCP would be a plus);
• Basic knowledge of DevOps / containers would be a plus.
   

Security knowledge:

• System hardening;
• Access management;
• Vulnerability management;
• Security monitoring;
• Network security.
   

Standards:

• ISO 27001;
• PCI DSS;
• NIST.
   

Would be a big plus:
 

• Experience in technical audits;
• Work in a SOC;
• Experience in pentests or vulnerability scanning;
• Certifications: CISSP, CISA, CEH, ISO 27001.
   

What we offer:
 

• Having the capability to create something new and witness your own input;
• You can find confidence in the future here, but rest assured it won’t be dull;
• Join a dynamic and expanding community. Our company is experiencing growth and expanding into Europe. Currently, we have offices in Kyiv, and Warsaw and plan to open additional locations in other countries;
• Join our experienced team that values professional development and embraces new opportunities.
   

RISK inc: An International iGaming Company Pushing the Boundaries of Entertainment
 

Who We Are:

An international iGaming company specializing in identifying and fostering the growth of high-potential entertainment markets. With 1000+ professionals in 20+ locations, we operate in 10 countries, serving over 300,000 customers.
 

Always Pushing the Boundaries? You Already Belong at RISK!

Our global-scale operations are based on strong internal expertise, analytics, and data research. We have expertise in iGaming operations (sports betting, online casino), digital and affiliate marketing, tech solutions, and data analytics.

Your main responsibilities will be:

• Provide exceptional operational management and support for the analysis and investigation of security incidents;
• Respond promptly to alerts, perform triage operations, and determine the appropriate level of response;
• Decide on and implement the best course of action in response to cyber attacks, initiating suitable recovery procedures;
• Investigate, document, and report on information security issues and emerging trends;
• Maintain, monitor, and operate security infrastructure and related technologies;
• Conduct security assessments for newly acquired systems and technologies to ensure compliance with security standards.

Essential professional experience:

• Understanding of network and systems security, security testing, and software security;
• Experience with Windows & *nix platforms;
• Familiar with scripting languages (Bash, Python, Powershell);
• Knowledge of TCP/IP, UDP, DNS, FTP, SSH, SSL/TLS and HTTP Protocols, network analysis;
• Knowledge of common malware threats and attack methodologies;
• Analytical and observational skills;
• Threat Hunting experience;
• Strong communication skills, team player, able to function independently and as part of a team;
• Endless will to learn something new.

Additional Information

Our Benefit Cafeteria is Packed with Goodies:

• Children Allowance
• Mental Health Support
• Sport Activities
• Language Courses
• Automotive Services
• Veterinary Services
• Home Office Setup Assistance
• Dental Services
• Books and Stationery
• Training Compensation
• And yes, even Massage!

Our Mission and Vision

At Solidgate, our mission is clear: to empower outstanding entrepreneurs to build exceptional internet companies. We exist to fuel the builders — the ones shaping the digital economy — with the financial infrastructure they deserve. To achieve that, we’re on a bold path: to become the #1 payments orchestration platform in the world.

We believe the future of payments is shaped by people who think big, take ownership, and bring curiosity and drive to everything they do. That’s exactly the kind of teammates we want on board.
 

About the Role

Solidgate builds financial infrastructure for fast-growing internet businesses worldwide. Our platform processes millions of payments daily and operates in a highly regulated fintech environment, where security is a fundamental business requirement.

As our company scales, we are strengthening and expanding our Information Security team and are looking for an Information Security Engineer to support and develop our corporate and operational security practices.
 

The mission of this role is to reduce the risk of compromise of corporate accounts, devices, and SaaS systems by:

• maintaining compliance with international security standards
• ensuring controlled and auditable access
• strengthening security awareness across the company
• and supporting effective incident response

This role focuses on corporate security, access management, vulnerability management, and compliance, working closely with engineering, IT, and business teams to ensure Solidgate remains secure, resilient, and audit-ready at all times.
 

What You Will Own

As an Information Security Engineer, you will be responsible for corporate and operational security controls, including:

• Supporting and maintaining ISMS, PIMS, and BCMS frameworks
• Participating in external certifications and audits (PCI DSS, ISO 27001, ISO 27701, ISO 22301, GDPR, DORA)
• Managing access control processes: IAM / SSO / MFA, Joiner—Mover—Leaver processes, regular access reviews and privilege control
• Operating and tuning information security tools, including: vulnerability scanners, IAM and access control systems, anti-phishing tools and security awareness platforms
• Analyzing alerts and findings, including false positives, and driving remediation
• Maintaining and updating asset and information security risk registers
• Supporting incident response activities and post-incident analysis
• Conducting and tracking Disaster Recovery (DRP) and Business Continuity (BCP) tests, ensuring identified gaps are addressed
   

You are a great fit if you have

• 3+ years of experience in Information Security
• Knowledge of at least one security standard: ISO/IEC 27001, SOC 2, or PCI DSS
• Hands-on experience with building and operating an information security management framework, including policies, risk management, and incident response.
• Strong experience with access management (IAM): least privilege principles, RBAC / ABAC, MFA / SSO, Joiner—Mover—Leaver processes and regular access reviews
• Experience configuring and administering security tools such as: IAM solutions, vulnerability scanners, XDR / endpoint protection, anti-phishing and phishing simulation platforms
• Ability to communicate effectively with engineers, IT teams, and external auditors
   

Nice to Have

• Experience participating in or leading external security audits
• Hands-on experience with ISO 22301, ISO 27701, GDPR, or DORA
• Experience automating information security or compliance processes
• Background in security operations or security engineering within a regulated environment
   

Why Join Solidgate?

Build security that protects the business. Own and evolve corporate security controls that safeguard our people, systems, and data at scale.

Your expertise counts. Enjoy real autonomy to improve access management, compliance processes, and operational security tooling.

Room to experiment. Apply modern approaches to security operations, automation, and awareness with strong leadership support.

Impact & visibility. See the results of your work directly in successful audits, reduced risk exposure, and stronger organizational security.

Collaborative environment. Work alongside experienced security professionals, engineers, and stakeholders who value clarity, ownership, and partnership.

The Extras: 30+ days off, unlimited sick leave, free office meals, health coverage, and Apple gear to keep you productive. Courses, conferences, sports and wellness benefits — all designed for ideas, focus, and fun.

Tomorrow’s fintech needs your mindset. Come build it with us.

We are embarking on a critical initiative to achieve ISO 81001 compliance for our esteemed client. ISO 81001 is a pivotal standard for health informatics, specifically focusing on the management and security of health information systems. This project aims to ensure Client's digital infrastructure aligns with the stringent requirements set forth by ISO 81001, safeguarding sensitive healthcare data and bolstering cyber resilience.

Responsibilities

Conduct a thorough assessment of Client's existing IT infrastructure, policies, and procedures against ISO 81001 requirements.

Identify gaps and vulnerabilities that need to be addressed to achieve compliance.

Collaborate with cross-functional teams to design and implement robust security controls aligned with ISO 81001 standards.

Deploy necessary security measures to protect Client's health information systems and data assets.

Draft and enhance security policies, procedures, and guidelines tailored to ISO 81001 specifications.

Ensure policies are communicated effectively and integrated into Client's operational framework.

Perform risk assessments and develop risk management strategies to mitigate cyber threats and vulnerabilities.

Implement proactive measures to enhance Client's cyber resilience in alignment with ISO 81001.

Conduct training sessions and workshops to enhance cyber security awareness among Client staff.

Foster a culture of security consciousness and best practices across the organization.

Establish monitoring mechanisms to track ongoing compliance with ISO 81001 requirements.

Conduct regular audits and assessments to ensure sustained adherence to security standards.

Develop incident response protocols and procedures to swiftly address and mitigate security incidents.

Continuously assess and refine security strategies based on emerging threats and industry developments.

Skills

Must have

Bachelor's degree in Cyber Security, Information Technology, or a related field.

Proven experience in cyber security, particularly in compliance initiatives (ISO standards preferred).

Strong understanding of health informatics and data security within healthcare environments.

Excellent analytical skills with the ability to assess complex systems and processes.

Effective communication skills to engage stakeholders and drive security initiatives forward.

Nice to have

Agile

Come build something true with us.

We’re True Sea Moss, a fast-growing wellness brand built on the healing powers of one of nature’s oldest superfoods, sea moss.

No powdered promises. No pretty lies. Our products move through a complex global supply chain — and behind that flow sits structure, discipline, and crystal-clear organization.

As we scale across marketplaces, systems, marketing platforms, data warehouses, and internal tools, security is no longer optional — it’s foundational.

We’re looking for a Cybersecurity Specialist — someone exceptionally structured, risk-aware, and confident owning company-wide security, access control, and infrastructure protection end-to-end.

Now — who are we looking for?

You’re the person who sees vulnerabilities before others even notice them.

You think in permissions, identity management, audit logs, and prevention frameworks. You don’t just react to incidents — you design systems that minimize the chance of them happening.

You’re calm under pressure, precise in execution, and serious about protecting company data, systems, and people.

What You’ll Be Doing

• Own company-wide access management (Google Workspace, Slack, AWS, Shopify, BI tools, internal systems, etc.)
• Create, modify, and revoke user access based on role and security policies
• Implement role-based access control (RBAC) and least-privilege principles
• Maintain secure credential and password management systems
• Implement and enforce multi-factor authentication (MFA) across all platforms
• Secure cloud environments and monitor infrastructure permissions
• Monitor logs, detect suspicious activity, and define response protocols
• Build and maintain internal security policies and documentation
• Conduct periodic security audits and vulnerability assessments
• Develop backup and disaster recovery strategies
• Lead incident response processes when needed
• Educate the team on security awareness and best practices

What You Bring

• Proven experience in cybersecurity or information security
• Strong understanding of identity & access management (IAM) principles
• Experience securing cloud environments (AWS preferred)
• Knowledge of endpoint protection and monitoring tools
• Understanding of encryption, authentication, and network security fundamentals
• Experience implementing MFA and access governance frameworks
• Ability to create clear security policies and enforce standards
• Strong sense of ownership and discretion when handling sensitive data
• English level B2+
• Comfortable working remotely

Nice-to-Haves

• Experience working with fast-growing e-commerce or digital-first companies
• Experience preparing companies for compliance audits
• Background in cloud infrastructure security automation

Why Work With Us

• A role with real responsibility and ownership from day one
• Direct impact on how safely and confidently we scale
• High trust and autonomy
• Opportunity to build security systems from the ground up
• A team that values structure, clarity, and calm execution

Here’s How We Back Our Words with Care

• Welcome Pack and custom TrueSeaMoss merch to make sure you arrive like you were always meant to be here
• Sports reimbursement to support your physical and mental health
• Additional vacation days beyond standard holidays
• Coaching & career consultations to support your personal and professional growth
• Access to corporate English lessons to sharpen your communication skills
• WHOOP membership to help you track your health, sleep, and recovery
• Coworking membership if you prefer a hybrid work lifestyle
• Sabbatical options after long-term contributions
• Travel grants to support work-related or wanderlust trips — we believe in leaving to come back better
• Project grants for side ideas, personal initiatives, or creative experiments

So — does this sound like you?

If you’re serious about protecting systems, building secure foundations, and owning cybersecurity end-to-end — we’d love to meet you.

Are you passionate about making the internet a safer place? We are looking for a Middle Security Operations Researcher to join our team and help protect enterprise clients from harmful bots and online threats. This is a remote, full-time role that offers the opportunity to work directly with global customers, analyzing traffic patterns and neutralizing malicious activity.

At Sigma Software, we value expertise, ownership, and proactive communication. You will collaborate with a diverse international team while enjoying the flexibility of working from anywhere.

Why join us? You will work on impactful cybersecurity projects, gain exposure to cutting-edge analytics tools, and contribute to safeguarding digital ecosystems worldwide.

CUSTOMER
Our customer is a global provider of comprehensive security solutions, protecting individuals, organizations, and communities from a wide range of risks, particularly in the digital space. Their enterprise-focused products specialize in bot defense and invalid traffic detection, helping clients safeguard critical systems and maintain operational integrity.

PROJECT
The project focuses on real-time threat detection and bot mitigation for enterprise-scale clients. Security Operations Researchers collaborate directly with customers, leveraging advanced analytics platforms to identify malicious traffic patterns and neutralize online threats. This dynamic environment requires both technical expertise and strong communication skills.

JOB DESCRIPTION:

• Provide Tier 2 technical support to customers in real time, delivering clear and professional responses
• Analyze logs, graphs, and dashboards, isolating and investigating data using tools like Kibana
• Manage and organize cases, tickets, and requests in Salesforce
• Perform back-office tasks, including writing and maintaining suspicious field expressions
• Write and optimize SQL queries for data retrieval, analysis, and manipulation in BigQuery
• Communicate with global customers, ensuring timely responses and effective issue resolution
• Work in a shift-based schedule, including weekend shifts

QUALIFICATION:

• 2+ years of experience in data analysis, including working with logs and dashboards
• Experience working with web traffic data, including HTTP traffic, logs, request analysis, and traffic pattern investigation
• Strong SQL skills: Common Table Expressions (CTE), aggregations, GROUP BY, ORDER BY, filters, window functions (e.g., RANK()), and subqueries
• Experience with SIEM systems. Nice to have: experience with the Elastic Stack
• Technical understanding of web technologies and client–server architecture (APIs, HTTP, basic HTML/JavaScript)
• Strong troubleshooting and problem-solving skills
• Experience in customer support, including direct communication with clients; professionalism and politeness are essential

• Strong English communication skills

   

WILL BE A PLUS:

• Experience in a Cybersecurity Analyst/Researcher role, ideally supporting external customers in threat detection and response
• Experience in web security and security research: web application security, bot management, fraud detection
• Basic Python skills
• Experience with Kibana

PERSONAL PROFILE:

• High level of responsibility and ownership
• Ability to work independently with minimal supervision
• Planning and decision-making skills with considerations for multiple integrated systems
• Proactive communicator who keeps stakeholders informed without being prompted

Work schedule: 40 hours per week, 5 days per week. Workdays can be adjusted to start earlier or later, including weekends if necessary.

(3 month Project, with potential ongoing advisory support)

We are looking for a DevSecOps Engineer with 3+ years of experience to help audit, strengthen, and improve the security posture of a small but growing SaaS platform serving nonprofit and corporate clients.

OVERLAP 14:00–16:00 Mountain Time (MT)

This role is security-first, with DevOps responsibilities as a secondary layer. The main goal is to assess the current infrastructure, identify security and compliance gaps, and implement a practical roadmap to improve the platform’s overall resilience, compliance readiness, and long-term sustainability.

Project scope:

— Initial security and infrastructure audit

— Identify risks, vulnerabilities, and operational gaps

— Build and prioritize a remediation roadmap

— Implement key improvements over a 2–3 month engagement

— Potential for ongoing periodic security reviews and advisory support afterward

Current stack / environment:

— Git

— GitHub Actions

— Docker

— AWS

— Render

What you will do:

— Audit the current cloud and application setup from a security and DevSecOps perspective

— Review infrastructure, deployment processes, DNS configuration, access controls, and backup/disaster recovery practices

— Identify gaps related to SOC 2 readiness and help prepare for stronger enterprise security expectations

— Assess security controls around CI/CD, secrets management, container images, user access, and production environments

— Review existing vulnerability scanning practices and recommend improvements, including dynamic scanning where needed

— Help define and implement practical controls such as firewalling, hardening, monitoring, least-privilege access, and security hygiene improvements

— Investigate risks related to DNS, exposed services, stale records, misconfigurations, and other overlooked infrastructure issues

— Support the team in creating a sustainable, right-sized security approach for a small organization without overengineering

— Translate findings into an actionable roadmap with clear priorities, balancing risk, cost, and implementation effort

— Help improve confidence in responding to enterprise security questionnaires from large corporate clients

What we are looking for:

— 3+ years of hands-on experience in DevSecOps, DevOps with a strong security focus, or cloud/infrastructure security

— Strong experience with AWS and cloud security best practices

— Experience with GitHub Actions, CI/CD security, Docker, and container/image scanning

— Experience reviewing and securing hosted platforms, including PaaS environments such as Render or similar

— Solid understanding of IAM/access control, secrets management, DNS security, backups, disaster recovery, and infrastructure hardening

— Experience identifying and remediating security gaps in small or mid-sized SaaS environments

— Familiarity with SOC 2 controls and general compliance-oriented security practices

— Ability to recommend pragmatic, cost-conscious solutions for a small team

— Strong communication skills and ability to explain risks, tradeoffs, and priorities clearly to non-security stakeholders

— English level: B2 minimum

We are seeking a detail-oriented Security Engineer to join the Security Compliance team and support application security initiatives across a modern cloud-based platform. This role focuses on secure code analysis, vulnerability assessment, remediation tracking, and embedding security throughout the Software Development Lifecycle (SDLC).

You will collaborate closely with Engineering and Site Reliability teams to strengthen application security posture, automate security processes, and ensure vulnerabilities are effectively prioritized and remediated.

Details

Location: Remote in EU

Employment Type: Full-time

Start Date: ASAP

Work Model: Fully remote

Key Responsibilities

Contribute as a core member of the Security Compliance team.

Perform secure code analysis and assist in identifying security weaknesses.

Analyze application vulnerabilities to determine severity, business impact, and remediation strategies.

Partner with Site Reliability and Application Development teams to track vulnerabilities through resolution.

Support the integration of security practices into the Software Development Lifecycle.

Assist in automating security controls and remediation tracking processes.

Maintain thorough documentation and ensure detailed security reporting.

Continuously improve application security standards and processes.

Requirements

Experience in application development and security vulnerability management (academic or professional).

Working knowledge of Windows and Linux environments.

Understanding of secure coding principles and common vulnerability frameworks.

Familiarity with public cloud providers such as AWS, GCP, or Azure.

Software development experience in one or more of:

Python

Java

C#

C++

Go

JavaScript

Experience developing script-based automation solutions.

Strong written, verbal, and interpersonal communication skills.

Associate’s, Bachelor’s degree, or equivalent practical experience in a related field.

Detail-oriented mindset with curiosity and willingness to learn.

We are looking for a  DevSecOps Engineer to join our team and help maintain and improve a secure cloud infrastructure on AWS. Our applications run on Kubernetes (EKS), Cloudflare is used for edge protection, and Wazuh serves as our SIEM / HIDS platform.
 

This role is suited for an engineer with hands-on experience who will work within an existing architecture and established best practices, rather than owning the full system design.

Requirements:
AWS / Cloud

• 2+ years of commercial experience with AWS;
• Hands-on experience with EKS or other managed Kubernetes platforms;
• Basic understanding of IAM, VPC, Security Groups, and CloudWatch.

Kubernetes / Containers

• Experience with Kubernetes (deployments, services, ingress);
• Understanding of Kubernetes RBAC (ability to apply and maintain existing policies);
• Experience with Docker (building and running containers).

Security / Monitoring

• Experience with Wazuh or other SIEM / security monitoring solutions;
• Understanding of logging, alerting, and basic HIDS principles;
• Hands-on experience with Cloudflare (DNS, basic WAF configuration).

DevOps / Automation

• Experience with CI/CD tools (GitLab CI, GitHub Actions);
• Infrastructure as Code: Terraform;
• Bash or Python for basic automation tasks.

Networking

• Understanding of HTTP/S, DNS, and TLS;
• Basic knowledge of cloud networking concepts.

Responsibilities:

• Maintain and enhance CI/CD pipelines with integrated security checks;
• Support and operate Kubernetes clusters (AWS EKS);
• Configure and maintain Wazuh (agents, basic rules, alerts, dashboards);
• Support and optimize Cloudflare services (DNS, basic WAF rules, rate limiting);
• Deploy and update infrastructure using IaC (Terraform / CloudFormation);
• Manage access controls (AWS IAM, Kubernetes RBAC);
• Monitor logs and security alerts and participate in incident response;
• Apply basic hardening practices for containers and EKS nodes;
• Collaborate with development teams to ensure secure application deployments;
• Configure infrastructure according to CIS benchmarks.

Nice to Have:

• Experience with security scanning tools (Burp, Snyk, kube-bench);
• Familiarity with AWS Security Hub or GuardDuty;
• Basic understanding of Zero Trust principles;
• Experience with multi-account AWS environments;
• Exposure to security policies or compliance controls;
• Experience with ELK Stack.
   

What We Offer:

• Work in a team with established processes and mentoring;
• Clear growth path toward a Senior DevSecOps Engineer role;
• Modern cloud-native technology stack (AWS, Kubernetes, Terraform);
• Flexible work format (remote / hybrid);
• Competitive compensation based on experience