Jobs Security

Role description:
We are looking for an Information Security Specialist responsible for administering and maintaining security solutions, monitoring security events, and ensuring compliance with security standards across the company.

Key Responsibilities:

• Administer all technical information security solutions used by the company.
• Monitor events in SIEM, DLP, and antivirus (AV) systems.
• Ensure compliance with information security policies in company offices.
• Participate in checking remote employees for compliance with security requirements.
• Respond to security incidents and participate in their handling.
• Manage access across various systems according to the access matrix.
• Maintain and update DLP, SIEM, and other security system rules.
• Analyze the effectiveness of technical solutions used by the company and suggest improvements.
• Participate in developing and implementing the company’s information security strategy.
•  

Requirements:

• Knowledge and experience with security technologies: SIEM, DLP, EDR/XDR, Firewall, etc.
• Experience with Microsoft 365 ecosystem: Active Directory, SharePoint, Exchange.
• Understanding of vulnerability management, IAM, PAM.
• English level B1 or higher (for reading/writing technical documentation and understanding standards).
•  

Preferred:

• Experience in penetration testing.
• Experience in system administration.
• Experience working in a SOC.
• Understanding of international security standards: ISO 27001, ISO 27701, NIST, HIPAA, CIS2.
•  

We Offer:

• Competitive salary
• Opportunities for professional development and certifications
• Work in an international team with a modern IT environment
• Full remote work options

We are looking for a Senior Compliance Manager with strong and seasoned hands-on experience in IT service companies to lead our compliance and data protection framework from a contractual, regulatory, and information security perspective.

This role is operational and execution-focused, not advisory only. You will be responsible for building, implementing, and maintaining a robust compliance program that is closely tailored to our software engineering services business model and complies with the data security and contractual requirements of our enterprise-level clients.

Day-to-day, you will practically translate client contractual obligations into actionable compliance controls, work closely with Legal, Delivery, IT, and Security Departments to evaluate and identify vulnerabilities, propose and implement workable solutions, and ensure continuous audit readiness (ISO 27001, SOC2, and client-driven audits). This role also involves supporting internal and external audits, client due diligence questionnaires, vendor risk activities, internal compliance onboarding, and ongoing training of Proxet personnel, and ongoing alignment with client security expectations across multiple jurisdictions (U.S., Europe, Latin America).

If you understand how compliance works inside a global IT services organization, this role is for you.

Responsibilities

• Reviewing and interpreting client contractual requirements with respect to security, compliance, and data privacy into actionable and deployable operational activities consistent with industry practice for a software engineering services business. 
• Build and maintain a compliance chart per client by mapping client requirements to internal controls. Identify gaps and coordinate remediation with IT, Security, Delivery, and Legal Departments.
• Conduct quarterly internal compliance audits across projects.
• Implement and maintain GDPR compliance, support DPA review and negotiation.
• Ensure new client pre-sales and onboarding align with the Company's compliance program.
• Ensure proper data classification and data handling controls.
• Contribute to the development and maintenance of internal policies, procedures, and controls related to security and compliance.
• Perform risk assessments and develop appropriate risk treatment plans.
• Support vendor and third-party risk management processes and assessments.
• Monitor changes in regulatory landscapes and translate them into actionable recommendations.
• Create and deliver Company-wide appropriate and tailored awareness training on data protection and regulatory compliance requirements for internal teams.
• Act as a point of contact for compliance-related topics during engagements and audits.
• Apply data retention and secure data disposal requirements in line with regulatory and contractual obligations.
• Follow and support the company’s established cybersecurity standards and roadmap, ensuring alignment with defined requirements, milestones, and priorities.
• Prepare compliance dashboards and reports for leadership.

Requirements

• 5+ years of experience in compliance, GRC, risk management.
• 4+ years of experience in compliance in an IT service/outsourcing company.
• Hands-on experience with security frameworks (e.g., ISO/IEC 27001, SOC 2) and standards implementation and remediation experience.
• Excellent English skills, including familiarity with and strong contractual review skills (MSA, SOW, DPA), and experience in collaborating with Legal Departments.
• Strong familiarity with global data protection laws (GDPR, CCPA/CPRA, UK GDPR) and practical GDPR, CCPA/CPRA, DPF implementation experience.
• Understanding of industry-specific compliance and regulatory standards across sectors, including funds, healthcare, and private equity.
• Ability to support Engineering (Delivery) by identifying and tracking compliance issues and coordinating timely mitigation actions with relevant stakeholders.
• Ability to translate regulatory and security requirements into practical, business-aligned, actionable controls.
• Ability to conduct risk assessments and define appropriate risk treatment measures.
• Understanding of data handling, intellectual property rights, and related contractual considerations.
• Experience with controls and governance for AI usage.
• Experience preparing and maintaining documentation for audits, regulators, and clients.
• Strong attention to detail and ability to manage multiple compliance initiatives in parallel.
• Strong communication and interpersonal skills.
• Strong documentation skills and high attention to detail.
• English: Upper intermediate or higher.
• Ability to work independently and as part of a team.
   

Would be a plus:

• Experience with regulatory requirements across multiple jurisdictions (e.g., U.S., Europe, Latin America).
• Practical experience with BCP/DRP implementation and maintenance.
• Hands-on experience with healthcare compliance frameworks (e.g., HIPAA).
• Experience with the investment fund clients and private equity vertical domain expertise, including PCI DSS.
• Professional certifications such as CCEP, CISA, CISM, CRISC, CISSP, or equivalent.
• Experience in data-intensive projects (DWH, BI, AI, analytics).

Join Innoneers – Shaping the Future of Software Engineering!
 

At Innoneers, we don’t just build software; we engineer innovation. We are a dynamic software development company dedicated to transforming complex business challenges into seamless digital experiences. Specializing in Web, Mobile, and Cloud solutions, we pride ourselves on our technical agility and "Engineering Excellence" mindset.
 

As we scale our operations, we are looking for a passionate SoC Verification Engineer to join our team. If you thrive in an environment where clean code meets cutting-edge technology (Node.js, React, AWS, Python) and want to make a tangible impact on global projects in E-commerce, Fintech, and Logistics, Innoneers is the place for you.

We will trust you with:

• Develop and maintain SystemVerilog/UVM-based verification environments at both module and SoC level;
• Write test sequences, define functional coverage models, and ensure coverage closure;
• Debug simulation results using waveform tools and collaborate with design teams to resolve issues;
• Drive constrained-random stimulus generation and continuous improvements in our verification methodology;
• Apply modern EDA tools and automate verification flows to maximize speed and quality;
• Contribute to quality assurance, release-readiness, and design-test alignment for every chip.
   

What you’ll need to succeed:

• 8+ years of digital verification, including 4+ years of constrained-random verification with UVM.
• 2+ years of embedded C development for SoC verification.
• Experience designing verification architecture from design specifications and creating test plans.
• Ability to translate functional requirements into functional coverage models.
• Skilled in constrained-random stimulus generation and coverage analysis/closure.
• Strong expertise in root-cause analysis and debugging SystemVerilog RTL.
• Proficiency in scripting with Python or similar languages.
• Solid experience with Linux, bash, or equivalent environments.
• Proficient with commercial EDA tools.
• Experience collaborating effectively with cross-functional teams.
• Hands-on experience with UVM verification architecture and vertical reuse of lower-level UVCs/environments.
• Skilled in mixed-language simulation and system modeling.
• Experience with effort estimation, project planning, scheduling, and tracking.

• Proven ability to lead and mentor a small team.

   

Nice-to-haves:

• Experience with SystemC for modeling and simulation.
• Knowledge of UPF and low-power verification methodologies.
• Exposure to formal verification techniques.
• Hands-on experience with FPGA validation and bring-up.
• Experience with full-chip emulation and bring-up.
• Familiarity with OpenOCD/GDB for software-driven verification.
• Experience in SystemVerilog RTL design.

If you're ready to shape the future of technology with us, apply and let's talk!

We are looking for a Security Architect to join our teams!

Requirements:

- 7+ years of experience in Application Security, Security Architecture, or Product / Platform Security roles.
- Hands-on experience designing security architectures for complex, distributed systems.
- Strong understanding of secure SDLC, security-by-design principles, and architectural security patterns.
- Proven experience leading threat modeling and architectural security reviews for critical systems.

Deep expertise in:
- Application & API Security
- Cloud Security (AWS preferred)
- Identity & Access Management (IAM)
- Solid understanding of modern architectures: microservices, event-driven systems, Kubernetes.
- Ability to make sound security architecture decisions under uncertainty and business constraints.
- Experience collaborating with senior engineers, architects, and engineering leadership.

Will be plus:

- Experience working in regulated or security-sensitive industries.
- Practical experience implementing Zero Trust and Defense-in-Depth models.
- Experience with security governance across multiple products and teams.
- Experience building reusable security patterns and reference architectures.

Responsibilities:

- Define, own, and evolve the target-state security architecture for applications, APIs, and cloud platforms.
- Embed security-by-design principles into product development lifecycles and architectural standards.
- Lead threat modeling activities for key products and platforms.
- Act as a company-wide authority on application and cloud security architecture.
- Develop and maintain security architecture standards, guidelines, reference architectures, and patterns.
- Advise engineering leadership, product owners, and management on security risks and trade-offs.
- Collaborate with Legal, Compliance, and Risk teams to align security decisions with business priorities.

Our benefits to you:

☘️An exciting and challenging job in a fast-growing holding, the opportunity to be part of a multicultural team of top professionals in Development, Architecture, Management, Operations, Marketing, Legal, Finance and more
🤝🏻Great working atmosphere with passionate experts and leaders, sharing a friendly culture and a success-driven mindset is guaranteed
🧑🏻‍💻Modern corporate equipment based on macOS or Windows and additional equipment are provided
🏖Paid vacations, sick leave, personal events days, days off
💵Referral program — enjoy cooperation with your colleagues and get the bonus
📚Educational programs: regular internal training sessions, compensation for external education, attendance of specialized global conferences
🎯Rewards program for mentoring and coaching colleagues
🗣Free internal English courses
✈️In-house Travel Service 
🦄Multiple internal activities: online platform for employees with quests, gamification, presents and news, PIN-UP clubs for movie / book / pets lovers and more
🎳Other benefits could be added based on your location

We’re looking for an Anti-Fraud Specialist to build and own the company’s risk and fraud prevention system from scratch. This role combines strategic thinking and hands-on execution you’ll design the full fraud-contour, implement risk rules, and protect product economics without damaging conversion and retention.

You’ll work closely with the CEO, PSP Manager, Product, and Marketing teams to ensure sustainable growth and PSP stability on the US Sweepstakes market.

💪 Key Responsibilities:
✅ Build and own the full risk lifecycle:
✅ Develop and implement a unified fraud detection system integrating:
PSP risk signals, chargebacks, BIN & velocity checks, device fingerprinting, IP/proxy/geo data, KYC signals, affiliate sources, and in-product behavioral data.
✅ Create and manage risk-scoring models and fraud profiles for all users.
✅ Design and optimize:
- Auto-block rules
- Withdrawal holds
- Manual review flows
- Bonus eligibility logic
- Geo & device restrictions
✅ Monitor and improve fraud economics.
✅ Collaborate with PSP to maintain healthy processing metrics and reduce AML/chargeback risks.
✅ Work with Product to close UX and bonus exploitation gaps.

🔥 Skills & Competencies:
✔️ iGaming and US Market Experience 
✔️Experience working with antifraud tools, device/IP/geo systems, and PSP logs.
✔️ Ability to work with SQL/BI tools at analytical level.
✔️ Experience building risk rules, thresholds, and scoring models.
✔️ Ability to make tough decisions and challenge marketing/product when necessary.
✔️ English B2 or higher.

⭐ Nice to Have

Experience in US Sweepstakes or Social Casino products.
Experience building antifraud systems from zero in startups.
Knowledge of AML processes and PSP health metrics.
Experience working with affiliate-heavy traffic.

✨What We Offer:

• Full remote work
• Flexible working hours (start between 10:00 and 12:00)
• 8 hour work day + break
• Time Off 28 calendar days of paid vacation (after successfully passing the probationary period)
• 4 days of days off

About us

Ruby Labs is a leading tech company that creates and operates innovative consumer products. We offer a diverse range of opportunities across the health, education, and entertainment industries. Our innovative teams are driving the future of consumer-led products, and we're always looking for passionate individuals to join us. Learn more about our story at: https://rubylabs.com/about-us/

About the role

We are looking for an IT Security Lead to design, implement, and manage our corporate IAM and operations security infrastructure from the ground up. Our goal is to implement a high level of automation in IAM and create a seamless yet secure operations environment using the latest technologies, ensuring that security does not slow down our workforce while maintaining robust safeguards.

Key Responsibilities 
 

Security Infrastructure & Engineering

• Design and build operations security infrastructure and IAM from scratch.
• Develop, implement, and maintain comprehensive security policies, strategies, and protocols to safeguard the intellectual property, and prevent unauthorized access.
• Deploy and manage security tools and solutions, with preference for open-source technologies where appropriate.
• Utilize MDM software with other products to ensure organization-wide device security compliance and enforce consistent protection standards across all endpoints.
• Establish and enforce remote work security standards and best practices for company owned and BOYD devices.

Identity & Access Management

• Design and implement access structure using identity provider.
• Manage user provisioning and deprovisioning workflows across all company tools and services.
• Automate access lifecycle management, including onboarding and offboarding processes.
• Control and audit access permissions to ensure principle of least privilege.
• Implement and maintain identity federation technologies across multiple platforms.

Google Workspace & Cloud Security

• Administer Google Workspace with focus on security configurations and compliance.
• Configure policies like Context Aware Access, LDAP, SCIM, and other controls within Google Workspace.

Security Operations & Governance

• Establish IT security operations (SecOps) best practices and standard operating procedures.
• Conduct regular security assessments and vulnerability management.
• Define security metrics and KPIs; provide regular security posture reports.
• Advise leadership on security risks, compliance requirements, and remediation strategies.

Process & Documentation

• Develop and maintain comprehensive security documentation, runbooks, and policies.
• Streamline security-related processes for efficiency and effectiveness.
• Create and maintain disaster recovery and business continuity plans.
• Drive security awareness and training initiatives across the organization.

Qualifications

• At least 5 years of experience in IT security engineering or infrastructure security roles.
• Proven track record of building corporate security infrastructure from the ground up.
• Strong automation (for example n8n, getcakewalk, Slack workflows, jumpcloud,, etc) and basic REST API knowledge.
• Deep understanding of IT security operations (SecOps) best practices and frameworks.
• Strong engineering background with experience in infrastructure design and implementation.
• Hands-on experience with Google Workspace administration and security configuration.
• Expert knowledge of identity and access management, including user provisioning and deprovisioning workflows.
• Experience with SSO, SAML, OIDC, and identity federation technologies.
• Knowledge of Docker.
• Experience with IAM automation and orchestration.
• Understanding of compliance frameworks (SOC 2, ISO 27001, etc.).

Nice to have

• Experience with automated user provisioning from Google Workspace to other services.
• Knowledge of zero-trust architecture principles.
• Basic knowledge of Typescript.
• Previous experience in a startup or high-growth environment.

Location

Ruby Labs operates within the CET (Central European Time) zone. Applicants from any country are welcome to apply for the position as long as they are located within approximately ± 4 hours of CET. This ensures optimal collaboration and communication during working hours.

Benefits

Discover the perks of being part of our vibrant team! We offer:

• Remote Work Environment: Embrace the freedom to work from anywhere, anytime, promoting a healthy work-life balance.
• Unlimited PTO: Enjoy unlimited paid time off to recharge and prioritize your well-being, without counting days.
• Paid National Holidays: Celebrate and relax on national holidays with paid time off to unwind and recharge.
• Company-provided MacBook: Experience seamless productivity with top-notch Apple MacBooks provided to all employees who need them.
• Flexible Independent Contractor Agreement: Unlock the benefits of flexibility, autonomy, and entrepreneurial opportunities. Benefit from tax advantages, networking opportunities, reduced employment obligations, and the freedom to work from anywhere. Read more about it here: https://docs.google.com/document/d/1tzxGX4Uu7Ts_HCLFXESKLnKaaBfVCPf1f9AYZPrkjJM/preview?tab=t.0

Be part of our fast-growing team and seize this excellent opportunity for personal and professional growth!

Interview Process

After submitting your application, we conduct a thorough review which typically takes 3 to 5 days, but may occasionally take longer due to the volume of applications received. If we see a potential fit, we proceed with the following steps:

• Recruiter Screening (40 minutes)
• Technical Interview (40 minutes)
• Final Interview (40 minutes)

Life at Ruby Labs

At Ruby Labs, we move fast, aim high, and expect the same from our team. We’re not here to play small—we’re here to build, grow, and win. That means we look for people who are ambitious, driven, and ready to give their best every single day.

This is a place for individuals who thrive under pressure, embrace challenges, and see opportunity in every obstacle. If you’re hungry to achieve, motivated by impact, and want to grow at the speed of your own ambition, Ruby Labs offers the platform to make it happen.

Here, effort is matched with reward. We recognize those who go all in and deliver results, and we create space for people who want more—more responsibility, more growth, and more success.

Are you passionate about making the internet a safer place? We are looking for a Middle Security Operations Researcher to join our team and help protect enterprise clients from harmful bots and online threats. This is a remote, full-time role that offers the opportunity to work directly with global customers, analyzing traffic patterns and neutralizing malicious activity.

At Sigma Software, we value expertise, ownership, and proactive communication. You will collaborate with a diverse international team while enjoying the flexibility of working from anywhere.

Why join us? You will work on impactful cybersecurity projects, gain exposure to cutting-edge analytics tools, and contribute to safeguarding digital ecosystems worldwide.

CUSTOMER
Our customer is a global provider of comprehensive security solutions, protecting individuals, organizations, and communities from a wide range of risks, particularly in the digital space. Their enterprise-focused products specialize in bot defense and invalid traffic detection, helping clients safeguard critical systems and maintain operational integrity.

PROJECT
The project focuses on real-time threat detection and bot mitigation for enterprise-scale clients. Security Operations Researchers collaborate directly with customers, leveraging advanced analytics platforms to identify malicious traffic patterns and neutralize online threats. This dynamic environment requires both technical expertise and strong communication skills.

JOB DESCRIPTION:

• Provide Tier 2 technical support to customers in real time, delivering clear and professional responses
• Analyze logs, graphs, and dashboards, isolating and investigating data using tools like Kibana
• Manage and organize cases, tickets, and requests in Salesforce
• Perform back-office tasks, including writing and maintaining suspicious field expressions
• Write and optimize SQL queries for data retrieval, analysis, and manipulation in BigQuery
• Communicate with global customers, ensuring timely responses and effective issue resolution
• Work in a shift-based schedule, including weekend shifts

QUALIFICATION:

• 2+ years of experience with data analysis
• Strong understanding of log analysis, APIs, and client-server architecture
• Proficient in SQL, including BigQuery SQL
• Knowledge of HTML, JavaScript, and HTTP request methods
• Strong troubleshooting and problem-solving skills

• Experience in customer support, including direct communication with clients; professionalism and politeness are essential

   

WILL BE A PLUS:

• Experience in a Cybersecurity Analyst/Researcher role, ideally supporting external customers in threat detection and response
• Experience in web security and security research: web application security, bot management, fraud detection
• Basic Python skills
• Experience with Kibana

PERSONAL PROFILE:

• Good English (speaking/writing)
• High level of responsibility and ownership
• Ability to work independently with minimal supervision
• Planning and decision-making skills with considerations for multiple integrated systems
• Proactive communicator who keeps stakeholders informed without being prompted

Work schedule: 40 hours per week, 5 days per week. Workdays can be adjusted to start earlier or later, including weekends if necessary.

Additional info: There may be 1–2 business trips per year to Tel Aviv.

About Us

We’re a young startup, Lovat Compliance — a global tax & compliance technology provider specialising in EPR, VAT, sales tax and cross‑border compliance for e‑commerce businesses. We’re not yet a giant corporation, and much of what we will build is still ahead of us. We need someone who understands that things aren’t perfect yet, is comfortable being the one who owns the space, and who can help us build things from the ground up.

What You’ll Do

• Establish and maintain our data‑security and information‑security programme from scratch: policies, standards, procedures tailored to our platform and services.
• Perform regular risk assessments, vulnerability scans and data‑protection audits; identify gaps and lead remediation.
• Be the owner of incident response: detection, containment, investigation and reporting of security events.
• Collaborate closely with IT development and compliance teams so that data‑protection is embedded into product development and operations.
• Manage data‑handling and access controls across the organisation — ensuring our client and platform data are processed securely.
• Run training and awareness programmes for staff on data‑security, privacy regulation (e.g., GDPR) and secure behaviours.

• Keep an eye on emerging threats, security trends and regulatory developments relevant to e‑commerce, EPR/VAT/sales‑tax platforms, and advise on what changes we need to make.

   

What We Are Looking For

• Minimum 1.5 years of experience in a role related to data security, information security or risk management — ideally within SaaS, e‑commerce or cloud‑based platforms.
• Good knowledge of data‑protection laws (e.g., UK/EU GDPR), information‑security frameworks (e.g., ISO 27001, NIST) and data‑security best practices.
• Proven experience with risk assessments, incident response and security audits.
• Excellent communication skills — able to explain security concepts to both technical and non‑technical people.

• We’re looking for someone grounded and realistic — who understands that perfection isn’t necessary, who can work independently to build things, and who’ll sleep well at night knowing things are secure even if the system isn’t «perfect».

   

Will be an advantage:

• A bachelor’s degree (or equivalent experience) in Computer Science, Information Security, Cybersecurity or a related discipline.
• Certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor or similar.

• Familiarity with cloud platforms like Google Cloud (GCP) and/or Amazon Web Services (AWS).

   

What We Offer

• Competitive salary: €1,000 - €1,700 (remote contract)
• Opportunity to work in a fast‑growing startup with global ambitions.
• Fully remote working model — flexibility and autonomy.
• Professional development opportunities and support.

Who we are:
Selesa offers IT outsourcing, specialist out-staffing, and project management services to enhance business operations. We focus on providing skilled professionals for IT needs, including development, security consulting, and business development. Selesa also manages sales, account management, and human resources to support company growth. Our services are known for efficiency, quality, and strong communication, making us a trusted partner for businesses looking to streamline and secure their IT infrastructure. Originated in Vilnius, Lithuania, we cater to global clients.

Who we are looking for:

We’re looking for a Junior Security Operations Assistant, working alongside experienced professionals to protect our clients from cyber threats. In this role, you’ll be at the forefront of defending our clients’ networks, gaining hands-on experience, and contributing to a safer digital landscape. 

Responsibilities

• Assist with daily security monitoring and SOC activities
• Review security alerts and escalate issues when required
• Help with log collection and analysis
• Support incident documentation and reporting
• Assist with vulnerability tracking and follow-ups
• Help maintain security and ISO 27001 documentation
• Support internal audits, evidence collection, and basic security tests
• Follow security policies and procedures

Requirements

• Proficiency in English 
• Basic knowledge of Linux (command line, logs, permissions)
• Basic understanding of cybersecurity concepts (phishing, malware, attacks)
• Awareness of SOC operations and incident escalation
• Basic understanding of networking concepts (ports, protocols, firewalls)
• Willingness to learn security tools and processes
• Good attention to detail and documentation skills
• Junior / Entry-level
• 0–2 years of experience in IT, SOC, or cybersecurity-related roles
• Education, training, or internships in IT/security are acceptable
• Strong attention to detail and teamwork skills.

• Ability to meet deadlines in a fast-paced environment

   

Nice to Have 

• Basic scripting (Bash or Python)
• Exposure to SIEM or endpoint security tools
• Familiarity with security frameworks
• Entry-level security certifications (e.g., Security+)

What we offer:

• Fully remote position with a flexible schedule
• Long-term opportunity with potential for financial and career advancement

• Supportive and positive work culture, collaborating with like-minded teammates

   

When submitting your application, please make sure to include your responses to the following screening questions in your COVER LETTER:

1. Please explain to us your level of spoken/written English. Just rank it from 1 to 10, where 10 means a Native Speaker; 8-9 means a Near Native Speaker; 6-7 means Fluent Speaker; under 6 any further levels.
2. How would you approach assessing and mitigating the risks associated with a new software or system implementation?
3. What methods or tools do you use to stay updated with the latest cybersecurity threats and trends?
4. What are your Monthly salary expectations for a long-term, full-time position (if we consider 40 hours a week)?

This is us

At Avenga, we believe that human creativity empowers technology that matters. Operating globally, our 6000+ specialists provide a full spectrum of services, including business and tech advisory, enterprise solutions, CX, UX and Ul design, managed services, product development, and software development.
 

This is the job
 

We are looking for a DevSecOps Engineer to lead security-by-design practices across GitLab CI/CD. You will help enforce application security, compliance, and delivery reliability through automation, vulnerability management, and secure SDLC standards. This role includes transitioning legacy security tools to GitLab-native capabilities and working closely with InfoSec, Cloud Platform, and Product teams.

This is you

• Proven experience with GitLab Ultimate security features and CI/CD administration
• Hands-on with SAST, DAST, SCA, container scanning, and secret detection in automated pipelines
• Practical experience with SCA tools like BlackDuck, Nexus Lifecycle, Snyk
• Familiar with SonarQube for code quality
• Strong scripting/automation skills in Python, Bash, YAML
• Solid fundamentals in container and cloud security (Docker, Kubernetes, image scanning, registry hardening)
• Experience with threat modeling, risk assessment, and remediation planning

Nice-to-have skills:

• Relevant certifications: DevSecOps Professional, CKS, Security+, or equivalent
• IaC security tooling experience (Terraform + OPA, Conftest, Checkov)
• Knowledge of software supply chain security, including SBOM, Cosign, and SLSA
• Familiarity with DORA metrics and security KPI reporting

This is your role

• Drive secure-by-design guardrails across GitLab CI/CD
• Implement and maintain automated security scanning: SAST, DAST, SCA, container, and secret detection
• Enforce policy-as-code (branch protection, MR approvals, vulnerability gates, artifact signing)
• Manage vulnerability lifecycle: periodic assessments, triage, remediation planning, and tracking to closure
• Collaborate with engineering and product stakeholders to prioritize security fixes
• Align controls with CIS, NIST, and (if applicable) GDPR
• Enable audit-ready reporting, SBOM generation, and security KPIs in observability dashboards
• Implement secure IaC using Terraform/Ansible and apply least-privilege and zero-trust patterns
• Harden CI/CD infrastructure: build runners, container images, registries, and deployment targets
• Champion shift-left security via training, playbooks, and standardized toolchains
• Document security runbooks and contribute to SDLC harmonization standards

Description

We are looking for a Senior DevSecOps who will help make our cloud infrastructure safe, stable, and automated. You will work together with the development, platform, and security teams to add security at every step of product creation.

This is a great chance to grow in security automation, improve processes, and bring modern DevSecOps practices into the company.

Requirements
Must-Have Skills

5+ years of hands-on experience in DevOps / DevSecOps / Cloud Engineering roles;

Deep expertise with AWS services (IAM, VPC, CloudTrail, GuardDuty, KMS, WAF);

Proven experience with Kubernetes security — RBAC, network segmentation, image scanning, Falco or similar runtime security tools;

Strong proficiency in Infrastructure-as-Code tools, particularly Terraform (modules, state management, policy as code);

Experience managing CI/CD pipelines on GitHub Actions with integrated vulnerability scanning and secret protection;

Solid knowledge of Cloudflare security suite (Zero Trust, WAF, DNS, Access, API Gateway rules);

Familiarity with SSO and MFA solutions (DUO SSO, OIDC flows, federation via SAML);

Scripting and automation using Python, Bash, or Go;

Strong understanding of network security, TLS management, logging, and monitoring pipelines;

Excellent collaboration and communication skills, with the ability to work effectively with cross-functional engineering and compliance teams.

Nice-to-Have

Experience with policy-as-code frameworks (OPA, Conftest, Terraform Cloud Policies);

Hands-on knowledge of container security scanners (Trivy, Aqua, Anchore, Grype);

Exposure to SIEM / SOC integrations;

Familiarity with compliance frameworks (ISO 27001, NIST CSF, CIS Benchmarks);

Relevant certifications (AWS Security Specialty, Terraform Associate, CISSP, or DevSecOps certifications).

Responsibilities
Integrate security practices (SAST, DAST, SCA, secret management, compliance checks, etc) directly into CI pipelines on GitHub;

Build and manage infrastructure using Terraform (IaC) with a strong focus on least privilege, encryption, and auditing;

Strengthen security across Kubernetes clusters (RBAC, network policies, Falco runtime threat detection);

Implement security automation and continuous monitoring for vulnerabilities, misconfigurations, and drift in AWS + Kubernetes environments;

Collaborate closely with Development, Platform, SRE, Cloud Delivery Engineers, and Security teams to embed “security-by-design” principles throughout SDLC;

Conduct threat modeling, risk assessments, and incident response for cloud and container workloads;

Drive adoption of DevSecOps best practices, mentor team members, and promote a proactive security culture;

Continuously research and implement new security tools, policies, and automation opportunities to improve visibility and resilience.

Benefits

Why Join Us?

🎰 Be part of the international iGaming industry – Work with a top European solution provider and shape the future of online gaming;

💕 A Collaborative Culture – Join a supportive and understanding team;

💰 Competitive salary and bonus system – Enjoy additional rewards on top of your base salary;

📆 Unlimited vacation & sick leave – Because we prioritize your well-being;

📈 Professional Development – Access a dedicated budget for self-development and learning;

🏥 Healthcare coverage – Available for employees in Ukraine and compensation across the EU;

🫂 Mental health support – Free consultations with a corporate psychologist;

🇬🇧 Language learning support – We cover the cost of foreign language courses;

🎁 Celebrating Your Milestones – Special gifts for life’s important moments;

⏳ Flexible working hours – Start your day anytime between 9:00-11:00 AM;

🏢 Flexible Work Arrangements – Choose between remote, office, or hybrid work;

🖥 Modern Tech Setup – Get the tools you need to perform at your best;

🚚 Relocation support – Assistance provided if you move to one of our hubs.

PrivatBank is the largest bank in Ukraine and one of the most innovative banks around the world. It holds a leading position for all the financial indicators in the area and comprises about a quarter of the whole banking system of our country.

We are looking for an Application Security Engineer. We are searching for the person who seeks to work in a dynamic environment and shares the values of initiative, openness and mutual trust.

We are striving to find a goal-oriented and multitask professional who would be focused on making good results and high quality.

Requirements:

• At least 3 years of experience in application security or related fields such as penetration testing and security architecture
• Proficiency in using security scanners such as SAST, DAST, SCA, Secret Detection, and Container scanning
• Experience integrating security scanners in CI/CD pipelines using Jenkins for GitLab
• Certifications such as CEH, OSCP, CSSLP, AWS Certified Security Specialty, etc. is preferred
• Background in software development, including roles such as Developer, Business Analyst, Architect, DevOps, etc
• Knowledge of Secure Software Development Life Cycle (S-SDLC) and frameworks like OWASP SAMM, BSIM, and Microsoft SDL
• Familiarity with the software development process and stages
• Basic understanding of software code
• Knowledge of key infrastructure components like databases, queues, application servers, load balancers, NoSQL, etc
• Understanding of major types of vulnerabilities
• Understanding of software architecture
• Knowledge of network protocols such as DNS, HTTP/S, SMTP, SSH, and FTP
• Ability to independently research information and solve complex problems
• Critical thinking skills

Responsibilities:

• Conduct security audits using the OWASP SAMM framework to assess current practices, identify gaps, and evaluate compliance levels within the organization
• Develop and implement strategic plans aimed at enhancing security maturity levels throughout the organization, with gradual improvements
• Application security governance and metrics
• Collaborate with various team members, including developers and top management, to advocate and implement application security best practices
• Improve our application security management platform
• Manage security architecture, focusing on integrating security at every stage of the software development lifecycle
• Integrate and oversee security automation tools to enhance security processes and reduce manual error
• Oversee security testing across various stages of software development to identify and mitigate potential security vulnerabilities
• Engage in threat modeling activities to predict and neutralize potential security threats before they impact the system
• Ensure compliance with relevant industry standards and regulations by regularly updating security policies and standards
• Track and manage software defects to ensure timely resolution of security-related issues
• Develop and conduct training and awareness programs to enhance security knowledge and practices across the organization
• Spearhead the secure integration of CI/CD practices into software development processes to ensure continuous security
• Use cloud services for application security

We offer:

• Work in the largest and most innovative bank of Ukraine
• Official employment and 24+4 calendar days of vacation
• Sick leave compensation
• Medical Insurance
• Competitive salary
• Bonuses, premium according to company policy
• Corporate training
• Modern comfortable office
• Interesting projects, ambitious tasks and dynamic growth
• Corporate financial assistance in critical situations
• A friendly professional and strong team
• Possibility of remote work format

PrivatBank is open to support and employ veterans and people with disabilities.

We believe that discrimination due to health conditions, physical abilities, age, race and ethnicity, gender or marital status is unacceptable.

We are ready to train veterans and candidates with disabilities without banking experience.

Head of Cybersecurity Product Management 

Softprom

Europe / CEE | Hybrid or Remote
Full-time
IT Distributor / VAD (Cybersecurity & Enterprise IT)

About Softprom

Softprom is an international IT distributor and value-added partner operating across Central and Eastern Europe, CIS, and neighboring regions.
We work with leading global vendors in Cybersecurity, Cloud, Infrastructure, and Enterprise IT, helping partners and customers build secure, scalable solutions.

We are now looking for a Head of Cybersecurity Product Management to lead and develop our cybersecurity product portfolio and team.

About the role

This is a senior leadership role for an experienced B2B product professional who understands IT distribution and cybersecurity markets.

You will be responsible for product strategy, portfolio development, vendor management, and people leadership, acting as a key link between vendors, sales, marketing, pre-sales, and top management.

We are looking for a system-oriented leader who builds processes and teams — not someone who tries to do everything alone.

Key responsibilities

• Lead and develop a team of Product Managers (2–3+ people)
   
• Own and manage the cybersecurity product portfolio (multiple vendors and solutions)
   
• Build and optimize product management processes, including:
   
  • onboarding and launch of new vendors
     
  • product lifecycle management
     
  • cross-functional collaboration with Sales, Marketing, and Pre-Sales
     
• Act as the main point of contact for cybersecurity vendors (local and international)
   
• Define product strategy, positioning, and go-to-market approach
   
• Participate in:
   
  • pricing and margin strategy
     
  • sales forecasting and pipeline planning
     
  • product P&L ownership
     
• Set goals and KPIs for product managers, conduct performance reviews and mentoring
   
• Represent the product function in communication with top management
  
   

Requirements (Must-have)

Experience & Expertise

• 5+ years of experience in B2B IT product management
   
• 2+ years of experience managing product managers (team lead / head role)
   
• Hands-on experience working with:
   
  • IT vendors (local and/or international)
     
  • multi-product portfolios
     
• Strong understanding of the cybersecurity market, including:
   
  • solution categories (NGFW, EDR/XDR, IAM, SIEM, DLP, SASE, etc.)
     
  • competitive landscape
     
  • typical customer use cases
    
     

Management & Business Skills

• Ability to:
   
  • set goals and KPIs
     
  • prioritize products and initiatives
     
  • develop people through mentoring and performance management
     
• Proven experience building and improving product processes
   
• Solid business mindset with understanding of:
   
  • product P&L
     
  • go-to-market strategy
     
  • pricing and positioning
     
  • sales forecasting
     
• Confident working with numbers: pipeline, funnel, margins
  
   

Communication

• Strong negotiation and stakeholder management skills
   
• Ability to speak the same language with:
   
  • vendors
     
  • sales teams
     
  • technical experts
     
  • executive management
    
     
• English — Upper-Intermediate or higher (negotiations, presentations, documentation)
  
   

Nice to have

• Experience working in a distributor or VAD
   
• Exposure to regional markets (CEE, CIS, Baltics)
   
• Experience launching new vendors or products from scratch
   
• Understanding of partner ecosystem:
   
  • resellers
     
  • system integrators
     
  • MSPs
     
• Relevant certifications:
   
  • CISSP / CISM
     
  • vendor certifications
    
     

Personal qualities

• High level of ownership and accountability
• Ability to work effectively in ambiguous and changing environments
• Proactive, results-oriented mindset
• Natural authority without micromanagement
• Strong multitasking and prioritization skills
  
   

Why Softprom

• Strategic leadership role with real influence on business results
• Mature B2B environment and international vendor portfolio
• Opportunity to shape and scale cybersecurity business across regions
• Professional, experienced team
• Long-term growth and stability
   

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a talented and motivated Junior Pentester who will join our security team to work on penetration testing and vulnerability/cloud security assessment projects.

We expect a short motivation letter where you can explain your skills, achievements and motivation.

Required skills

- Solid non-commercial cybersecurity experience, such as HTB/THM

- Junior-level cybersecurity certifications would be a plus.

- Comfortable with basic application security testing and common vulnerabilities (like OWASP Top 10, CWE Top 25) and cybersecurity fundamentals

- Strong basic IT skills: Linux, networking (TCP/IP, DNS, HTTP etc.)

- Some experience in scripting/coding languages, such as Java, JS, Python, Shell, etc.

- Strong drive to learn and develop cybersecurity skills

- Technical English (Intermediate)

We offer

- Good salary + bonus system

- Rewarding environment: brilliant team ready to share knowledge and collaborate

- Support in obtaining professional certifications, such as BSCP, OSCP, eWPTX, cloud certifications, etc.

- Courses and conferences which are relevant to the position are sponsored by the company.

- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Execute penetration tests and security assessments as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more

- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps

- Conduct security research

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a Middle/Senior Security Consultant / Penetration tester to work on and lead penetration testing and vulnerability/cloud security assessment projects.

In this role, you will work on technically challenging projects and also spend some time leading/mentoring our junior pentesting colleagues.

Required skills

- 1.5+ years of intensive commercial experience

- OSCP, eWPTx2 or similar would be a plus

- Scripting/coding skills and being comfortable with advanced pentesting tooling

- Strong knowledge of mobile/web security

- Comfortable with cloud and container security

- Basic RE skills

- Ability to mentor/lead colleagues

- Strong ability and drive to learn and develop cybersecurity skills

- Technical English (Intermediate+)

We offer

- Good salary + bonus system

- Diverse project portfolio and technologies to work with

- Rewarding environment: brilliant team ready to share knowledge and collaborate

- Courses and conferences which are relevant to the position are sponsored by the company.

- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Participate in various pentesting projects

- Lead junior colleagues

- Perform threat modeling in pentesting and security assessment projects

- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps

- Consult clients on efficient issues remediation

- Conduct security researches

- Develop tools and scripts to automate and improve current pentesting processes