Jobs Security

Who we are:
Selesa offers IT outsourcing, specialist out-staffing, and project management services to enhance business operations. We focus on providing skilled professionals for IT needs, including development, security consulting, and business development. Selesa also manages sales, account management, and human resources to support company growth. Our services are known for efficiency, quality, and strong communication, making us a trusted partner for businesses looking to streamline and secure their IT infrastructure. Originated in Vilnius, Lithuania, we cater to global clients.

Who we are looking for:

We’re looking for a Junior Security Operations Assistant, working alongside experienced professionals to protect our clients from cyber threats. In this role, you’ll be at the forefront of defending our clients’ networks, gaining hands-on experience, and contributing to a safer digital landscape. 

Responsibilities

• Assist with daily security monitoring and SOC activities
• Review security alerts and escalate issues when required
• Help with log collection and analysis
• Support incident documentation and reporting
• Assist with vulnerability tracking and follow-ups
• Help maintain security and ISO 27001 documentation
• Support internal audits, evidence collection, and basic security tests
• Follow security policies and procedures

Requirements

• Proficiency in English 
• Basic knowledge of Linux (command line, logs, permissions)
• Basic understanding of cybersecurity concepts (phishing, malware, attacks)
• Awareness of SOC operations and incident escalation
• Basic understanding of networking concepts (ports, protocols, firewalls)
• Willingness to learn security tools and processes
• Good attention to detail and documentation skills
• Junior / Entry-level
• 0–2 years of experience in IT, SOC, or cybersecurity-related roles
• Education, training, or internships in IT/security are acceptable
• Strong attention to detail and teamwork skills.

• Ability to meet deadlines in a fast-paced environment

   

Nice to Have 

• Basic scripting (Bash or Python)
• Exposure to SIEM or endpoint security tools
• Familiarity with security frameworks
• Entry-level security certifications (e.g., Security+)

What we offer:

• Fully remote position with a flexible schedule
• Long-term opportunity with potential for financial and career advancement

• Supportive and positive work culture, collaborating with like-minded teammates

   

When submitting your application, please make sure to include your responses to the following screening questions in your COVER LETTER:

1. Please explain to us your level of spoken/written English. Just rank it from 1 to 10, where 10 means a Native Speaker; 8-9 means a Near Native Speaker; 6-7 means Fluent Speaker; under 6 any further levels.
2. How would you approach assessing and mitigating the risks associated with a new software or system implementation?
3. What methods or tools do you use to stay updated with the latest cybersecurity threats and trends?
4. What are your Monthly salary expectations for a long-term, full-time position (if we consider 40 hours a week)?

This is us

At Avenga, we believe that human creativity empowers technology that matters. Operating globally, our 6000+ specialists provide a full spectrum of services, including business and tech advisory, enterprise solutions, CX, UX and Ul design, managed services, product development, and software development.
 

This is the job
 

We are looking for a DevSecOps Engineer to lead security-by-design practices across GitLab CI/CD. You will help enforce application security, compliance, and delivery reliability through automation, vulnerability management, and secure SDLC standards. This role includes transitioning legacy security tools to GitLab-native capabilities and working closely with InfoSec, Cloud Platform, and Product teams.

This is you

• Proven experience with GitLab Ultimate security features and CI/CD administration
• Hands-on with SAST, DAST, SCA, container scanning, and secret detection in automated pipelines
• Practical experience with SCA tools like BlackDuck, Nexus Lifecycle, Snyk
• Familiar with SonarQube for code quality
• Strong scripting/automation skills in Python, Bash, YAML
• Solid fundamentals in container and cloud security (Docker, Kubernetes, image scanning, registry hardening)
• Experience with threat modeling, risk assessment, and remediation planning

Nice-to-have skills:

• Relevant certifications: DevSecOps Professional, CKS, Security+, or equivalent
• IaC security tooling experience (Terraform + OPA, Conftest, Checkov)
• Knowledge of software supply chain security, including SBOM, Cosign, and SLSA
• Familiarity with DORA metrics and security KPI reporting

This is your role

• Drive secure-by-design guardrails across GitLab CI/CD
• Implement and maintain automated security scanning: SAST, DAST, SCA, container, and secret detection
• Enforce policy-as-code (branch protection, MR approvals, vulnerability gates, artifact signing)
• Manage vulnerability lifecycle: periodic assessments, triage, remediation planning, and tracking to closure
• Collaborate with engineering and product stakeholders to prioritize security fixes
• Align controls with CIS, NIST, and (if applicable) GDPR
• Enable audit-ready reporting, SBOM generation, and security KPIs in observability dashboards
• Implement secure IaC using Terraform/Ansible and apply least-privilege and zero-trust patterns
• Harden CI/CD infrastructure: build runners, container images, registries, and deployment targets
• Champion shift-left security via training, playbooks, and standardized toolchains
• Document security runbooks and contribute to SDLC harmonization standards

Description

We are looking for a Senior DevSecOps who will help make our cloud infrastructure safe, stable, and automated. You will work together with the development, platform, and security teams to add security at every step of product creation.

This is a great chance to grow in security automation, improve processes, and bring modern DevSecOps practices into the company.

Requirements
Must-Have Skills

5+ years of hands-on experience in DevOps / DevSecOps / Cloud Engineering roles;

Deep expertise with AWS services (IAM, VPC, CloudTrail, GuardDuty, KMS, WAF);

Proven experience with Kubernetes security — RBAC, network segmentation, image scanning, Falco or similar runtime security tools;

Strong proficiency in Infrastructure-as-Code tools, particularly Terraform (modules, state management, policy as code);

Experience managing CI/CD pipelines on GitHub Actions with integrated vulnerability scanning and secret protection;

Solid knowledge of Cloudflare security suite (Zero Trust, WAF, DNS, Access, API Gateway rules);

Familiarity with SSO and MFA solutions (DUO SSO, OIDC flows, federation via SAML);

Scripting and automation using Python, Bash, or Go;

Strong understanding of network security, TLS management, logging, and monitoring pipelines;

Excellent collaboration and communication skills, with the ability to work effectively with cross-functional engineering and compliance teams.

Nice-to-Have

Experience with policy-as-code frameworks (OPA, Conftest, Terraform Cloud Policies);

Hands-on knowledge of container security scanners (Trivy, Aqua, Anchore, Grype);

Exposure to SIEM / SOC integrations;

Familiarity with compliance frameworks (ISO 27001, NIST CSF, CIS Benchmarks);

Relevant certifications (AWS Security Specialty, Terraform Associate, CISSP, or DevSecOps certifications).

Responsibilities
Integrate security practices (SAST, DAST, SCA, secret management, compliance checks, etc) directly into CI pipelines on GitHub;

Build and manage infrastructure using Terraform (IaC) with a strong focus on least privilege, encryption, and auditing;

Strengthen security across Kubernetes clusters (RBAC, network policies, Falco runtime threat detection);

Implement security automation and continuous monitoring for vulnerabilities, misconfigurations, and drift in AWS + Kubernetes environments;

Collaborate closely with Development, Platform, SRE, Cloud Delivery Engineers, and Security teams to embed “security-by-design” principles throughout SDLC;

Conduct threat modeling, risk assessments, and incident response for cloud and container workloads;

Drive adoption of DevSecOps best practices, mentor team members, and promote a proactive security culture;

Continuously research and implement new security tools, policies, and automation opportunities to improve visibility and resilience.

Benefits

Why Join Us?

🎰 Be part of the international iGaming industry – Work with a top European solution provider and shape the future of online gaming;

💕 A Collaborative Culture – Join a supportive and understanding team;

💰 Competitive salary and bonus system – Enjoy additional rewards on top of your base salary;

📆 Unlimited vacation & sick leave – Because we prioritize your well-being;

📈 Professional Development – Access a dedicated budget for self-development and learning;

🏥 Healthcare coverage – Available for employees in Ukraine and compensation across the EU;

🫂 Mental health support – Free consultations with a corporate psychologist;

🇬🇧 Language learning support – We cover the cost of foreign language courses;

🎁 Celebrating Your Milestones – Special gifts for life’s important moments;

⏳ Flexible working hours – Start your day anytime between 9:00-11:00 AM;

🏢 Flexible Work Arrangements – Choose between remote, office, or hybrid work;

🖥 Modern Tech Setup – Get the tools you need to perform at your best;

🚚 Relocation support – Assistance provided if you move to one of our hubs.

Role description:
We are looking for an Information Security Specialist responsible for administering and maintaining security solutions, monitoring security events, and ensuring compliance with security standards across the company.

Key Responsibilities:

• Administer all technical information security solutions used by the company.
• Monitor events in SIEM, DLP, and antivirus (AV) systems.
• Ensure compliance with information security policies in company offices.
• Participate in checking remote employees for compliance with security requirements.
• Respond to security incidents and participate in their handling.
• Manage access across various systems according to the access matrix.
• Maintain and update DLP, SIEM, and other security system rules.
• Analyze the effectiveness of technical solutions used by the company and suggest improvements.
• Participate in developing and implementing the company’s information security strategy.
•  

Requirements:

• Knowledge and experience with security technologies: SIEM, DLP, EDR/XDR, Firewall, etc.
• Experience with Microsoft 365 ecosystem: Active Directory, SharePoint, Exchange.
• Understanding of vulnerability management, IAM, PAM.
• English level B1 or higher (for reading/writing technical documentation and understanding standards).
•  

Preferred:

• Experience in penetration testing.
• Experience in system administration.
• Experience working in a SOC.
• Understanding of international security standards: ISO 27001, ISO 27701, NIST, HIPAA, CIS2.
•  

We Offer:

• Competitive salary
• Opportunities for professional development and certifications
• Work in an international team with a modern IT environment
• Full remote work options

PrivatBank is the largest bank in Ukraine and one of the most innovative banks around the world. It holds a leading position for all the financial indicators in the area and comprises about a quarter of the whole banking system of our country.

We are looking for an Application Security Engineer. We are searching for the person who seeks to work in a dynamic environment and shares the values of initiative, openness and mutual trust.

We are striving to find a goal-oriented and multitask professional who would be focused on making good results and high quality.

Requirements:

• At least 3 years of experience in application security or related fields such as penetration testing and security architecture
• Proficiency in using security scanners such as SAST, DAST, SCA, Secret Detection, and Container scanning
• Experience integrating security scanners in CI/CD pipelines using Jenkins for GitLab
• Certifications such as CEH, OSCP, CSSLP, AWS Certified Security Specialty, etc. is preferred
• Background in software development, including roles such as Developer, Business Analyst, Architect, DevOps, etc
• Knowledge of Secure Software Development Life Cycle (S-SDLC) and frameworks like OWASP SAMM, BSIM, and Microsoft SDL
• Familiarity with the software development process and stages
• Basic understanding of software code
• Knowledge of key infrastructure components like databases, queues, application servers, load balancers, NoSQL, etc
• Understanding of major types of vulnerabilities
• Understanding of software architecture
• Knowledge of network protocols such as DNS, HTTP/S, SMTP, SSH, and FTP
• Ability to independently research information and solve complex problems
• Critical thinking skills

Responsibilities:

• Conduct security audits using the OWASP SAMM framework to assess current practices, identify gaps, and evaluate compliance levels within the organization
• Develop and implement strategic plans aimed at enhancing security maturity levels throughout the organization, with gradual improvements
• Application security governance and metrics
• Collaborate with various team members, including developers and top management, to advocate and implement application security best practices
• Improve our application security management platform
• Manage security architecture, focusing on integrating security at every stage of the software development lifecycle
• Integrate and oversee security automation tools to enhance security processes and reduce manual error
• Oversee security testing across various stages of software development to identify and mitigate potential security vulnerabilities
• Engage in threat modeling activities to predict and neutralize potential security threats before they impact the system
• Ensure compliance with relevant industry standards and regulations by regularly updating security policies and standards
• Track and manage software defects to ensure timely resolution of security-related issues
• Develop and conduct training and awareness programs to enhance security knowledge and practices across the organization
• Spearhead the secure integration of CI/CD practices into software development processes to ensure continuous security
• Use cloud services for application security

We offer:

• Work in the largest and most innovative bank of Ukraine
• Official employment and 24+4 calendar days of vacation
• Sick leave compensation
• Medical Insurance
• Competitive salary
• Bonuses, premium according to company policy
• Corporate training
• Modern comfortable office
• Interesting projects, ambitious tasks and dynamic growth
• Corporate financial assistance in critical situations
• A friendly professional and strong team
• Possibility of remote work format

PrivatBank is open to support and employ veterans and people with disabilities.

We believe that discrimination due to health conditions, physical abilities, age, race and ethnicity, gender or marital status is unacceptable.

We are ready to train veterans and candidates with disabilities without banking experience.

Head of Cybersecurity Product Management 

Softprom

Europe / CEE | Hybrid or Remote
Full-time
IT Distributor / VAD (Cybersecurity & Enterprise IT)

About Softprom

Softprom is an international IT distributor and value-added partner operating across Central and Eastern Europe, CIS, and neighboring regions.
We work with leading global vendors in Cybersecurity, Cloud, Infrastructure, and Enterprise IT, helping partners and customers build secure, scalable solutions.

We are now looking for a Head of Cybersecurity Product Management to lead and develop our cybersecurity product portfolio and team.

About the role

This is a senior leadership role for an experienced B2B product professional who understands IT distribution and cybersecurity markets.

You will be responsible for product strategy, portfolio development, vendor management, and people leadership, acting as a key link between vendors, sales, marketing, pre-sales, and top management.

We are looking for a system-oriented leader who builds processes and teams — not someone who tries to do everything alone.

Key responsibilities

• Lead and develop a team of Product Managers (2–3+ people)
   
• Own and manage the cybersecurity product portfolio (multiple vendors and solutions)
   
• Build and optimize product management processes, including:
   
  • onboarding and launch of new vendors
     
  • product lifecycle management
     
  • cross-functional collaboration with Sales, Marketing, and Pre-Sales
     
• Act as the main point of contact for cybersecurity vendors (local and international)
   
• Define product strategy, positioning, and go-to-market approach
   
• Participate in:
   
  • pricing and margin strategy
     
  • sales forecasting and pipeline planning
     
  • product P&L ownership
     
• Set goals and KPIs for product managers, conduct performance reviews and mentoring
   
• Represent the product function in communication with top management
  
   

Requirements (Must-have)

Experience & Expertise

• 5+ years of experience in B2B IT product management
   
• 2+ years of experience managing product managers (team lead / head role)
   
• Hands-on experience working with:
   
  • IT vendors (local and/or international)
     
  • multi-product portfolios
     
• Strong understanding of the cybersecurity market, including:
   
  • solution categories (NGFW, EDR/XDR, IAM, SIEM, DLP, SASE, etc.)
     
  • competitive landscape
     
  • typical customer use cases
    
     

Management & Business Skills

• Ability to:
   
  • set goals and KPIs
     
  • prioritize products and initiatives
     
  • develop people through mentoring and performance management
     
• Proven experience building and improving product processes
   
• Solid business mindset with understanding of:
   
  • product P&L
     
  • go-to-market strategy
     
  • pricing and positioning
     
  • sales forecasting
     
• Confident working with numbers: pipeline, funnel, margins
  
   

Communication

• Strong negotiation and stakeholder management skills
   
• Ability to speak the same language with:
   
  • vendors
     
  • sales teams
     
  • technical experts
     
  • executive management
    
     
• English — Upper-Intermediate or higher (negotiations, presentations, documentation)
  
   

Nice to have

• Experience working in a distributor or VAD
   
• Exposure to regional markets (CEE, CIS, Baltics)
   
• Experience launching new vendors or products from scratch
   
• Understanding of partner ecosystem:
   
  • resellers
     
  • system integrators
     
  • MSPs
     
• Relevant certifications:
   
  • CISSP / CISM
     
  • vendor certifications
    
     

Personal qualities

• High level of ownership and accountability
• Ability to work effectively in ambiguous and changing environments
• Proactive, results-oriented mindset
• Natural authority without micromanagement
• Strong multitasking and prioritization skills
  
   

Why Softprom

• Strategic leadership role with real influence on business results
• Mature B2B environment and international vendor portfolio
• Opportunity to shape and scale cybersecurity business across regions
• Professional, experienced team
• Long-term growth and stability
   

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a talented and motivated Junior Pentester who will join our security team to work on penetration testing and vulnerability/cloud security assessment projects.

We expect a short motivation letter where you can explain your skills, achievements and motivation.

Required skills

- Solid non-commercial cybersecurity experience, such as HTB/THM

- Junior-level cybersecurity certifications would be a plus.

- Comfortable with basic application security testing and common vulnerabilities (like OWASP Top 10, CWE Top 25) and cybersecurity fundamentals

- Strong basic IT skills: Linux, networking (TCP/IP, DNS, HTTP etc.)

- Some experience in scripting/coding languages, such as Java, JS, Python, Shell, etc.

- Strong drive to learn and develop cybersecurity skills

- Technical English (Intermediate)

We offer

- Good salary + bonus system

- Rewarding environment: brilliant team ready to share knowledge and collaborate

- Support in obtaining professional certifications, such as BSCP, OSCP, eWPTX, cloud certifications, etc.

- Courses and conferences which are relevant to the position are sponsored by the company.

- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Execute penetration tests and security assessments as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more

- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps

- Conduct security research

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a Middle/Senior Security Consultant / Penetration tester to work on and lead penetration testing and vulnerability/cloud security assessment projects.

In this role, you will work on technically challenging projects and also spend some time leading/mentoring our junior pentesting colleagues.

Required skills

- 1.5+ years of intensive commercial experience

- OSCP, eWPTx2 or similar would be a plus

- Scripting/coding skills and being comfortable with advanced pentesting tooling

- Strong knowledge of mobile/web security

- Comfortable with cloud and container security

- Basic RE skills

- Ability to mentor/lead colleagues

- Strong ability and drive to learn and develop cybersecurity skills

- Technical English (Intermediate+)

We offer

- Good salary + bonus system

- Diverse project portfolio and technologies to work with

- Rewarding environment: brilliant team ready to share knowledge and collaborate

- Courses and conferences which are relevant to the position are sponsored by the company.

- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Participate in various pentesting projects

- Lead junior colleagues

- Perform threat modeling in pentesting and security assessment projects

- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps

- Consult clients on efficient issues remediation

- Conduct security researches

- Develop tools and scripts to automate and improve current pentesting processes

We are looking for a Cybersecurity Testing Team Lead to join our team!  

Requirements: 
- 5+ years in offensive security/penetration testing
- 2+ years in a technical leadership role (team lead/principal/tech lead)
Hands-on experience with:
- Web, API, Mobile (iOS/Android) pentesting
- Secure code review (at least one backend language)
- Cloud & infrastructure security testing
- Proven experience working with product teams, not only 'report delivery' 

Will be plus: 
- Advanced Offense
- Red Team/Purple Team experience
- Adversary emulation (MITRE ATT&CK)
- Threat modeling from an attacker’s perspective
- Experience with exploit development or advanced bypass techniques

- Cloud & Platform Security
- AWS (Preferred)
- Kubernetes security testing
- CI/CD attack vectors
- Secrets, identity, and supply chain attacks

Responsibilities:  
Leadership and Team Management:
- Lead and grow the Offensive Security team (pentest/red team)
- Define roles, expectations, and competency levels
- Mentor team members and conduct technical reviews
- Own capacity planning and prioritization 

Offensive Security Operations:
- Own the pentest intake process (Jira-based)
- Ensure consistent coverage:
- Web/API/Mobile
- Cloud/Infra
- Enforce quality standards for test depth, reports, risk assessment, and retesting
- Findings & Risk Management 

Ensure:
- Findings are exploitable, reproducible, and actionable
- False positives are minimized
- Risk is clearly communicated

Our benefits to you:
☘️An exciting and challenging job in a fast-growing holding, the opportunity to be part of a multicultural team of top professionals in Development, Architecture, Management, Operations, Marketing, Legal, Finance and more
🤝🏻Great working atmosphere with passionate experts and leaders, sharing a friendly culture and a success-driven mindset is guaranteed
🧑🏻‍💻Modern corporate equipment based on macOS or Windows and additional equipment are provided
🏖Paid vacations, sick leave, personal events days, days off
💵Referral program — enjoy cooperation with your colleagues and get the bonus
📚Educational programs: regular internal training sessions, compensation for external education, attendance of specialized global conferences
🎯Rewards program for mentoring and coaching colleagues
🗣Free internal English courses
✈️In-house Travel Service 
🦄Multiple internal activities: online platform for employees with quests, gamification, presents and news, clubs for movie / book / pets lovers and more
🎳Other benefits could be added based on your location 

Required hard skills
• Strong understanding of network security (LAN, WAN, VPN, firewalls, IDS/IPS, proxies)
• Experience securing infrastructure (on-prem, cloud, hybrid environments)
• Knowledge of Zero Trust and least-privilege access models
• Experience with endpoint security (EDR, antivirus, disk encryption)
• OS security knowledge: Windows, macOS, Linux
• Experience with monitoring and logging systems (endpoints, servers, network traffic)
• Understanding of authentication, authorization, IAM
• Experience with security hardening and patch management
• Familiarity with security awareness and training platforms
• Basic scripting skills (Bash, PowerShell, Python)
• Understanding of networking protocols (TCP/IP, DNS, HTTP/S)
Required soft skills
• Ability to explain security concepts to non-technical users
• Strong communication and presentation skills
• Proactive and security-first mindset
• High attention to detail
• Ability to influence user behavior and promote security culture

Responsibilities:

• Design and maintain secure network and infrastructure architecture
• Configure and manage firewalls, VPNs, access controls, and network segmentation
• Secure servers, cloud resources, containers, and virtual machines
• Secure employee workstations and enforce security baselines
• Monitor endpoints and infrastructure for suspicious activity
• Collect, analyze, and correlate security logs
• Detect, investigate, and respond to security incidents
• Perform vulnerability analysis, risk assessment, and remediation
• Conduct system and network hardening
• Develop and deliver internal security trainings and awareness sessions
• Manage and maintain security training platforms and learning content
• Organize phishing simulations and awareness campaigns
• Collaborate with IT, DevOps, Infrastructure, and HR teams
• Complete and review clients security questionnaires and security assessment forms to demonstrate the company’s security posture
• Participate in security and compliance calls with client information security specialists and stakeholders

Monitoring & Incident Response
• Set up and maintain security monitoring and alerting
• Investigate anomalies and security incidents
• Perform root-cause analysis and post-incident reviews
• Improve detection, response, and prevention processes

Security Awareness & Training
• Plan and deliver security awareness programs
• Manage training platforms and user enrollment
• Track training completion and effectiveness
• Continuously improve training materials based on incidents and risks

Nice to have
• Experience with SIEM and SOAR tools
• Experience with MDM solutions
• Knowledge of cloud security (AWS / GCP / Azure)
• Experience running phishing simulations
• Familiarity with security frameworks and compliance standards
• Security certifications (optional)

Required Skills & Experience

Technical Skills
Strong understanding of:
Network security principles
TCP/IP, DNS, HTTP/S, VPNs
Experience with:
Firewalls (hardware or software)
Endpoint security / EDR solutions
Monitoring & logging tools
OS security knowledge:
Windows, macOS, Linux

Experience securing:
On-prem infrastructure
Cloud environments (AWS / GCP / Azure — at least one)

Security Knowledge
Authentication & authorization mechanisms
Identity and access management (IAM)
Security best practices and frameworks
Threat detection and response fundamentals

Knowledge of:
Zero Trust
MDM solutions
Cloud security posture management
Security certifications (e.g., Security+, CEH, CISSP — optional)

About us: 
Devoted Studios is a US-based game development company specializing in Co-development, Porting, and End-to-End Art Production for the global gaming industry. With a distributed team of over 1,900+ skilled professionals, we collaborate across time zones to support projects on all major platforms, engines and styles - from AAA titles to emerging technologies.

Our team includes world-class talents who bring deep expertise in external development, pipeline optimization, and creative problem-solving. Whether it’s porting games to new systems, enhancing gameplay features, or crafting stunning visuals, Devoted Studios operates as a trusted, flexible extension of our partners’ internal teams.

We are proud to be the development partner of choice for industry leaders such as: 2K, Xbox, Meta, Obsidian Entertainment, Turtle Rock Studios, Gearbox Software

At Devoted Studios, we’re committed to making outsourcing more efficient, collaborative, and impactful. If you're passionate about co-development, game art, or solving technical challenges on a global scale. 

PwC is a global network of more than 370,000 professionals in 149 countries that turns challenges into opportunities. We create innovative solutions in audit, consulting, tax and technology, combining knowledge from all over the world.

PwC SDC Lviv, opened in 2018, is part of this global space. It is a place where technology is combined with team spirit, and ambitious ideas find their embodiment in real projects for Central and Eastern Europe.

What do we guarantee?

• Work format: Remote or in a comfortable office in Lviv - you choose.
• Development: Personal development plan, mentoring, English and Polish language courses.
• Stability: Official employment from day one, annual review of salary and career prospects.
• Corporate culture: Events that unite the team and a space where everyone can be themselves.

We seek a Senior AI Security Subject Matter Expert (SME) to provide technical AI tooling reviews and hands-on engineering support for our AI security program. This "builder-defender" will evaluate emerging AI technologies, architect secure integration patterns, and execute tactical security initiatives, bridging high-level security strategy and ground-level implementation.

Key Responsibilities:

• Drive technical implementation of security controls, moving beyond theory to practical application.
• Review and design secure patterns for AI system integration, ensuring alignment with enterprise security standards.
• Conduct rigorous technical assessments of emerging security tools and AI platforms, providing data-driven recommendations.
• Perform threat modeling for AI use cases, identifying risks like prompt injection and data leakage.
• Serve as the primary technical advisor for business units proposing new AI use cases

Requirements:

• 5+ years in Application Security, Cloud Security, or DevSecOps.
• Practical experience with Generative AI architectures and associated security risks.
• Proven track record of evaluating third-party vendors and technologies.
• Proficiency in Python or similar scripting languages.
• Strong understanding of API security, OAuth/OIDC, containerization, and cloud-native services.
• Experience with Security Posture Management tools and vulnerability scanners.
• Analytical thinking and problem-solving capabilities.
• Strong communication skills for explaining complex AI security risks.
• Ability to build trust and influence decisions without direct authority.
• Proactive learner with adaptability in a rapidly evolving technology landscape.

Policy statements:
https://www.pwc.com/ua/uk/about/privacy.html

Playson is a leading iGaming supplier operating in multiple regulated markets, delivering engaging casino content and advanced technology. We’re a fast-growing, tech-driven company that values innovation, autonomy, and ownership. At Playson, we welcome people who are curious, proactive, and passionate about solving complex challenges at scale.

We are ISO/IEC 27001 certified and committed to maintaining a robust security and compliance posture across all our operations.

About the Role

We are looking for a Security Lead to strengthen Playson’s information security framework and drive continuous improvement of our security culture. This role combines technical expertise, investigative focus, and process leadership - ensuring that our systems, data, and people remain secure, compliant, and resilient.

What will you be doing?

Information Security & Compliance

• Maintain and continuously improve the ISO/IEC 27001:2022 Information Security Management System (ISMS).
• Foster a strong Security-First mindset across the organization.
• Work closely with the CTO, Head of IT, and DevOps to enhance internal security controls.
• Conduct internal audits, risk assessments, and coordinate certification renewals.
• Update security policies and controls in line with ISO 27001, GDPR, and relevant international frameworks (e.g., NIST CSF and NIS2 principles where applicable).
  Manage integrations and alerting within Datadog SIEM, CrowdStrike, Cloudflare, and Google Workspace.
• Support DLP implementation and maintain central tracking of security events.
• Document risks, incidents, and corrective actions to ensure continuous compliance.

Incident Response & Investigation

• Lead investigations into security incidents such as phishing, data leakage, or unauthorized access.
• Collect and analyze digital evidence across systems (CrowdStrike, Cloudflare, Google, Slack).
• Maintain and enhance incident response playbooks and escalation workflows.
• Collaborate with HR, Legal, and IT teams during internal investigations.
• Produce post-incident reports and recommend remediation measures.

Endpoint & Access Security

• Manage MDM systems (Zoho MDM, Endpoint Central) and ensure full compliance for macOS endpoints.
• Maintain CrowdStrike Falcon configurations and endpoint posture enforcement.
• Oversee SSO, MFA, and 2FA enforcement across services (Google SSO, DUO Mobile, 1Password).
• Implement Just-in-Time (JIT) privilege elevation and regular admin access reviews.
• Perform Quarterly RAS Access Management Reviews.

• Maintain a consistent audit trail for access management throughout the year.

   

To succeed in the role, you will have:

• 3+ years of experience in information security, IT audit, or digital investigations.
• Solid understanding of ISO 27001, GDPR, and modern security frameworks (NIST CSF / NIS2).
• Hands-on experience with SIEM / EDR systems
• Proven ability to manage SSO, MFA, DLP, and MDM environments.
• Strong communication skills in English (B2 or higher).
• Analytical mindset, integrity, and attention to detail.

Preferred additional qualifications:

• Certifications: CISSP, CISM, CEH, ISO 27001 Lead Auditor, AWS Security Specialty.
• Experience with Zero Trust, PAM, DLP/CASB, or SOAR platforms.
• Forensics experience.
• Experience in designing awareness programs or running phishing simulations.

What you get in return:

• Competitive Salary: We offer a competitive salary in EUR, subject to annual performance reviews
• Quarterly Bonuses: Benefit from a transparent and systematic quarterly bonus system
• Flexible Schedule: We offer a flexible work schedule to accommodate your needs
• Remote Work Option: Choose to work remotely, providing greater flexibility and comfort
• Medical Insurance: Receive comprehensive medical insurance for both you and a significant other
• Financial Support for Life Events: We provide financial support during special life events
• Unlimited Paid Vacation: Enjoy unlimited paid vacation leave
• Unlimited Paid Sick Leave: Take unlimited paid sick leave whenever necessary
• Professional Development: Get reimbursement for professional development courses and training

The recruitment process includes the following steps:

1. HR Interview (30-45 mins)

2. Technical interview with Service Desk & Security Lead (60 mins)

3. Final Interview with CTO and People Business Partner (60 mins)

About Playson

Founded in 2012, Playson is a leading iGaming supplier recognized worldwide. We provide our partners with a high-end, microservice-based Platform-as-a-Service capable of processing billions of financial transactions daily. Our global infrastructure is designed for cross-regional performance, with a relentless focus on latency reduction and flawless player experience, regardless of bandwidth or connectivity.

We are now building a Platform & Cloud Security function and are looking for the first hire to launch and lead it. This is a rare opportunity to set the standards from scratch and shape how security is embedded into a modern, high-load, cloud-native environment.

Key Responsibilities

• Establish the DevSecOps function at Playson, defining best practices and security standards across the Platform Tribe.
• Integrate security into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning).
• Harden infrastructure and runtime environments (Linux, Docker, Kubernetes/EKS, RBAC).
• Design and enforce cloud security controls in AWS (IAM least-privilege, GuardDuty, Security Hub, encryption at rest/in transit).
• Define and maintain IaC security policies (Terraform/Terragrunt, drift detection, policy-as-code).
• Implement and manage secrets management solutions (Vault, AWS Secrets Manager).
• Build centralized security monitoring & alerting (Datadog, ELK, CloudWatch, SIEM/SOAR).
• Lead vulnerability management and threat modeling practices.
• Automate workflows through scripting (Python, Bash).
• Partner with backend, infrastructure, and platform engineers to embed security in design & delivery.
• Contribute to compliance readiness (ISO 27001, GDPR, PCI-DSS).
• Act as a security subject-matter expert, mentoring engineers and raising awareness.
• Continuously evaluate and implement new security tools and approaches.

Requirements

• 5+ years in Security Engineering / DevSecOps roles, with proven success delivering secure infrastructure and applications.
• Strong skills in Python and Bash for building and automating security workflows.
• Cloud Security (AWS focus) - Deep knowledge of IAM least-privilege design, encryption at rest/in transit, GuardDuty, Security Hub, and best practices for securing multi-account environments.
• Implementation of security controls in pipelines (SAST, DAST, dependency scanning, container image scanning, policy-as-code).
• Hardening of Linux systems, Docker, Kubernetes/EKS; strong experience with RBAC, PodSecurity/OPA/Gatekeeper/Kyverno policies.
• Terraform/Terragrunt, including policy-as-code, drift detection, and compliance enforcement.
• Expertise with HashiCorp Vault, AWS Secrets Manager, or equivalent.
• Hands-on with centralized logging, SIEM/SOAR tools (Datadog Security, ELK, CloudWatch, etc.) and incident response workflows.
• In-depth understanding of secure network design, segmentation, and monitoring.
• Experience with tools enabling temporary, approval-based access (Teleport, AWS IAM Identity Center, Okta, etc.).
• Ability to design and enforce zero trust principles (continuous verification, microsegmentation, contextual access).
• Familiarity with SBOM generation (CycloneDX, Syft), artifact signing (Cosign, Sigstore), and applying SLSA/in-toto frameworks.
• Understanding of ISO 27001, GDPR, PCI-DSS (iGaming relevance), plus experience automating compliance checks with IaC and policy engines.

Nice to have:

• Exposure to Kafka or ClickHouse in security-sensitive environments.
• Familiarity with GitOps tooling (FluxCD/ArgoCD).
• Broader knowledge of SOC 2, HIPAA, or other regulatory frameworks.

What We Offer

• Compensation at top industry standards + quarterly bonuses based on transparent evaluation.
• Remote-first flexibility and adaptable working hours.
• Unlimited paid vacation & sick leave.
• Comprehensive medical insurance (for you and your partner).
• Financial support for major life events.
• Professional growth budget for courses, training, and certifications.

Recruitment Process

1. HR Interview – 45 min
2. Hiring Manager Interview – 60 min
3. Technical Interview – 90 min
4. Final Interview with Head of Platform & CTO – 60 min

We are looking for an InfoSec Manager to develop and enforce security strategy, policies, and operations across the company. This role combines governance and hands-on technical responsibility: from Security Risk management and IAM to endpoint protection, security operations, and IT infrastructure. Information Security Manager will work closely with leadership and IT teams to ensure resilience against evolving threats and compliance with data protection requirements.

Responsibilities:

• Develop and maintain corporate information/cybersecurity strategy aligned with business goals.
• Define and enforce security policies, standards, and guidelines for information security, PII protection, and IAM.
• Build and update a cybersecurity plan based on evolving risks and threats.
• Conduct periodical risk assessments of infrastructure, applications, and processes based on the comprehensive asset management.
• Integrate data confidentiality and privacy (PII) protection into daily operations (“privacy by design”).
• Manage Accesses with SSO, MFA, and RBAC implementations on corporate systems.
• Oversee provisioning/deprovisioning and regular access reviews.
• Manage workstation and laptop security, including BYOD policies.
• Establish incident detection, response, and recovery processes.
• Ensure secure configuration of corporate tools (Google Workspace, Slack, etc.).
• Maintain backup, disaster recovery, and business continuity readiness.
• Execute Information Security Awareness campaigns.

Requirements:

• Ability to collaborate with leadership and technical teams, balancing governance and practical controls.
• Proven experience in developing and maintaining corporate information/cybersecurity strategy aligned with business objectives.
• Strong knowledge of security governance, including definition and enforcement of security policies, standards, and guidelines (information security, PII/data privacy, IAM).
• Practical experience building and maintaining a cybersecurity roadmap and adapting to evolving threats.
• Design and implementation of IT asset management and hands-on experience conducting risk assessments across infrastructure, applications, and business processes. 
• Technical expertise with Identity & Access Management (IAM): SSO, MFA, and RBAC implementations for SaaS and on-prem applications.
• Experience managing user lifecycle (provisioning, deprovisioning, and access reviews).
• Knowledge of security operations practices: incident detection, response, and recovery.
• Experience securing corporate IT tools such as Google Workspace, Slack, and similar SaaS platforms.
• Familiarity with backup solutions, disaster recovery planning, and business continuity management.
• Practical experience in running Awareness Campaigns, evaluate its effectiveness and continuously improve them
• Relevant certifications (CISSP, CISM, ISO 27001, or equivalent) are a strong plus.

Paycord is a PayTech company with a high-load platform for payment processing. We combine fintech expertise with merchant insights to create innovative solutions. We’ve successfully developed a strong product that helps businesses succeed in new markets.

Our primary focus is on solution-driven development, and we prioritize the needs of our business clients. We provide access to a wide range of local and international payment methods, supporting businesses in reaching new heights and achieving excellence.

We`re rapidly growing and inviting an Information/System Security Engineer to our team.

You would be running such tasks as:

• Assess cybersecurity risks and develop measures to minimize them.
• Implement and administer SOC tools, and integrate threat monitoring systems.
• Manage vulnerabilities, respond to security incidents, analyze root causes, and mitigate attack impacts.
• Handle identity protection and privileged access management.
• Secure Windows, macOS, and Linux endpoints.
• Ensure information and data protection.
• Conduct cybersecurity awareness training and promote best security practices among staff.
• Collaborate closely with Legal, HR, Business & Product Owners, DevOps, IT specialists, and development teams, providing expertise in information security matters.

Required skills and expertise:

• Higher education in Information Security or a related field (Computer Science, Software Engineering, Information Systems, etc.).
• At least 3 years of experience in a similar position.
• Strong understanding of user authentication principles, access control, and information resource management models.
• Experience with OSINT tools and methodologies.
• Hands-on experience with configuring and administering tools such as SIEM, EDR, SOAR, MISP, IDS/IPS.
• Experience in securing server, network, and cloud infrastructures.
• Familiarity with monitoring and logging systems.
• Experience in scripting and automation.
• Experience in Security Incident Response, ability to analyze and interpret data, and prepare reports based on incident investigation results.
• Experience with IT audits and risk management processes.
• Risk-oriented mindset with the ability to assess consequences and implement systemic improvements.
• English level: Intermediate or higher (ability to read technical documentation and correspond in English).

Will be a plus:

• Relevant security certifications and training.

We offer:
Care for your health and well-being
• 100 % paid sick leaves;
• 20 working days of paid vacation;
• Medical support;
• Benefits Cafeteria (budget for gym/stomatology/psychological service & etc.);
• Ability to work remotely or in the office (as you wish);
• Corporate gifts & events.

Professional growth & development
• Competitive salary with annual salary promotions;
• The annual budget for professional courses, conferences, workshops, and books;
• Internal training courses;
• Work with a team of professionals and have the opportunity to share knowledge.

Corporate Culture
• Dynamic and result-oriented work environment;
• The ability to influence product development at an early stage;
• Openness to new ideas and approaches, healthy team discussions;
• No “red tape” culture.

Candidate journey:
HR Interview — Technical Interview — Final Interview