Jobs
74-
· 61 views · 6 applications · 1d
Junior Penetration Tester
Full Remote · Countries of Europe or Ukraine · IntermediateIterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune...Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.
We are looking for a talented and motivated Junior Pentester who will join our security team to work on penetration testing and vulnerability/cloud security assessment projects.
We expect a short motivation letter where you can explain your skills, achievements and motivation.
Required skills
- Solid non-commercial cybersecurity experience, such as HTB/THM
- Junior-level cybersecurity certifications would be a plus.
- Comfortable with basic application security testing and common vulnerabilities (like OWASP Top 10, CWE Top 25) and cybersecurity fundamentals
- Strong basic IT skills: Linux, networking (TCP/IP, DNS, HTTP etc.)
- Some experience in scripting/coding languages, such as Java, JS, Python, Shell, etc.
- Strong drive to learn and develop cybersecurity skills
- Technical English (Intermediate)
We offer
- Good salary + bonus system
- Rewarding environment: brilliant team ready to share knowledge and collaborate
- Support in obtaining professional certifications, such as BSCP, OSCP, eWPTX, cloud certifications, etc.
- Courses and conferences which are relevant to the position are sponsored by the company.
- We are a remote-first company with full WFH support and a flexible work schedule.
Responsibilities
- Execute penetration tests and security assessments as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more
- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps
- Conduct security research
More -
· 14 views · 1 application · 1d
Middle/Senior Penetration Tester
Full Remote · Countries of Europe or Ukraine · 3 years of experience · IntermediateIterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune...Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.
We are looking for a Middle/Senior Security Consultant / Penetration tester to work on and lead penetration testing and vulnerability/cloud security assessment projects.
In this role, you will work on technically challenging projects and also spend some time leading/mentoring our junior pentesting colleagues.
Required skills
- 1.5+ years of intensive commercial experience
- OSCP, eWPTx2 or similar would be a plus
- Scripting/coding skills and being comfortable with advanced pentesting tooling
- Strong knowledge of mobile/web security
- Comfortable with cloud and container security
- Basic RE skills
- Ability to mentor/lead colleagues
- Strong ability and drive to learn and develop cybersecurity skills
- Technical English (Intermediate+)
We offer
- Good salary + bonus system
- Diverse project portfolio and technologies to work with
- Rewarding environment: brilliant team ready to share knowledge and collaborate
- Courses and conferences which are relevant to the position are sponsored by the company.
- We are a remote-first company with full WFH support and a flexible work schedule.
Responsibilities
- Participate in various pentesting projects
- Lead junior colleagues
- Perform threat modeling in pentesting and security assessment projects
- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps
- Consult clients on efficient issues remediation
- Conduct security researches
- Develop tools and scripts to automate and improve current pentesting processes
More -
· 33 views · 0 applications · 22d
Senior Vulnerability Researcher
Countries of Europe or Ukraine · 3 years of experience · Upper-IntermediateAbout you: We are looking for a proficient Vulnerability Researcher to work in the cybersecurity field. If you are interested in making a difference and being part of an exciting project, please apply with your CV. About project: Our new client develops...About you:
We are looking for a proficient Vulnerability Researcher to work in the cybersecurity field. If you are interested in making a difference and being part of an exciting project, please apply with your CV.
About project:
Our new client develops a cyber security project for the US government. You will have the opportunity to contribute to the security of the United States.
Your area of responsibility:
- Detect and exploit vulnerabilities;
- Build scripts and software modules to verify the presence of vulnerabilities;
- Reverse-engineer vulnerability patches in order to better understand certain vulnerabilities;
- Assist in the development of tools to improve vulnerability or threat research.
Skills and requirements:
- Proven experience in vulnerability exploitation and fuzzing;
- Extensive experience (3+ years) in reverse engineering;
- Knowledge of OS internals (any OS);
- Recent knowledge of exploitation techniques (iOS/Android/Windows/Linux/embedded).Will be a plus:
- Academic degree in Computer Sciences/Mathematics/Physics;
- Proven record (CVEs or verbal description) of found vulnerabilities in mobile/desktop OSes;
- Good interpersonal skills.
We offer:
- Висококласні робочі умови: спільнота першокласних інженерів, близько 90% нашої команди це Middle та Senior; цікаві та довгострокові проєкти у різних сферах; можливість змінити проєкт в разі необхідності;
- Конкурентна ринкова компенсація в валюті (не в гривневому еквіваленті), яка виплачується без затримок;
- Власний план розвитку та регулярні перегляди компенсації;
- Оплачувані відпустки (20 днів) та лікарняні дні (5 днів);
- Всі державні свята за Українським законодавством є вихідними;
- Можливість працювати з будь-якою точки світу — ми знайдемо юридичний варіант, допоможемо легалізуватися або проконсультуємо з цього питання.
- Бухгалтерський супровід;
- Юридична підтримка в межах України;
- Повноцінна HR-підтримка та турбота.
More -
· 52 views · 3 applications · 9d
Security engineer for endpoint agents (AV, VPN, etc.) on Windows/MacOS/Lin to $5000
Full Remote · Ukraine · Product · 3 years of experienceWe are looking for an endpoint/workstation support engineer to support multiple mixed MacOS/Windows/Lin remote working environments. You should maintain a high level of user satisfaction, as well as properly document your work. Your primary tasks will...We are looking for an endpoint/workstation support engineer to support multiple mixed MacOS/Windows/Lin remote working environments. You should maintain a high level of user satisfaction, as well as properly document your work.
Your primary tasks will include:
* Enduser remote support for agents installation
* AV alerts investigation
* Ensuring security compliance policies are in place (e.g. full disk encryption, firewall)
* Implementing updates on agent installation packages whenever new version arrives
* Testing of Windows/Win/Lin endpoint agent updates
The candidate should have a proof records of successful projects in the following areas:
* support of AV/EDR/VPN and other security agents on multiple platforms
* Intune MDM
* Apple Business Manager
* Windows, MacOS and Linux endpoint support
* Basic Unix shell and Powershell scripting
* MS Graph API and other REST API basic experience
* Windows and MacOS troubleshooting with the aid of Sysinternals tools and different set of MacOS tools (netstat, lsof, vmstat, top, dtruss, etc.)
* Fluent English
* Teamwork and problem solving mind
* Compliance framework basic awareness (ISO27001/PCI-DSS/HIPAA etc.)
* ITIL and IT service basic awareness and ability to write end-user documentation/procedures/instructions
A big plus if have all or any of the following:
* Microsoft Intune certification or other Microsoft Security/Endpoint certificationi
* Any AV vendor certification
* Any security related certification (e.g. ISO27001LA, CISSP, CISA)
More -
· 63 views · 5 applications · 21d
Qualis Engineer (SIEM)
Ukraine · Product · 1 year of experienceAre you ready to embark on an exciting journey with our Client from the retail domain (product)? We’re on the lookout for passionate individuals to join the newly formed IT Security Team, where you’ll play a pivotal role in shaping our company’s...Are you ready to embark on an exciting journey with our Client from the retail domain (product)?
We’re on the lookout for passionate individuals to join the newly formed IT Security Team, where you’ll play a pivotal role in shaping our company’s cybersecurity landscape. Our Client, with over 10,000 employees, this is your chance to make a real impact right from the start in the retail domain.
WHY JOIN US our CLIENT?
— Lead from the Front: Manage our SIEM (Elastic Cloud) project from inception,
taking charge of its development and implementation.
— Cutting-Edge Environment: Work with the latest technologies
including EDR, IDS/IPS, WAF, Azure Sentinel, Azure AD, and
sharpen your skills in KQL, Python, and PowerShell.
— Flexible Work Arrangements: Whether you prefer a hybrid,
remote, or office setup, we prioritize results over formats,
ensuring a conducive environment for your success.
— Collaborative Culture: We value teamwork, effective
communication, and results-driven approaches. Join a team
where your contributions truly matter.
— New IT Security Team (5 + team members) and we’re
not stopping our growth.
WHAT our CLIENT is LOOKING FOR:
— Experience: At least 0.6 years (better 1+) of hands-on experience with Elastic Cloud,
with additional exposure to complementary technologies.
— Technical Proficiency: Familiarity with EDR, IDS/IPS, WAF, Azure
Sentinel, Azure AD, and programming skills in KQL, Python, and
PowerShell (nice to have).
— Soft Skills: We value traits like being a team player, effective
communication, attentiveness, and a focus on achieving results.
If you’re ready to take on this exciting opportunity and grow — don’t hesitate to reach out. We’re eagerly awaiting your application and look forward to welcoming you aboard our Client’s team!
More -
· 10 views · 1 application · 3d
Senior DevOps Engineer (Security)
Office Work · Ukraine (Kyiv) · Product · 5 years of experience · Intermediate Ukrainian Product 🇺🇦Ajax Systems is an international technology company, the largest developer and manufacturer of security systems in Europe. The startup, created in 2011 in Ukraine, scaled into an international product company. Ajax security systems protect more than 2.5...Ajax Systems is an international technology company, the largest developer and manufacturer of security systems in Europe.
The startup, created in 2011 in Ukraine, scaled into an international product company. Ajax security systems protect more than 2.5 million users in 169 countries. The company works with 150,000 installers in key markets.
Ajax Systems has a central office, an R&D department, and two full-cycle productions in Ukraine; the representative offices in the UAE (Dubai), Great Britain, Italy, Spain, and teams in many other regions; and a logistics hub in Poland.
The company has more than 3,000 employees, including 500 development engineers and 1,200 production workers.
Ajax products are a whole ecosystem of 135 devices, mobile and desktop apps, and server infrastructure.
The product line includes control panels, motion detectors, opening detectors, flood prevention, fire detectors, street and home sirens, alarm buttons with the appliances control function, smart sockets, and relays.
Our infrastructure is a part of the product that is invisible to the end user, but critical to the life of the entire system. The safety of our users and their property depends on our uptime. We are constantly developing our cloud solutions and this requires automating our infrastructure, testing and improving its fault tolerance. For this purpose we are looking for Senior DevSecOps Engineer.
Requirements:
- 5+ years of experience with a strong interest in security or exposure to DevSecOps principles.
- 3+ years of experience with AWS common stack: VPC, EC2, S3, RDS, Elasticache, Route53, Lambda etc.
- 3+ years of experience with AWS security stack: CloudTrail, IAM, KMS, WAF, GuardDuty, Inspector, Macie etc.
- 3+ years of experience with managing Linux-based systems, TCP/IP networking.
- 3+ years of experience with IaC and config management tools such as Terraform, Terragrunt, Ansible.
- Experience with git, Docker, Github Actions, Jenkins etc.
Interest in security best practices and a willingness to grow skills in securing DevOps processes.
Desirable:
- Experience in a DevSecOps role or a similar position.
- Understanding of regulatory requirements and industry standards(SOC2, ISO27001, PCI DSS etc).
- Certifications related to cloud security (e.g., AWS Security Specialty)
- Kubernetes (AWS EKS) + Helm.
- Message brokers: NATS, Kafka.
- Databases: MongoDB.
- Hashicorp tools: Vault, Packer.
Monitoring/Alerting: Datadog, OpsGenie.
Responsibilities:
- Security-focused DevOps Practices: Apply secure configurations and best practices within the DevOps environment, aiming to make security a natural part of the development and deployment process.
- Vulnerability Awareness: Help identify and address vulnerabilities in software and infrastructure components, working collaboratively to mitigate risks.
- Security Incident Participation: Work with incident response teams on security issues, assisting as needed with investigations and documentation.
- Infrastructure Hardening: Support secure configurations of cloud infrastructure, with a focus on access management and basic data protection measures.
- Real-Time Monitoring Assistance: Assist with maintaining and improving security monitoring for quick detection and response to incidents.
- Tool Collaboration: Collaborate with the security team to evaluate and integrate tools that enhance DevOps security.
- Documentation and Process Integration: Help document security practices, policies, and procedures within DevOps workflows, integrating them smoothly with existing processes.
With us you will enjoy:
- Working with a team of people to build the future of an industry.
- Non-trivial challenges and various specter of interesting tasks.
- A flexible, friendly and collaborative work environment.
- Corporate culture based on common sense.
- Opportunities to influence the creation of new products and their quality.
-
· 127 views · 21 applications · 26d
Intern, Cyber security
Ukraine · 1 year of experience · Upper-IntermediateKPMG is a global network of professional firms providing Audit, Tax and Advisory services. KPMG is the brand under which the member firms of KPMG International Limited («KPMG International») operate and provide professional services. «KPMG» is used to...KPMG is a global network of professional firms providing Audit, Tax and Advisory services. KPMG is the brand under which the member firms of KPMG International Limited («KPMG International») operate and provide professional services. «KPMG» is used to refer to individual member firms within the KPMG organization or to one or more member firms collectively.
We operate in 143 countries and territories, and collectively employed more than 273,000 people working in member firms around the world. Each firm is an independent legal entity. Each KPMG member firm is solely responsible for its own obligations.
KPMG is committed to three key imperatives: quality of services, insight into the problems of our clients, and integrity in our business. It is these principles that drive our firms professionals to provide audit, tax, and advisory services that reflect global consistency and unwavering integrity. We will build and sustain our reputation as the best firm to work with by ensuring that our people, our clients and our communities achieve their full potential.
You will be a part of KPMG IT and Cyber Advisory providing services in area of:
- Development and implementation of cyber security strategies
- Assessment and building modern SOC’s
- Digital forensics and cyber response
- IT and cyber security audits
- Penetration testing and Red team exercises
- Assessment and building Secure SDLC and DevSecOps
- Cyber awareness and trainings
- GDPR and data privacy
Responsibilities:
- Support the delivery of high-quality deliverables and thorough documentation
- Support project management activities by building status reports, tracking deliverables, coordinating action items, and capturing meeting minutes
- Research and understand cyber security related topics, concepts, tools, and processes to support client delivery
Requirements:
- Graduate or final-years student (3rd course and above)
- Degree in computer science, information security or other related fields
- No or minimal working experience
- Understanding of multiple technology domains including OS administration, database management, networking, software development
- Common understanding of security vulnerabilities in operating systems, web applications, including knowledge of remediation procedures
- Common understanding of a wide range of information security and IT methodologies, standards (e.g. ISO 27x, NIST, Cobit etc.), regulatory requirements (both Ukrainian and global), principles, technologies and tools (attacking and defensing — e.g. vulnerability scanners, traffic analysis, forensic tools etc.)
- Understanding of technology risks
- Standing and positive reputation in the information security community is preferred
- Sharp research and analytical mind and technical aptitude
- Strong verbal and writing communication skills
- Ability to work as part of a team and commitment to achieving results
- Effective interpersonal and communication skills
- English — Intermediate (B1) and higher and/or a strong desire to improve English skills in a short time
What we offer:
- Internship that will help you get your first hands-on experience in cyber security
- Career path in one of the following areas: SOC analysts, forensic analyst, security engineer, penetration tester
- Ongoing training and development (including English speaking club)
- Mentorship of the professionals with practical experience
- Salary for the internship period
- Global opportunities
- Wellbeing
- Hybrid working (in-office and remote work) with a flexible schedule
- Modern office in the city center
-
· 39 views · 1 application · 28d
Security Architect (Cloud)
Ukraine · Product · 3 years of experience · Upper-IntermediateWe are looking for a Security Architect (Cloud) to join our team! As a Security Architect (Cloud), you will become an essential and vital part of our Cyber Risk team, providing expert advice in both local and international cloud security projects where a...We are looking for a Security Architect (Cloud) to join our team!
As a Security Architect (Cloud), you will become an essential and vital part of our Cyber Risk team, providing expert advice in both local and international cloud security projects where a diverse skillset, relevant knowledge on both IT and business aspects set us apart from the competition. As part of our Cyber Practice, you will be part of a team of seasoned cyber security professionals where inclusive leadership, continuous learning and coaching culture is considered an essential part of who we are.
As part of your role, together with Senior Leadership, you will be in charge of developing and refining Deloitte's Cloud Security offering and go to market; as well as build the Cloud Security practice within Ukraine and central Europe.
Some of your tasks will include:
- Supporting clients during their cloud transformation initiatives, making sure that all technical security risks are correctly identified, mitigated and reported. In addition, integrating the new cloud infrastructure in the overarching security architecture and strategy
- Plan, research, and design security controls for IT systems and data to align with business objectives
- Developing technical security standards to serve as input for the creation of the cloud landing zones
- Defining, establishing and maintaining multi-cloud security architectures, strategies and methodologies
- Leading the implementation of technological cloud security capabilities by defining the technological security vision, defining the solutions and steering the implementation teams in realizing these architectures
- Review system security measures and implement necessary enhancements
- Defining and reviewing cloud security architectures and strategic roadmaps on an ongoing basis to ensure alignment with both business and IT strategies, taking into account technology evolutions
- Giving input to the ongoing improvement and streamlining of security architecture development and delivery
- Delivering an integrated security architecture model linking cloud, applications, information and infrastructure architectures
Let's talk about you
- Between 7 - 15 years of Cyber security experience, ideally most of it within consulting within the following areas:
Cloud and Container Security:
- Minimum of 5 years experience with AWS, Azure, GCP or OCI and demonstrable affinity with Cloud technology
- Knowledge of information security principles and guidelines (including CIS, MITRE ATT&CK frameworks)
- Strong working knowledge of IT risks, cybersecurity, computer operating systems, and cloud computing environments
- Experience with containerization: Kubernetes, Docker. Practical experience with serverless and secure development environments, infrastructure-as-code is a plus
Governance and Risk Assessment :
- Good knowledge of security frameworks such as ISO, NIST CSF, CSA and CIS controls
- Experience with the implementation of cloud risk frameworks and optimization of controls in CI/CD pipelines
Architecture and Design:
- Well-versed in Secure Cloud Architecture Design and Implementation; Able to design solutions for improving Cloud Security by enforcement of cloud security guardrails and standards
- Experience with architecture and security reviews, threat modeling applications, and identifying areas of risk
- Experience with encryption in-flight and at-rest practices, as well as certificate and secrets is a nice to have
- High level knowledge of network architectures, topologies, and concepts (Firewalls, LB, WAF, CDN, VPC, ACL, TLS, SSH, and DNS)
- Experience implementing strategies to support secure and compliant architectures
Soft skills:
- Adaptable, flexible and able to see the bigger picture
- Comfortable or eager to be involved in business development initiatives, should be at ease being on the market and engaging with potential new clients or increasing our offering with existing clients
- A thought-leader with a strong drive and motivation to build a team
- Ability to work within international environment
Certifications such as CISSP, CISA, or CISM are highly desired
More -
· 20 views · 1 application · 27d
Information Security Auditor
Office Work · Ukraine (Kyiv) · Product · 3 years of experience · Intermediate Ukrainian Product 🇺🇦Skills and Experience Requirements: - 3+ years of experience as an Information Security Auditor/Internal Security Assessor. - Experience managing controls or compliance with SOC2, ISO 27001, PCIDSS. - Experience managing multiple projects in a fast paced,...Skills and Experience Requirements:
- 3+ years of experience as an Information Security Auditor/Internal Security Assessor.
- Experience managing controls or compliance with SOC2, ISO 27001, PCIDSS.
- Experience managing multiple projects in a fast paced, ambiguous environment, accountability/ownership for the audit project lifecycle.
- A high degree of personal integrity, attention to detail, and strong investigative skills.
- Associate or bachelor’s degree in Information Security/IT/Cybersecurity related discipline is preferred.
Responsibilities:
- Schedule, coordinate, and lead company internal audits. Handle the full internal audit cycle.
- Develop and implement of audit program ( ISO/IEC 27001, PCIDSS, GDPR).
- Support preparation for external audits, liaise with external auditors and provide internal guidance in support of external audits.
- Plan, implement, monitor, and upgrade security measures to protect the organization’s data, systems, and networks.
- Conduct audits regular audits and provide recommendations.
- Maintain, monitor, and improve the audit process.
- Control of implementation of corrective actions addressing nonconformities with management systems standards and document requirements.
We offer:
- 20 working days of vacation;
- 12 sick days;
- Compensation for sick leave;
- Medical insurance;
- Flexible work schedule;
- Gifts and benefits for significant occasions;
- Mental health care;
- Support and development of volunteer culture.
More -
· 18 views · 0 applications · 11d
Information Security Lead
Office Work · Ukraine (Kyiv) · Product · 5 years of experience · Upper-IntermediateDelasport — Implementing Technological Solutions Here and Now. Delasport is an iGaming Software company providing Sports Betting & Online Casino software, and turnkey B2B solutions. Established in 2010, Delasport delivers a one-stop-shop solution of...Delasport — Implementing Technological Solutions Here and Now.
Delasport is an iGaming Software company providing Sports Betting & Online Casino software, and turnkey B2B solutions. Established in 2010, Delasport delivers a one-stop-shop solution of Sports Betting and Online Casino from a White-Label, with a full range of management services to a Plug&Play iFrame and a complete Turnkey. We are establishing an R&D center in Kyiv, and are looking for top talents to join our team.RESPONSIBILITIES
- Monitor compliance with information security and privacy policies at a technology company.
- Completing vendor security assessments and reviews.
- Reviewing security clauses in customer and vendor contracts.
- Providing, reviewing, and enhancing security training and awareness programs.
- Management of the organization's technological risk assessments.
- Helping security leaders to identify and assess risks of the organization and developing strategies to manage and mitigate these risks.
- Develop and implement best practices for assessing and evaluating IT and security controls for the organization third-party businesses.
- Manage the penetration testing and technical risk assessments from end to end.
- Supporting the business with customer engagements, including attending customer calls and supporting our sales teams
REQUIREMENTS
- Minimum of 5 years of experience in a similar role in a technology/software/cloud organization
- Experience implementing and enforcing information security, regulatory, and privacy policies across the business.
- Acquaintance working with cyber security tools and products.
- Solid knowledge of information security principles and practices.
- Knowledge of risk management frameworks and industry compliance standards such as ISO 27001/ SOC2/ PCI DSS
- Excellent interpersonal skills and ability to work in a team with multiple interfaces.
- Experience working at SaaS provider company - an advantage.
- Fluent English
WHAT WE CAN OFFER YOU
- Modern office in Podil with an uninterruptible power supply and the Internet
- Personal time off (21 business days of paid vacation, paid days on special occasions, sick leaves, emergency days off)
- Public holidays
- Health insurance with the broker which is available from the first month of cooperation
- Life insurance with the broker which is available from the first month of cooperation
- Modern technical equipment
- English courses with native speakers
- Ukraine-based educational programs
- Sports activities reimbursement
- Corporate entertainments
- Happy hours on Fridays
- Gig contract support
-
· 39 views · 2 applications · 21d
DevSecOps Engineer
Countries of Europe or Ukraine · Product · 3 years of experience · Pre-IntermediateFAVBET Tech develops software that is used by millions of players around the world for the international company FAVBET Entertainment. We develop innovations in the field of gambling and betting through a complex multi-component platform which is capable...FAVBET Tech develops software that is used by millions of players around the world for the international company FAVBET Entertainment.
We develop innovations in the field of gambling and betting through a complex multi-component platform which is capable to withstand enormous loads and provide a unique experience for players.
FAVBET Tech does not organize and conduct gambling on its platform. Its main focus is software development.
Main areas of work:- Betting/Gambling Platform Software Development — software development that is easy to use and personalized for each customer.
- Highload Development — development of highly loaded services and systems.
- CRM System Development — development of a number of services to ensure a high level of customer service, effective engagement of new customers and retention of existing ones.
- Big Data — development of complex systems for processing and analysis of big data.
Cloud Services — we use cloud technologies for scaling and business efficiency.
About Us
We are a dynamically growing company specializing in developing high-load and fault-tolerant systems. Our team values professionalism, innovation, and a commitment to continuous growth.
Responsibilities:- Lead the design, implementation, and integration of various cyber defense tools
- Conduct threat hunting over log sources connected to the SIEM and develop new coverage
- Monitor security alerts, perform triage and analysis, and respond to security incidents
- Identify security tools and implement solutions from POC to production (e.g., container security, cloud security, etc.)
- Develop SOAR to enhance monitoring, response, and observability for security alerts
- Managing infrastructure as code with Terraform
- Managing configuration as code with Ansible (AWX), Helm and Jsonnet
- Work closely with Engineering and DevOps teams to define a security strategy and execute it.
Requirements:
- Strong knowledge of AWS, Kubernetes, containerized, and microservice architectures
- Strong knowledge of Linux and using languages such as Shell/Bash, Python, or Go
- Strong knowledge of Terraform, Ansible and Helm
- Experience with security solutions in cloud environments (e.g., DDoS, WAF, IDS/IPS, DB-FW, Kubernetes security, etc.)
- Knowledge of build/release systems and CI/CD pipelines
Nice to Have:
- Experience with Elastic XDR, including fine-tuning ILMs
We offer:
- 30 day off — we value rest and recreation;
- Medical insurance for employees and the possibility of training employees at the expense of the company and gym membership;
- Remote work or the opportunity — our own modern lofty office with spacious workplace, and brand-new work equipment (near Pochaina metro station);
- Flexible work schedule — we expect a full-time commitment but do not track your working hours;
Flat hierarchy without micromanagement — our doors are open, and all teammates are approachable.
During the war, the company actively supports the Ministry of Digital Transformation of Ukraine in the initiative to deploy an IT army and has already organized its own cyber warfare unit, which makes a crushing blow to the enemy’s IT infrastructure 24/7, coordinates with other cyber volunteers and plans offensive actions on its IT front line.
More -
· 54 views · 0 applications · 13d
Junior Information Security Specialist
Full Remote · EU · Product · 3 years of experience · IntermediateRISK inc: An International iGaming Company Pushing the Boundaries of Entertainment Who We Are: An international iGaming company specializing in identifying and fostering the growth of high-potential entertainment markets. With 700+ professionals in...RISK inc: An International iGaming Company Pushing the Boundaries of Entertainment
Who We Are:
An international iGaming company specializing in identifying and fostering the growth of high-potential entertainment markets. With 700+ professionals in 20+ locations, we operate in 10 countries, serving over 300,000 customers.
Always Pushing the Boundaries? You Already Belong at RISK!
Our global-scale operations are based on strong internal expertise, analytics, and data research. We have expertise in iGaming operations (sports betting, online casino), digital and affiliate marketing, tech solutions, and data analytics.
We are seeking a SOC Specialist to become a part of our team.
Responsibilities:
- Event Collection and Analysis: Gather and analyze events from infrastructure components (websites, servers, databases).
- Security Rule Development and Implementation: Create and implement security rules for scenarios like fake registrations, mass registrations, and DDoS attacks.
- Monitoring and Incident Response: Monitor and respond to rule triggers/incidents, refine response rules, and handle blocking actions.
- Security Incident Investigation: Investigate security incidents.
- Resource and Service Registry: Maintain a registry of resources and services.
- Security Compliance Control: Ensure resource compliance with international security standards and apply the latest security patches.
- Collaboration with Subcontractors and Security Partners: Work closely with subcontractors and partner companies on security matters.
- Administration of Security Systems: Manage security systems such as MDM (Mobile Device Management), BYOD (Bring Your Own Device), SIEM (Security Information and Event Management), and CloudFlare.
- Risk Analysis and Mitigation: Assess existing risks and develop compensatory actions to minimize them. Risk Analysis for New Systems and Projects: Evaluate potential risks related to implementing new systems, services, or applications to enhance business processes.
Qualifications
- Minimum 3 years of experience in IT and/or information security.
- Solid understanding of IT Infrastructure and Network Security principles.
- Familiarity with IT infrastructure protection systems and network security.
- Experience with IAM (Identity and Access Management) systems.
- Proficient in vulnerability management systems.
- Experience in configuring SIEM tools (Open Search, Splunk, or others).
- Desired experience in configuring security policies for Google Workspace/Office 365.
- Familiarity with tools like Terraform, GitLab, Prometheus, Grafana, Loki, Docker, Docker Compose, PowerBI, HaProxy, Nginx, and LEMP.
- Familiarity with cloud solutions such as AWS, DigitalOcean, CloudFlare, GCP, and Kubernetes.
- Experience with external audits (either undergoing or conducting them).
- Strong understanding of risk and incident management methodologies.
- Excellent documentation skills (creating instructions, policies, guidelines).
- Familiarity with scripting languages like Python, Bash/Shell scripts, SQL, and PowerShell for automation, parsing, API work, and database tasks.
- Knowledge of security standards like ISO/IEC 27001 and NIST.
- Familiarity with antivirus systems; experience with CrowdStrike is a plus.
- Desired experience in deploying and administering databases.
- Desired experience with Windows, Linux, and MacOS operating systems.
- Intermediate or higher proficiency in English (both written and spoken).
Our Benefit Cafeteria is Packed with Goodies:
- Children Allowance
- Mental Health Support
- Sport Activities
- Language Courses
- Automotive Services
- Veterinary Services
- Home Office Setup Assistance
- Dental Services
- Books and Stationery
- Training Compensation
- And yes, even Massage
-
· 38 views · 2 applications · 28d
Head of Security
Full Remote · Poland · Product · 10 years of experience · IntermediateSummary The Head of Security (Application & Cloud Security) is responsible for designing, implementing, and managing the security strategy for the TGCS’s applications, cloud environments, and DevSecOps processes. This role focuses on securing software...Summary
The Head of Security (Application & Cloud Security) is responsible for designing, implementing, and managing the security strategy for the TGCS’s applications, cloud environments, and DevSecOps processes. This role focuses on securing software development and cloud infrastructure and ensuring compliance with industry security frameworks. The ideal candidate will lead security initiatives, partner with engineering teams including our Toshiba Security Governance in Japan, and establish robust security controls to safeguard applications, data, and cloud-based assets from threats.
Key Responsibilities
Security Strategy & Leadership
- Define and execute the application and cloud security strategy, aligning with business and SaaS objectives.
- Lead the Application Security (AppSec) and Cloud Security teams, ensuring best-in-class security practices.
- Drive a security-first culture across development and infrastructure teams.
- Provide executive leadership with regular security updates, risk assessments, and mitigation plans.
- Evaluate and implement modern security tools and technologies to enhance security posture.
Application Security & DevSecOps
- Integrate security into the software development lifecycle (SDLC), enabling secure-by-design development.
- Implement and manage SAST, DAST, and SCA tools for automated security testing.
- Define secure coding standards and provide guidance to development teams.
- Work closely with DevOps teams to implement DevSecOps practices, automating security within CI/CD pipelines.
- Lead threat modeling exercises and penetration testing to identify vulnerabilities in applications.
Cloud Security & Infrastructure Protection
- Design and enforce security best practices for multi-cloud and hybrid cloud environments (AWS, Azure, GCP).
- Implement cloud security posture management (CSPM) solutions to monitor and secure cloud configurations.
- Ensure identity and access management (IAM) policies, encryption, and zero-trust principles are followed.
- Monitor and respond to cloud security incidents, working closely with IT and SOC teams.
- Lead compliance efforts for ISO 27001, SOC 2, NIST, GDPR, and other cloud security frameworks.
Threat Detection, Incident Response & Risk Management
- Oversee security monitoring, log analysis, and threat intelligence for cloud and application environments.
- Implement SIEM, XDR, and SOAR solutions for real-time security event detection and response.
- Define incident response playbooks for cloud and application security threats.
- Conduct regular security audits, red teaming, and penetration testing to identify and mitigate risks.
Compliance, Governance & Security Awareness
- Ensure compliance with industry security standards (NIST, OWASP, CSA, ISO 27001, SOC 2, GDPR, CCPA).
- Lead cloud security risk assessments, ensuring vendors and third parties meet security requirements.
- Develop and enforce security policies, training programs, and awareness campaigns.
- Partner with legal and compliance teams to ensure data protection and privacy regulations are met.
Qualifications & Experience
- Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.
- 10+ years of experience in application security, cloud security, or cybersecurity leadership roles.
- Expertise in securing Azure, GCP, AWS and Kubernetes environments.
- Strong background in DevSecOps, CI/CD security, and software security principles.
- Hands-on experience with SAST, DAST, SCA, CSPM, and SIEM tools.
- Deep knowledge of cloud security frameworks (CIS Benchmarks, CSA, NIST, OWASP Cloud-Native Security).
- Strong understanding of identity and access management (IAM), zero trust, and container security.
Preferred Certifications
- CISSP (Certified Information Systems Security Professional)
- CCSP (Certified Cloud Security Professional)
- OSCP (Offensive Security Certified Professional)
- CISM (Certified Information Security Manager)
Azure Certified Security — Specialty, Google Cloud Security Engineer, or AWS Security Engineer
More -
· 51 views · 13 applications · 27d
Chief Information Security Officer (СISO)
Full Remote · EU · Product · 5 years of experience · IntermediateCompany: Developer of a B2C trading platform Company size: 150+ employees and growing Work format: remote Reporting to: CEO, close collaboration with CTO Why is this role exciting? This is a unique opportunity to build the security function from the...Company: Developer of a B2C trading platform
Company size: 150+ employees and growing
Work format: remote
Reporting to: CEO, close collaboration with CTO
Why is this role exciting?
This is a unique opportunity to build the security function from the ground up in a fast-growing tech company. You’ll be working in a young and friendly team, tackling real security challenges rather than focusing on compliance and certification. The company values practical and efficient security that brings real benefits to the business.
The role offers plenty of interesting challenges, room for professional growth, and the opportunity to set up the security function as needed. If you’re passionate about hands-on security, solving real-world security problems, and making an impact, this role is for you!
Responsibilities:
- Building a corporate information and cybersecurity system from scratch, aligning with business strategy and leadership expectations
- Identify security risks in business processes, evaluate, and prioritise mitigation controls
- Executethe cybersecurity roadmap with alignment to the emerging threats
- Implementing and managing access control (SSO, MFA, RBAC)
- Developing and enforcing information security policies for personal data protection (PII), information, and access management procedures
- Establishing vulnerability management processes
- Control network and application security resilience against attacks (DDoS, takeovers, injections, etc.),
- Developing and implementing workstation security with Mobile Device Management (MDM) policies and XDR tools
- Collaborating with IT and development teams on the platform’s security architecture, customer security aspects in products, and enabling DevSecOps
- Lead the security incident management process, orchestration, and control execution
Conducting security training and fostering a strong security culture
Requirements:
- 5+ years of experience in information security
- Strong knowledge in security frameworks such as ISO27000, NIST, SOC, CSI or similar
- Practical understanding of IAM, PII protection built into the operational process of the company
- Experience in setting up vulnerability and patch management processes
- Familiarity with security threats and mitigation practices for DDoS, brute forces, injections, etc.
- Experience in mobile security, anti-virus tools, and BYOD policies
- Understanding of DevSecOps and the secure software development concept
- Ability to design security processes from scratch and their adoption
- Practical knowledge of cryptocurrencies and the risks associated with crypto
- Excellent communication and reporting skills
- Agility in risk management
Nice to have:
- Experience in fintech companies or trading platforms
- Experience in implementing SOC, DLP, and SIEM
- Knowledge of compliance frameworks (GDPR, PCI DSS)
We offer flexibility in discussing terms, building a team, and providing the necessary resources to create a strong, practical security system that truly benefits the business.
More -
· 46 views · 4 applications · 21d
(fluent English) IT Compliance and Audit Specialist
Countries of Europe or Ukraine · Product · 3 years of experience · Upper-IntermediateHave you always dreamed of building a career in information security? Do you have an analytical mindset and a keen eye for detail? We are looking for an IT Compliance & Audit Specialist who is eager to expand their knowledge in information technology...Have you always dreamed of building a career in information security? Do you have an analytical mindset and a keen eye for detail?
We are looking for an IT Compliance & Audit Specialist who is eager to expand their knowledge in information technology and cybersecurity, as well as gain experience working in an international IT company.
You will work on a wide range of tasks related to information security to support the company's operations together with our Security Department.
Sounds interesting? There's more to come 💛
What you will do:
- Manage certification preparation processes (ISO, PCI DSS, SOC 2, etc.) and conduct them in accordance with relevant requirements (HIPAA, GDPR, CCPA, etc.)
- Monitor compliance of IT infrastructure with security standards;
- Collaborate with auditors and certification bodies;
- Monitor changes in legislation and security standards;
- Create documentation on policies and processes;
- Handle security requests from clients (external and internal);
- Develop and conduct internal audits;
- Assess risks and monitor compliance with security requirements;
- Prepare and conduct training on information security and compliance requirements.
What you need to succeed in this role:
- 3+ years of proven experience in information security, audit or compliance sphere(s);
- Degree in information technology, cybersecurity, law or risk management;
- Certifications (one or more) are desirable:
- ISO 27001 Lead Implementer / Lead Auditor;
- CISM (Certified Information Security Manager);
- CISA (Certified Information Systems Auditor);
- CISSP (Certified Information Systems Security Professional);
- CIPP/E or CIPM (for GDPR);
- PCIP, ISA or QSA (for PCI DSS). - Experience in external audits and certification preparation;
- Knowledge of risk management principles;
- Skills in conducting GAP analysis and internal audits;
- Outstanding analytical skills and attention to detail;
- Excellent English skills (for interacting with auditors, writing policies and reports, communicating with clients).
Would be a plus:
- Experience working in the financial and/or tech industry that handles sensitive data;
- Experience in automating compliance processes (GRC platforms, ISMS systems);
- Knowledge of DevSecOps approaches for integrating security into the development lifecycle.
Benefits and Perks:
- Business hours;
- Opportunity to work fully remotely;
- Creative and unique art offices;
- Inclusive international environment;
- Compensation in USD;
- Good bonuses for referring friends;
- Paid intensive training and probation;
- Mind-blowing corporate events and social activities;
- Work-life balance;
- Responsive management interested in your growth and long-lasting cooperation;
- Greenhouse conditions for self-development.