Jobs Security

Playtech‘s Security unit is looking for Security Operations Engineer with excellent communication and problem-solving skills.

Your influential mission. You will...

• Support, maintain and operate security infrastructure and technologies used by SOC and make recommendations to enhance threat detection
• Build up and improve real-time security monitoring and incident response framework and playbooks
• Develop security detection use cases, tune signatures and refine analytical models in order to identify malicious activity
• Maintain, tune and troubleshoot SIEM Solution to deliver optimal performance and best detection and investigation capabilities
• Identify new data sources and integrate them into monitoring operations
• Evaluate and implement new information security tools and technologies in support of SOC needs
• Provide analysis and trending of security events, alarms, and information from a large number of heterogeneous security devices and critical environments
• Participate in knowledge sharing with other analysts and improve incident response documentation
• Provide Incident Response (IR) investigation, support and triage to security alerts

Components for success. You...

• Should have 2+ years of experience in a technical environment in the role of Security Operations Engineer/Security Engineer/SRE/DevOps
• Must have ability to identifies and develop workflow automation to lower response time and eliminate lengthy response times
• Display good knowledge of Information Security, IT and Networking principles
• Must have ability to demonstrate a deep understanding of cyber security monitoring platforms such as intrusion detection systems (IDS), Endpoint Protection, Web proxies, firewalls, EDR, UEBA, CASB
• Must have solid organizational skills including attention to detail and multitasking skills.
• Should have great written & spoken English.
• Have experience with Linux, Docker

You'll get extra points for...

• Basic knowledge of AWS, GIT, CI/CD

Thrive in a culture that values...

• Possibility to work with a product company
• Personalised professional growth
• Warm and friendly attitude to every specialist
• Educational possibilities
• Competitive salary and benefits
• Medical insurance
• Fully-equipped cosy office space located in the city centre (Gulliver, “Palats Sportu” metro station)
• Paid vacation days, sick leaves and national holidays
• Corporate events and team buildings

SECURITY TEAM

The Security Team is a dynamic and forward‑thinking unit responsible for building, improving, and safeguarding Playtech’s global infrastructure. We work across the organization to ensure secure, reliable, and resilient systems.

Joining the Security Unit means tackling complex challenges, working with modern technologies, and continuously strengthening your security expertise within one of the industry’s most trusted and respected companies.

Playtech is an equal opportunities employer. Our mission is to welcome everyone and create inclusive teams. We celebrate differences and encourage everyone to join us and be themselves at work.

About the company

Our client is a leading autonomous vehicle technology company operating at the cutting edge of self-driving software development. 

Role overview

We are not looking for a traditional SOC analyst. This role is about building detection systems, not clicking through alerts. You will work with large volumes of logs (cloud, application, network), design detection logic, and improve it over time. That includes both rule-based detection (SIEM/XDR) and data-driven approaches (statistical models, anomaly detection, simple ML where it makes sense). You should be comfortable treating logs as a data problem, not just a monitoring stream.

Important! This is not a role where you:

• sit in SIEM all day clicking alerts
• blindly add rules
• overcomplicate things with ML

This is a role where you: build detection systems that work in practice.

What you'll be doing

Detection & analytics

• Build and maintain detections across:
• application logs (auth, APIs, business logic abuse)
• cloud activity (CloudTrail, IAM, infrastructure changes)
• network telemetry (DNS, proxy, firewall, NetFlow)
• Work directly with data in platforms like Elasticsearch / Splunk / similar
• Write and tune detection logic (queries, correlation rules)
• Reduce noise — expect to spend time fixing false positives, not just adding new rules.

Working with data (this is a big part of the job)

• Build pipelines for:
• log ingestion
• normalization
• feature extraction
• Work with streaming or batch pipelines (Kafka / queues / scheduled jobs)
• Turn raw logs (e.g. CloudTrail) into structured data usable for detection.

Anomaly detection / ML (practical, not theoretical)

• Apply simple models where they add value (e.g. One-Class SVM or similar approaches)
• Focus on:
• behavior baselining
• anomaly scoring
• Tune models based on real output (false positives matter more than theory) 
• If ML does not improve signal — don't use it.

Automation & response

• Build response playbooks for common cases
• Automate where it actually saves time (not for the sake of it)
• Integrate with SOAR or write lightweight orchestration
• Improve:
• detection speed
• response consistency.

AI usage (realistic expectations)

• Use LLMs for:
• alert enrichment
• investigation summaries
• internal tooling
• Not building an "AI security platform"
• Focus on practical gains, not hype.

Threat hunting

• Run targeted hunts based on hypotheses
• Use internal data + external signals
• Identify gaps in logging and detection.

Requirements

• Solid experience with SIEM (Elastic, Splunk, Sentinel, etc.)
• Strong understanding of:
• cloud activity (especially AWS logs and IAM)
• network basics
• modern application behavior (APIs, auth flows)
• Comfortable working with large datasets (not afraid of raw logs)
• Python or similar for data processing
• Experience with automation (SOAR or custom scripts).

Nice-to-have (but not critical)

• Experience applying ML to logs (even simple models is enough)
• Familiarity with LLMs in tooling (not research)
• Experience with data pipelines (Kafka, Spark, etc.)
• MITRE ATT&CK mapping

What will make you effective here

• You don't trust alerts blindly
• You care about signal quality, not number of detections
• You can debug why a detection is noisy or useless
• You understand systems, not just tools
• You prefer building something once instead of repeating manual work.

How success looks like

• Fewer false positives
• Better visibility across systems
• Faster investigations
• Less manual work in SOC
• Detections that actually catch real issues

We’re looking for a DevOps Engineer (Security Focus) who treats security as a first-class engineering concern, not a compliance checkbox. You’ll work closely with development to embed security into every stage of the delivery lifecycle — from the first commit to production monitoring.

Responsibilities:

• Design and maintain secure CI/CD pipelines from commit to production
• Integrate SAST, DAST, SCA, and secret scanning into GitLab / GitHub Actions
• Harden Kubernetes clusters — RBAC, network policies, admission controllers, pod security standards
• Manage cloud infrastructure (AWS / GCP) using IaC — Terraform, Helm, GitOps workflows
• Implement Zero Trust architecture, mTLS, and service mesh (Istio / Linkerd)
• Own the observability and alerting stack — Prometheus, Grafana, Loki, ELK
• Lead threat modeling sessions and security-focused code reviews
• Drive compliance work (SOC 2, ISO 27001, GDPR) on the technical side
• Mentor engineers and promote a shift-left security culture across the team

Requirements:

• 4+ years in DevOps, DevSecOps, or a closely related role
• Proven experience building secure pipelines in real production environments
• Solid hands-on knowledge of Kubernetes and cloud providers (AWS preferred)
• Strong grasp of network security — firewalls, VPC, WAF, TLS/mTLS
• Practical experience with secret management and key rotation
• Actively uses AI tools in daily work — Copilot, Cursor, Claude, or similar
• Understanding of OWASP Top 10, CVE processes, and vulnerability disclosure
• At least B2 English — comfortable reading docs, writing in async, and joining calls

Nice to have:

• Experience preparing for or passing SOC 2 / ISO 27001 audits
• Certifications: CKS, AWS Security Specialty, OSCP, or equivalent
• Familiarity with eBPF-based security tools — Cilium, Tetragon
• Background in FinTech, HealthTech, or another regulated domain
• Scripting or automation skills in Python

We Offer:

• Innovation Culture: Work in a team that actively experiments with AI and modern development approaches
• Flexible Work: Remote work or a modern office in Kyiv
• Generous Time Off: 20 paid vacation days + 15 sick leave days annually
• Professional Growth: Compensation for courses, certifications, and learning resources
• Cutting-Edge Tools: Access to premium AI tools (Cursor Pro, GitHub Copilot, etc.)
• Supportive Environment: Collaboration, trust, and focus on outcomes rather than micromanagement

Recruitment Process:

1. HR Interview
2. Tech&Final Interview
3. Job Offer

If you have any questions or need clarifications, feel free to reach out to our Talent Hunter Team by email.

We are looking for a  DevSecOps Engineer to join our team and help maintain and improve a secure cloud infrastructure on AWS. Our applications run on Kubernetes (EKS), Cloudflare is used for edge protection, and Wazuh serves as our SIEM / HIDS platform.
 

This role is suited for an engineer with hands-on experience who will work within an existing architecture and established best practices, rather than owning the full system design.

Requirements:
AWS / Cloud

• 2+ years of commercial experience with AWS;
• Hands-on experience with EKS or other managed Kubernetes platforms;
• Basic understanding of IAM, VPC, Security Groups, and CloudWatch.

Kubernetes / Containers

• Experience with Kubernetes (deployments, services, ingress);
• Understanding of Kubernetes RBAC (ability to apply and maintain existing policies);
• Experience with Docker (building and running containers).

Security / Monitoring

• Experience with Wazuh or other SIEM / security monitoring solutions;
• Understanding of logging, alerting, and basic HIDS principles;
• Hands-on experience with Cloudflare (DNS, basic WAF configuration).

DevOps / Automation

• Experience with CI/CD tools (GitLab CI, GitHub Actions);
• Infrastructure as Code: Terraform;
• Bash or Python for basic automation tasks.

Networking

• Understanding of HTTP/S, DNS, and TLS;
• Basic knowledge of cloud networking concepts.

Responsibilities:

• Maintain and enhance CI/CD pipelines with integrated security checks;
• Support and operate Kubernetes clusters (AWS EKS);
• Configure and maintain Wazuh (agents, basic rules, alerts, dashboards);
• Support and optimize Cloudflare services (DNS, basic WAF rules, rate limiting);
• Deploy and update infrastructure using IaC (Terraform / CloudFormation);
• Manage access controls (AWS IAM, Kubernetes RBAC);
• Monitor logs and security alerts and participate in incident response;
• Apply basic hardening practices for containers and EKS nodes;
• Collaborate with development teams to ensure secure application deployments;
• Configure infrastructure according to CIS benchmarks.

Nice to Have:

• Experience with security scanning tools (Burp, Snyk, kube-bench);
• Familiarity with AWS Security Hub or GuardDuty;
• Basic understanding of Zero Trust principles;
• Experience with multi-account AWS environments;
• Exposure to security policies or compliance controls;
• Experience with ELK Stack.
   

What We Offer:

• Work in a team with established processes and mentoring;
• Clear growth path toward a Senior DevSecOps Engineer role;
• Modern cloud-native technology stack (AWS, Kubernetes, Terraform);
• Flexible work format (remote / hybrid);
• Competitive compensation based on experience

We are looking for a Senior DevSecOps with strong Azure background to join a product team working on a high-load AI-powered application.

Key areas of focus:
Azure infrastructure and security (Entra ID, Managed Identity, networking)
Async task processing and scalable queue-based architectures
CI/CD security practices - vulnerability scanning, dependency management
Observability - logging, tracing, monitoring at scale
Experience with Python-based backends in high-load environments
The role requires hands-on problem-solving ability, not just configuration experience. The candidate will be expected to advise on architecture decisions.

Location: Remote

Team: Security / Platform

About the company

Our client is a leading autonomous vehicle technology company operating at the cutting edge of self-driving software development. 

Role overview

We are not looking for a traditional SOC analyst. This role is about building detection systems, not clicking through alerts. You will work with large volumes of logs (cloud, application, network), design detection logic, and improve it over time. That includes both rule-based detection (SIEM/XDR) and data-driven approaches (statistical models, anomaly detection, simple ML where it makes sense). You should be comfortable treating logs as a data problem, not just a monitoring stream.

Important! This is not a role where you:

• sit in SIEM all day clicking alerts
• blindly add rules
• overcomplicate things with ML

This is a role where you: build detection systems that work in practice.

What you'll be doing

Detection & analytics

• Build and maintain detections across:
• application logs (auth, APIs, business logic abuse)
• cloud activity (CloudTrail, IAM, infrastructure changes)
• network telemetry (DNS, proxy, firewall, NetFlow)
• Work directly with data in platforms like Elasticsearch / Splunk / similar
• Write and tune detection logic (queries, correlation rules)
• Reduce noise — expect to spend time fixing false positives, not just adding new rules.

Working with data (this is a big part of the job)

• Build pipelines for:
• log ingestion
• normalization
• feature extraction
• Work with streaming or batch pipelines (Kafka / queues / scheduled jobs)
• Turn raw logs (e.g. CloudTrail) into structured data usable for detection.

Anomaly detection / ML (practical, not theoretical)

• Apply simple models where they add value (e.g. One-Class SVM or similar approaches)
• Focus on:
• behavior baselining
• anomaly scoring
• Tune models based on real output (false positives matter more than theory) 
• If ML does not improve signal — don't use it.

Automation & response

• Build response playbooks for common cases
• Automate where it actually saves time (not for the sake of it)
• Integrate with SOAR or write lightweight orchestration
• Improve:
• detection speed
• response consistency.

AI usage (realistic expectations)

• Use LLMs for:
• alert enrichment
• investigation summaries
• internal tooling
• Not building an "AI security platform"
• Focus on practical gains, not hype.

Threat hunting

• Run targeted hunts based on hypotheses
• Use internal data + external signals

• Identify gaps in logging and detection.

   

Requirements

• Solid experience with SIEM (Elastic, Splunk, Sentinel, etc.)
• Strong understanding of:
• cloud activity (especially AWS logs and IAM)
• network basics
• modern application behavior (APIs, auth flows)
• Comfortable working with large datasets (not afraid of raw logs)
• Python or similar for data processing

• Experience with automation (SOAR or custom scripts).

   

Nice-to-have (but not critical)

• Experience applying ML to logs (even simple models is enough)
• Familiarity with LLMs in tooling (not research)
• Experience with data pipelines (Kafka, Spark, etc.)

• MITRE ATT&CK mapping

   

What will make you effective here

• You don't trust alerts blindly
• You care about signal quality, not number of detections
• You can debug why a detection is noisy or useless
• You understand systems, not just tools

• You prefer building something once instead of repeating manual work.

   

How success looks like

• Fewer false positives
• Better visibility across systems
• Faster investigations
• Less manual work in SOC
• Detections that actually catch real issues

Why we exist:

Swarmer develops software that makes drones autonomous and allows them to operate together, in large, coordinated teams — no pilots needed. Our technology has been battle-tested in Ukraine— the world’s most intense proving ground for drone warfare.

In March 2026, we became the first Ukrainian defense startup to go public on NASDAQ, following a $15M Series A — the largest investment in a Ukrainian defense tech company since the start of the war.

Working at Swarmer means operating at the intersection of engineering rigor and frontline reality. The problems and environments are complex, and the stakes are very real. We built this software to enable democratic nations to defend themselves.

If you are motivated by building resilient systems that matter and by seeing the direct impact of youra work, you’ll find purpose here.

What we’re looking for:

We are looking for a Director of Physical Security who will take full ownership of building and leading our physical security function. This role is about creating a modern, multi-layered security framework that safeguards our people, offices, and technologies. You will ensure that Swarmer not only meets the highest security standards but also builds a proactive, risk-driven security culture across the organization.

What you’ll do:

• Develop and lead a comprehensive corporate security strategy covering physical security, operational resilience, and personnel protection.
• Ensure the security of offices, facilities, and employees, including access control, surveillance, and incident response procedures.
• Maintain close cooperation with Ukrainian, Polish, and American defense, security, and regulatory bodies to ensure compliance and effective security operations.
• Work alongside Legal and HR to ensure rigorous background check processes, adherence to data privacy regulations, and secure hiring practices (including background management where applicable).
• Build internal awareness and training programs to foster a culture of security across the organization.
• Anticipate risks, assess vulnerabilities, and proactively initiate systemic changes to strengthen our resilience.
• Establish and maintain security standards that align with international best practices.

What we need:

• 5+ years of experience in corporate, defense, or government-related security roles.
• Proven track record of building security systems end-to-end (not just executing, but shaping strategy and vision).
• Strong knowledge of the physical security domain.
• Structured, risk-oriented mindset with the ability to see consequences and drive systemic change.
• Modern approach to security — using contemporary tools, methodologies, and international standards.
• Fluent English (spoken and written).
• Ability to work with senior leadership and influence decision-making.

What you’ll get:

• Professional growth through working with cutting-edge defense technologies and exposure to international security best practices.
• A fast-paced environment with minimal bureaucracy and no “process for the sake of process”.
• Competitive salary and a comprehensive benefits package (insurance, paid sick leave, 20 paid days off per year).
• Benefits of the defense sector (e.g., reservation, etc.).
• Flexible remote work options where possible.

How’s the hiring process going:

✔️ Intro Call → ✔️ Interview with VP of Operations → ✔️ Interview with Security Consultant → ✔️ Final interview with CEO → ✔️ Offer

Please note that, as a leading defense tech company, we take operations security seriously and may need to perform additional background checks as part of our hiring process. We will do so in accordance with all applicable EU laws and regulations and safeguard your data in the process.

Ready to Apply?

We are looking for an Identity and Access Management Engineer to build and strengthen our identity and access security controls across cloud, SaaS, and internal systems. In this role, you will be responsible for implementing practical Zero Trust principles, ensuring secure authentication, enabling Single Sign-On (SSO), enforcing Multi-Factor Authentication (MFA), and handling other key security tasks. Join our team to help protect sensitive data and improve the overall security posture of our systems.

Responsibilities

• Implement and maintain IAM controls across cloud, SaaS, and internal platforms
• Configure and optimize SSO integrations using SAML, OAuth 2.0, and OIDC
• Design and refine MFA and Conditional Access policies 
• Support secure user lifecycle processes, including Joiner, Mover, and Leaver (JML) activities
• Participate in access reviews and privilege cleanup activities
• Troubleshoot  authentication and authorization issues
• Analyze authentication events and provide technical expertise for identity-related investigations
• Collaborate with Engineering and IT teams to ensure secure onboarding of applications and access models
• Ensure alignment with audit and compliance requirements related to IAM controls
• Contribute to practical Zero Trust improvements based on company priorities and maturity

Requirements

• 3+ years of hands-on experience in IT or Information Security with a dedicated focus on Identity and Access Management (IAM), authentication, SSO, MFA, access control and user administration
• Practical experience with major Identity Providers such as Microsoft Entra ID, Okta, or similar solutions
• Solid grasp of identity standards, including SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC)
• Proven ability to configure SSO integrations, manage MFA policies, and administer user/group/role hierarchies
• Strong understanding of Least Privilege, Conditional Access frameworks, and Joiner-Mover-Leaver (JML) lifecycles
• Ability to troubleshoot authentication issues and analyze identity-related logs
• Proficiency in PowerShell, Python or Bash
• English - Intermediate or higher (for free communication)

Will be a plus

• Practical experience in automating identity workflows, including user provisioning, deprovisioning, access reviews, and role-based access assignments

• Experience in enterprise-scale Fintech, Banking, or Telecom industries

   

We offer

• 20 paid vacation days per year
• 10 paid sick leave days per year
• Public holidays as per the company’s approved Public holiday list
• Medical insurance
• Opportunity to work remotely
• Professional education budget
• Language learning budget
• Wellness budget (gym membership, sports gear and related expenses)

Would you be open to leading the Platform & Cloud Security direction in a top-tier iGaming product? We’re looking for a Security Lead to work on a high-load system. You’ll collaborate closely with the CTO, have full ownership of decisions, remote, and top-of-the-market terms.

This role combines technical expertise, investigative focus, and process leadership – ensuring that our systems, data, and people remain secure, compliant, and resilient.

Main Responsibilities

Information Security & Compliance

– Maintain and continuously improve the ISO/IEC 27001:2022 Information Security Management System (ISMS)

– Foster a strong Security-First mindset across the organization

– Work closely with the CTO, Head of IT, and DevOps to enhance internal security controls

– Conduct internal audits, risk assessments, and coordinate certification renewals

– Update security policies and controls in line with ISO 27001, GDPR, and relevant international frameworks (e.g., NIST CSF and NIS2 principles where applicable)
– Manage integrations and alerting within Datadog SIEM, CrowdStrike, Cloudflare, and Google Workspace

– Support DLP implementation and maintain central tracking of security events

– Document risks, incidents, and corrective actions to ensure continuous compliance

Incident Response & Investigation

– Lead investigations into security incidents such as phishing, data leakage, or unauthorized access

– Collect and analyze digital evidence across systems (CrowdStrike, Cloudflare, Google, Slack)

– Maintain and enhance incident response playbooks and escalation workflows

– Collaborate with HR, Legal, and IT teams during internal investigations

– Produce post-incident reports and recommend remediation measures

Endpoint & Access Security

– Manage MDM systems (Zoho MDM, Endpoint Central) and ensure full compliance for macOS endpoints

– Maintain CrowdStrike Falcon configurations and endpoint posture enforcement

– Oversee SSO, MFA, and 2FA enforcement across services (Google SSO, DUO Mobile, 1Password)

– Implement Just-in-Time (JIT) privilege elevation and regular admin access reviews

– Perform Quarterly RAS Access Management Reviews

– Maintain a consistent audit trail for access management throughout the year

Mandatory Requirements

– 3+ years of experience in information security, IT audit, or digital investigations

– Solid understanding of ISO 27001, GDPR, and modern security frameworks (NIST CSF / NIS2)

– Hands-on experience with SIEM / EDR systems

– Proven ability to manage SSO, MFA, DLP, and MDM environments

– Strong communication skills in English (B2 or higher)

– Analytical mindset, integrity, and attention to detail

Nice to Have

– Certifications: CISSP, CISM, CEH, ISO 27001 Lead Auditor, AWS Security Specialty

– Experience with Zero Trust, PAM, DLP/CASB, or SOAR platforms

– Forensics experience

– Experience in designing awareness programs or running phishing simulations

We offer

Competitive Salary: We offer a competitive salary in EUR, subject to annual performance reviews

Quarterly Bonuses: Benefit from a transparent and systematic quarterly bonus system

Flexible Schedule: We offer a flexible work schedule to accommodate your needs

Remote Work Option: Choose to work remotely, providing greater flexibility and comfort

Medical Insurance: Receive comprehensive medical insurance for both you and a significant other

Financial Support for Life Events: We provide financial support during special life events

Unlimited Paid Vacation: Enjoy unlimited paid vacation leave

Unlimited Paid Sick Leave: Take unlimited paid sick leave whenever necessary

Professional Development: Get reimbursement for professional development courses and training

Recruitment Process

– HR interview

– Technical interview

– Final interview

RedCore is an international business group that creates technological solutions for digital markets. Our products and services cover fintech, marketing, e-commerce, customer service, communications, and regulatory technologies. 

We are looking for a Security Engineer to join our team!

Requirements:

- 3–4+ years of hands-on experience in DevSecOps, Cloud Security, or Application Security
- Strong understanding of DevOps practices and tools: GitLab CI/CD, ArgoCD, Helm, Terraform, Ansible
- Solid experience securing Kubernetes clusters (EKS, GKE, or self-hosted): NetworkPolicy, Pod Security Standards, RBAC, Kyverno / Gatekeeper, secrets management, and runtime security
- Practical experience with Service Mesh — Istio (and related solutions: Linkerd, Cilium Service Mesh)
- Hands-on experience with IaC scanning and hardening (Terraform, Crossplane): Checkov, Terrascan, tfsec, OPA/Gatekeeper
- Experience with SAST/DAST/SCA tools: Semgrep, SonarQube, Trivy, Grype, Snyk, OWASP ZAP, Nuclei
- Good knowledge of Secure SDLC, Shift-Left approach, Zero Trust, and Secure by Design principles
- Solid understanding of cloud platforms (AWS + GCP required, OpenStack is a plus): IAM, encryption at rest/transit, KMS, and native security services
- Strong Linux administration skills and scripting (Bash, Python).
Experience with SIEM/SOAR and security logging solutions (ELK, Loki+Promtail, OpenSearch)

Will be plus:

- Deep expertise with Cloudflare (WAF, Zero Trust, Page Shield, Workers) or similar solutions
- Experience building Platform Security and Internal Developer Platforms with embedded security
- Strong automation skills for security processes (Policy as Code, automated remediation)
- Familiarity with eBPF-based tools (Falco, Cilium, Tetragon)
- Experience with OpenStack security components (Keystone, Barbican, Neutron, Nova hardening) 
-Knowledge of compliance frameworks (ISO 27001, SOC2, PCI DSS, GDPR)

Responsibilities:

- Design, implement, and maintain secure CI/CD pipelines with maximum automation of security checks (Shift-Left)
- Develop and maintain Security as Code (policies, baselines, compliance checks)
- Ensure security of Kubernetes platforms, workloads, and Service Mesh (Istio)
- Perform security reviews of Terraform modules and infrastructure code
- Configure and maintain WAF, runtime protection, vulnerability management, and secrets management solutions
- Automate detection, triage, and remediation of security findings
- Conduct regular audits of cloud environments and Kubernetes clusters
- Collaborate closely with Development, Platform, and SRE teams to embed security into their processes
- Participate in incident response and post-mortems with a focus on security improvements

Our benefits to you:
🍀 An exciting and challenging job in a fast-growing business group, the opportunity to be part of a multicultural team of top professionals in Development, Architecture, Management, Operations, Marketing, Legal, Finance, and more
🤝🏻 Great working atmosphere with passionate experts and leaders, sharing a friendly culture and a success-driven mindset is guaranteed
🧑🏻‍💻 Modern corporate equipment based on macOS or Windows, and additional equipment is provided
🏖️ Paid vacations, sick leave, personal events days, days off
💵 Referral program — enjoy cooperation with your colleagues and get a bonus
📚 Educational programs: regular internal training sessions, compensation for external education, attendance of specialized global conferences
🎯 Rewards program for mentoring and coaching colleagues
🗣️ Free internal English courses
✈️ In-house Travel Service
🦄 Multiple internal activities: online platform for employees with quests, gamification, presents and news, clubs for movie/book/pets lovers, and more
🎳 Other benefits could be added based on your location

PrivatBank is the largest bank in Ukraine and one of the most innovative banks around the world. It holds a leading position for all the financial indicators in the area and comprises about a quarter of the whole banking system of our country.

We are looking for an Application Security Engineer. We are searching for the person who seeks to work in a dynamic environment and shares the values of initiative, openness and mutual trust.

We are striving to find a goal-oriented and multitask professional who would be focused on making good results and high quality.

Requirements:

• At least 3 years of experience in application security or related fields such as penetration testing and security architecture
• Proficiency in using security scanners such as SAST, DAST, SCA, Secret Detection, and Container scanning
• Experience integrating security scanners in CI/CD pipelines using Jenkins for GitLab
• Certifications such as CEH, OSCP, CSSLP, AWS Certified Security Specialty, etc. is preferred
• Background in software development, including roles such as Developer, Business Analyst, Architect, DevOps, etc
• Knowledge of Secure Software Development Life Cycle (S-SDLC) and frameworks like OWASP SAMM, BSIM, and Microsoft SDL
• Familiarity with the software development process and stages
• Basic understanding of software code
• Knowledge of key infrastructure components like databases, queues, application servers, load balancers, NoSQL, etc
• Understanding of major types of vulnerabilities
• Understanding of software architecture
• Knowledge of network protocols such as DNS, HTTP/S, SMTP, SSH, and FTP
• Ability to independently research information and solve complex problems
• Critical thinking skills

Responsibilities:

• Conduct security audits using the OWASP SAMM framework to assess current practices, identify gaps, and evaluate compliance levels within the organization
• Develop and implement strategic plans aimed at enhancing security maturity levels throughout the organization, with gradual improvements
• Application security governance and metrics
• Collaborate with various team members, including developers and top management, to advocate and implement application security best practices
• Improve our application security management platform
• Manage security architecture, focusing on integrating security at every stage of the software development lifecycle
• Integrate and oversee security automation tools to enhance security processes and reduce manual error
• Oversee security testing across various stages of software development to identify and mitigate potential security vulnerabilities
• Engage in threat modeling activities to predict and neutralize potential security threats before they impact the system
• Ensure compliance with relevant industry standards and regulations by regularly updating security policies and standards
• Track and manage software defects to ensure timely resolution of security-related issues
• Develop and conduct training and awareness programs to enhance security knowledge and practices across the organization
• Spearhead the secure integration of CI/CD practices into software development processes to ensure continuous security
• Use cloud services for application security

We offer:

• Work in the largest and most innovative bank of Ukraine
• Official employment and 24+4 calendar days of vacation
• Sick leave compensation
• Medical Insurance
• Competitive salary
• Bonuses, premium according to company policy
• Corporate training
• Modern comfortable office
• Interesting projects, ambitious tasks and dynamic growth
• Corporate financial assistance in critical situations
• A friendly professional and strong team
• Possibility of remote work format

PrivatBank is open to support and employ veterans and people with disabilities.

We believe that discrimination due to health conditions, physical abilities, age, race and ethnicity, gender or marital status is unacceptable.

We are ready to train veterans and candidates with disabilities without banking experience.

Reverse Engineer (Android / Windows)

About the Role

We’re looking for a highly skilled Reverse Engineer to analyze, understand, and modify complex software systems across Android and Windows platforms. You will work on low-level system components, proprietary protocols, and real-world production binaries—going far beyond basic static analysis.

This role requires deep technical expertise in native code, system internals, and runtime behavior, with a strong focus on practical reverse engineering and problem-solving.

Responsibilities

• Reverse engineer Android and Windows applications (Java/Kotlin + native C/C++)
• Analyze compiled binaries, obfuscated code, and packed applications
• Perform dynamic instrumentation, tracing, and runtime analysis
• Understand and modify system-level behavior (services, drivers, IPC, networking)
• Reverse proprietary protocols and data formats
• Identify security mechanisms, protections, and bypass techniques
• Develop tooling, scripts, and automation for analysis workflows
• Collaborate with engineering teams to integrate findings into products

Requirements

Core Skills

• Strong experience with reverse engineering tools:
  • IDA Pro / Ghidra / Binary Ninja
  • Frida, LLDB, WinDbg, x64dbg
• Solid understanding of:
  • Assembly (ARM, ARM64, x86/x64)
  • Native code (C/C++)
  • Memory management, calling conventions, binaries

Android

• Deep understanding of Android internals:
  • ART / Dalvik runtime
  • Binder IPC
  • System services & HALs
• Experience reversing APKs and native libraries (.so)
• Familiarity with AOSP structure and system components

Windows

• Understanding of Windows internals:
  • User-mode & kernel-mode architecture
  • Windows APIs, services, drivers
• Experience analyzing PE binaries, DLLs, and system behavior

Nice to Have

• Experience with iOS reversing (Objective-C / Swift, Mach-O)
• Knowledge of anti-debugging / anti-tampering techniques
• Experience with emulators, virtualization, or sandboxing
• Cryptography and protocol analysis experience
• Exploit development or vulnerability research background

What We Expect

• Ability to work with incomplete information and figure things out independently
• Strong debugging mindset and curiosity
• Focus on real-world results, not just theoretical analysis
• Clean and well-documented findings

We’re hiring a Lead IT Security Engineer for Limitless Labs — a crypto + AI company building one of the largest prediction markets on Base.

The platform has already processed $3B+ in trading volume, with strong user engagement and retention. Security is a critical part of scaling the system further.

What you’ll do

• Own and lead security operations across the company
• Build and improve threat detection, monitoring, and incident response systems
• Design SIEM, logging, and alerting pipelines
• Lead incident response and post-mortems
• Conduct risk assessments and threat modeling
• Manage vulnerabilities and remediation processes
• Ensure readiness against real-world attacks (DDoS, exploits, key compromise)
• Work with external security vendors and auditors

What we’re looking for

• 7+ years in Security Operations
• Experience owning security in production environments
• Strong knowledge of cloud security (GCP, Cloudflare)
• Solid understanding of infrastructure, network, and application security
• Hands-on experience with SIEM / EDR / SOAR systems
• Experience handling high-severity incidents
• Ability to operate under pressure and make critical decisions

Nice to have

• Web3 / blockchain security experience
• Experience securing financial or trading systems
• SOC2 / ISO 27001 experience
• Background in penetration testing or red teaming

Why this role

• Real impact on a live system with real users and funds
• High ownership and autonomy
• Fast-moving, high-risk environment
• Opportunity to build and shape security operations

About the project

We're working on an enterprise-scale Cyber Recovery Environment in AWS — built to protect critical workloads from ransomware and destructive attacks. Think highly isolated cloud architecture, immutable storage, fail-closed security, and automated access controls. Everything is scoped to NIST 800-53 Moderate, with a full audit-ready evidence package ready at go-live.

The role

You'll be the person who owns security controls — from design to validation to ongoing review — with everything implemented as code. It's a part-time engagement (~20 hrs/week) with a predictable twice-weekly review cadence covering infrastructure, IAM, encryption, and serverless automation. You'll work closely with GRC, SOC, and Cloud/DevOps teams, so communication matters as much as technical depth here.

What you'll be doing

• Designing and implementing security controls against NIST 800-53 Moderate — tailoring them to the environment and mapping inheritance across layers
• Running regular security reviews of Terraform and IaC changes, keeping a clean findings log and tracking remediations
• Reviewing and shaping IAM policies, SCPs, and access models across a multi-account AWS setup
• Designing and validating KMS encryption — key policies, rotation schedules, and cross-account access patterns
• Reviewing and improving serverless automation — replication windows, access controls, and security boundaries
• Making sure logging, monitoring, and threat detection are properly configured end-to-end
• Validating the fail-closed model — access restrictions, automated controls, and break-glass procedures
• Keeping the Control Traceability Matrix up to date and putting together audit evidence packages in immutable storage
• Supporting SIEM integration, tuning detection rules, writing runbooks, and helping internal teams get up to speed

What we're looking for

• 5+ years in AWS Security or DevSecOps engineering
• Solid, hands-on Terraform experience — you know what to look for in an IaC security review
• Real familiarity with NIST 800-53 Rev. 5 and what it actually takes to pass an audit
• Deep knowledge of IAM, Identity Center, SCPs, and multi-account AWS architecture
• Strong background in KMS and encryption design
• Hands-on with AWS security and monitoring services — logging, config, threat detection
• Experience validating automated, fail-closed security architectures
• Comfortable writing Python and/or Bash
• Clear communicator — you document things well and can explain security decisions to non-security people

Nice to have

• Cyber recovery / immutable storage
• S3 Object Lock
• Security Hub Macie · Inspector · Access Analyzer
• AWS Solutions Architect Pro / DevOps Pro
• SOC 2 · PCI-DSS · HIPAA
• SIEM integration experience

What AppRecode offers

• 20 days of paid annual leave plus public holidays.
• 5 paid sick days per year.
• Remote-first work environment.
• Friendly and supportive team culture.
• Personal development plans and access to experienced mentors and technical leaders.
• Reimbursement for sports activities and professional certifications (after probation).
• Ongoing learning opportunities: internal trainings and knowledge-sharing sessions.
• Free English classes if you want to further improve your communication skills.

About the company

Our client is a leading autonomous vehicle technology company operating at the cutting edge of self-driving software development. 

Role overview

We are not looking for a traditional SOC analyst. This role is about building detection systems, not clicking through alerts. You will work with large volumes of logs (cloud, application, network), design detection logic, and improve it over time. That includes both rule-based detection (SIEM/XDR) and data-driven approaches (statistical models, anomaly detection, simple ML where it makes sense). You should be comfortable treating logs as a data problem, not just a monitoring stream.

Important! This is not a role where you:

• sit in SIEM all day clicking alerts
• blindly add rules
• overcomplicate things with ML

This is a role where you: build detection systems that work in practice.

What you'll be doing

Detection & analytics

• Build and maintain detections across:
• application logs (auth, APIs, business logic abuse)
• cloud activity (CloudTrail, IAM, infrastructure changes)
• network telemetry (DNS, proxy, firewall, NetFlow)
• Work directly with data in platforms like Elasticsearch / Splunk / similar
• Write and tune detection logic (queries, correlation rules)
• Reduce noise — expect to spend time fixing false positives, not just adding new rules.

Working with data (this is a big part of the job)

• Build pipelines for:
• log ingestion
• normalization
• feature extraction
• Work with streaming or batch pipelines (Kafka / queues / scheduled jobs)
• Turn raw logs (e.g. CloudTrail) into structured data usable for detection.

Anomaly detection / ML (practical, not theoretical)

• Apply simple models where they add value (e.g. One-Class SVM or similar approaches)
• Focus on:
• behavior baselining
• anomaly scoring
• Tune models based on real output (false positives matter more than theory) 
• If ML does not improve signal — don't use it.

Automation & response

• Build response playbooks for common cases
• Automate where it actually saves time (not for the sake of it)
• Integrate with SOAR or write lightweight orchestration
• Improve:
• detection speed
• response consistency.

AI usage (realistic expectations)

• Use LLMs for:
• alert enrichment
• investigation summaries
• internal tooling
• Not building an "AI security platform"
• Focus on practical gains, not hype.

Threat hunting

• Run targeted hunts based on hypotheses
• Use internal data + external signals
• Identify gaps in logging and detection.

Requirements

• Solid experience with SIEM (Elastic, Splunk, Sentinel, etc.)
• Strong understanding of:
• cloud activity (especially AWS logs and IAM)
• network basics
• modern application behavior (APIs, auth flows)
• Comfortable working with large datasets (not afraid of raw logs)
• Python or similar for data processing
• Experience with automation (SOAR or custom scripts).

Nice-to-have (but not critical)

• Experience applying ML to logs (even simple models is enough)
• Familiarity with LLMs in tooling (not research)
• Experience with data pipelines (Kafka, Spark, etc.)
• MITRE ATT&CK mapping

What will make you effective here

• You don't trust alerts blindly
• You care about signal quality, not number of detections
• You can debug why a detection is noisy or useless
• You understand systems, not just tools
• You prefer building something once instead of repeating manual work.

How success looks like

• Fewer false positives
• Better visibility across systems
• Faster investigations
• Less manual work in SOC
• Detections that actually catch real issues