Jobs

N-iX is a software development service company that helps businesses across the globe develop successful software products. During 22 years on the market and by leveraging the capabilities of Eastern Europe talents the company has grown to 2200+ professionals with a broad portfolio of customers in the area of Fortune 500 companies as well as technological start-ups. N-iX has come a long way and increased its presence in nine countries - Poland, Ukraine, Romania, Bulgaria, Sweden, Malta, the UK, the US, and Colombia.
 

We seek a highly skilled Product Cybersecurity Engineer to join our Cybersecurity team. The Cybersecurity engineer will take part in a Product development team and will assume leadership for the cybersecurity practices.

Responsibilities:
To be the SME and review, instruct, and support the Digital R&D development on how to ensure:

• Secure Development Lifecycle (SDL): Incorporate security at every stage of product development, from design to deployment.
• Regular Security Testing: Conduct vulnerability assessments, penetration testing, and code reviews to identify and mitigate risks.
• Patch Management: Keep products up-to-date with the latest security patches and updates.
• Data Encryption: Protect sensitive data both in transit and at rest using robust encryption methods.
• Access Controls: Implement strict access controls to ensure only authorized personnel can access sensitive information.
• Secure Coding Practices: Follow best practices for secure coding to minimize vulnerabilities.
• Incident Response: Develop and maintain an incident response plan to quickly address security breaches.
• Compliance: Ensure products meet relevant regulatory and industry standards for security and data privacy.
• Third-Party Governance: Establish standardized governance for third-party suppliers to ensure they meet security requirements.
• Customer Communication: Maintain transparency with customers about security measures and provide support throughout the product lifecycle.

Knowledge and Experience: 

• 4+ years experience in applications security
• 7+ years of experience in the IT industry 
• Solid understanding of enterprise technologies and security tooling landscape.
• Knowledge of modern application architecture (microservices/cloud / asynchronous communication) and threat landscape.
• Ability to read application code, including CI/CD configurations + Some scripting skills is a great plus.
• Good knowledge of application vulnerabilities and related issues.
• Understanding of standard security practices, like incident management, vulnerability management, etc.
• Professional certifications, such as CISSP, OSCP, CEH, and others are a plus.

Would be a plus:  

• Fluent in the English language.
• Quick starter and learner.
• Readiness to research, investigate, and adjust to customer needs.
• Intuition and keen instincts to pre-empt attacks. 
• High level of analytical and problem-solving abilities. 
• Strong interpersonal and oral communication skills.

We offer*:

• Flexible working format - remote, office-based or flexible
• A competitive salary and good compensation package
• Personalized career growth
• Professional development tools (mentorship program, tech talks and trainings, centers of excellence, and more)
• Active tech communities with regular knowledge sharing
• Education reimbursement
• Memorable anniversary presents
• Corporate events and team buildings
• Other location-specific benefits

*not applicable for freelancers

Description

In Grid Integration Services we are at the forefront of the digital revolution: through digital services, we enable our customers to increase the reliability of their assets and systems while optimizing costs. For our growing R&D team, we are looking for a hands-on product security engineer who ensures that our SW solutions fulfill the highest standards of cybersecurity, integrate with the software ecosystem of our company, and can be taken over by the software operations team. Are you a result-oriented team player who fosters a positive work culture? Are you ready to drive digitalization and innovation for rapidly changing power grids? Are you willing to continuously drive improvement and occasionally get your hands dirty? Then do not hesitate and submit your application today!

Requirements

• Bachelor’s degree in computer science, information technology, or similar
• At least 2 years of experience in software development
• Experience in agile software development processes and security development lifecycle processes
• Knowledge of system administration, networks, infrastructure (switches, routers, firewalls), configuration, troubleshooting, and root cause analysis
• Strong understanding of cybersecurity standards, guidelines, and best practices for building highly resilient hardened software systems (e.g., NIST, CIS, and OWASP)
• Experience in system security, product / application security architecture, network security, and web services
• Experience in implementation, configuration, operation, maintenance, and troubleshooting of security controls such as L3 and L7 firewalls
• Experience with static code analysis, dynamic code analysis, open-source software scanning, software composition analysis
• Experience with industrial data transfer protocols such as OPC, IEC 61850, OCPP, MQTT, and similar is an advantage
• Preferably experience in
   Linux, Windows, and mobile environments
   Docker and Kubernetes
   C#, .Net Framework, .Net (Core)
   Microservices and containerized applications
   Azure cloud environment
• Need to be ready for a business trip
• Fluency in written and spoken as well as technical writing English
• Ability to work independently with a sense of ownership and responsibility
• Communication and interpersonal skills and intercultural sensitivity
   

Job responsibilities

• Act as an individual contributor in RD team and lead the product security efforts
• Own, enforce, and continuously improve the security development lifecycle process according to IEC 62443-4-1 standard
• Prepare security requirements documents as part of product requirements engineering and customer solution development phases
• Prepare security architecture and design documents in response to requirements specifications, develop associated user stories, and drive them through the product development lifecycle
• Conduct and document threat modeling and attack surface analysis for product releases
• Conduct code reviews to ensure compliance to the security development lifecycle as well as security architecture and design
• Ensure products are meeting Hitachi Energy’s minimum cybersecurity requirements or if customer-specific or respective standards such as IEC 62443-3-3 or IEC 62443-4-2
• Develop, implement, and configure security controls and solutions (e.g., L3 and L7 firewalls) concluded with respective quality assurance and user acceptance testing activities
• Conduct security risk assessments and drive the product releases through Hitachi Energy cyber security clearance process and respective tests in close collaboration with Hitachi Energy product security officers and security assurance teams
• Analyze the developed code, prepare bug reports, conduct root cause analysis, suggest fixes, implement and / or ensure implementation of the identified solution, subsequent verification and validation steps
• Deploy and operate security solutions for internal / external customer projects in on-premise and/or off-
  premise models
• Act as L3/L4 support team member for security incident (e.g. vulnerabilities) management process
  Engage with internal / external software development vendors

About Sisense

Sisense is the unified, collaborative data platform for professional data teams. We help thousands of data teams tackle increasingly complex data challenges, from ETL through predictive analytics. Our customers trust us with their most important data, using Sisense to query everything from revenue metrics to personally identifiable information of their users.

The Opportunity

We’re looking for a hands-on Security Operations Engineer to strengthen our detection and response capabilities. In this role, you will be the frontline defender of our cloud infrastructure, leading incident management and response efforts while continuously improving our security posture. You will report directly to our Security leadership team and play a critical role in safeguarding our customers’ most sensitive data.

Why Join Our Information Security Team

At Sisense, security is foundational to everything we do. We leverage cutting-edge technology not just for our product but also for our internal services and security operations. As a global company, we value diversity and believe that different perspectives enhance our security thinking and capabilities.

You’ll collaborate closely with engineering, IT, and cross-functional teams to implement and maintain robust security monitoring solutions that protect our cloud infrastructure. While ensuring the highest levels of security, you’ll also develop streamlined processes that enable the business to move quickly and efficiently.

What You’ll Do

• Lead Incident Response: Serve as primary responder to security alerts, perform initial triage, conduct thorough investigations, and coordinate remediation efforts
• Enhance Detection Capabilities: Design, implement, and fine-tune detection rules and alerts across our cloud environment to identify potential security threats
• Manage Security Monitoring: Maintain and optimize our SIEM/SOAR platforms to ensure comprehensive visibility into our security posture
• Drive Threat Hunting: Proactively search for indicators of compromise and potential security gaps within our cloud infrastructure
• Automate SecOps Workflows: Develop and implement automation to improve identification and response times for security events
• Improve Cloud Security Monitoring: Develop and run tools to gather security telemetry data from cloud production systems
• Conduct Investigations: Perform forensic analysis of security incidents, document findings, and communicate effectively to stakeholders
• Enhance Response Protocols: Continuously refine incident response procedures and runbooks to ensure swift and effective handling of security events

What You Have Accomplished So Far

• 3+ years of experience in security operations, with a strong focus on incident detection and response
• Demonstrated experience responding to and managing security incidents in cloud environments (AWS/Azure/GCP)
• Proficiency with SIEM and SOAR platforms, including rule creation, tuning, and maintenance
• Strong knowledge of cloud security monitoring tools and techniques
• Experience analyzing endpoint, network, and application logs for anomalous events
• Practical understanding of common attack vectors, TTPs, and how to detect them
• Knowledge of malware functionality and persistence mechanisms
• Experience with security automation and scripting for incident response workflows
• Growth mindset with a focus on continuous improvement of security operations

Will Be a Plus

• Experience with cloud-native security tools and services
• Proficiency in scripting languages (eg: Python) for security automation
• Familiarity with threat intelligence platforms and their integration into detection systems
• Experience with EDR solutions and email security technologies
• Knowledge of IT security audit techniques and compliance frameworks
• Security certifications such as GCIH, GCIA, CISSP, or similar

OUR BENEFITS:

• We’re all working remotely now
• We hire only people we trust. All Sisensers join the company without a probation period
• We believe all Sisensers should be owners of our company’s success. We grant all employees stock options that start vesting on Day One
• We support a work-life balance philosophy and provide unlimited vacations (flexible time off) and additional long weekends to all Sisensers
• We support professional growth with access to the modern learning platform
• We care about each other. All team members have extended medical insurance
• We provide Sisensers with a sports reimbursement to support physical fitness and mental wellbeing

Who we are:
Selesa offers IT outsourcing, specialist out-staffing, and project management services to enhance business operations. We focus on providing skilled professionals for IT needs, including development, security consulting, and business development. Selesa also manages sales, account management, and human resources to support company growth. Our services are known for efficiency, quality, and strong communication, making us a trusted partner for businesses looking to streamline and secure their IT infrastructure. Originated in Vilnius, Lithuania, we cater to global clients

Who we are looking for:

 

We are looking for a driven Security Engineer to join our team and play a key role in safeguarding our organization’s future.

Responsibilities:

• Detect and handle cyber threats to the iGaming platform by applying effective security measures to reduce risks.
• Develop and implement security architectures to safeguard the organization's infrastructure, applications, and data.
• Set up and manage encryption to keep sensitive data safe when stored and shared.
• Install and set up firewalls, IDS/IPS, and other security tools.
• Maintain network security by configuring and managing firewalls, VPNs, and other protective components.
• Oversee user access to ensure only authorized individuals can view sensitive information.
• conduct penetration testing to identify vulnerabilities in systems and applications, simulating real-world cyberattacks to discover weaknesses
• Conduct penetration tests and find system or application weaknesses by simulating cyberattacks.

• Ensure compliance to standards like ISO 27001, SOC 2, and similar ones

   

Requirements:

• Familiarity with iGaming-specific regulations and standards. 
• +3  Years Experience of work in a field
• Proficiency in SIEM Solutions, Vulnerability Assessments, Incident Response & Networks 
• Familiarity with ISO27001 & NIST
• Knowledge of Penetration Testing Processes (Hands-On Experience would be bonus, but not required)
• Experience with cloud platforms like AWS, Azure, and Google Cloud, and their security features. 
• Knowledge of network security principles, including firewalls, intrusion detection systems, and VPNs.
• Understanding of application security best practices, including secure coding principles, web application firewalls, and OWASP guideline
• Strong attention to detail and teamwork skills
• Ability to meet deadlines in a fast-paced environment.

What we offer:

• Fully remote position with a flexible schedule
• Long-term opportunity with potential for financial and career advancement

• Supportive and positive work culture, collaborating with like-minded teammates

   

When submitting your application, please make sure to include your responses to the following screening questions in your COVER LETTER:

1. Please explain to us your level of spoken/written English. Just rank it from 1 to 10, where 10 means a Native Speaker; 8-9 means a Near Native Speaker; 6-7 means Fluent Speaker; under 6 any further levels.
2. What experience do you have working with iGaming-specific regulations and standards? How do you ensure your security measures align with these requirements?
3. Can you showcase your experience with cloud platforms like AWS, Azure, or Google Cloud? How do you secure these platforms and their features?
4. What are your Monthly salary expectations for a long-term, full-time position (if we consider 40 hours a week)?

We are looking for a mid-level Cybersecurity Specialist to help our company prepare for the upcoming National Bank regulations on cybersecurity. This is a strategic role for someone who can combine technical understanding with a strong grasp of policy and regulatory compliance.

Key Responsibilities:

• Analyze current and upcoming regulatory requirements from the National Bank regarding cybersecurity;
• Develop and update internal cybersecurity policies, procedures, and methodologies in line with regulatory expectations;
• Assess the company’s current cybersecurity maturity and identify areas for improvement;
• Lead or support initiatives to bring the company’s cybersecurity practices in line with future National Bank resolutions;

• Collaborate with internal teams and external experts/auditors to ensure compliance and readiness.

   

Our ideal candidate:

• Has experience working in a bank, National Bank, or financial institution;
• Has a strong background in developing methodology and documentation for cybersecurity;
• Is familiar with regulatory and compliance frameworks relevant to financial institutions (especially in Ukraine or similar regulatory environments);
• Understands risk-based approaches to cybersecurity management;

• Is detail-oriented, structured, and capable of drafting clear and effective documentation.

   

Nice to have:

• Experience interacting with regulators or passing cybersecurity audits;

• Knowledge of international standards such as ISO/IEC 27001, NIST, etc.

   

What we offer:

• A chance to take part in a high-impact, strategic project;
• The opportunity to shape the cybersecurity framework of the company from the ground up;
• Competitive compensation;
• Supportive and professional team environment.

We’re looking for a skilled Product Security Engineer with a strong technical background to drive security initiatives across our product ecosystem. In this role, you’ll collaborate closely with development and platform teams to proactively identify and mitigate security risks, integrate robust security practices into every stage of the software development lifecycle (SDLC), and lead efforts around automation, tooling, and secure configuration of Azure-based infrastructure and pipelines.

Responsibilities

• Design, implement, and maintain secure and scalable CI/CD pipelines using Azure DevOps
• Automate provisioning and configuration of Azure infrastructure (Terraform, ARM templates)
• Conduct threat modeling, architecture reviews, and secure code assessments
• Collaborate with engineering teams to ensure secure application deployment and configuration
• Embed security controls and checkpoints across the SDLC
• Manage and optimize security tools: SAST, DAST, SCA, container and IaC scanning
• Tune automation workflows and reduce false positives
• Secure Azure services such as App Services, AKS, Key Vault, and Azure AD
• Guide on secrets management, access control, and workload hardening
• Participate in incident response and root cause analysis with the SOC

• Support compliance efforts (SOC 2, ISO 27001) and contribute to audit readiness

   

Requirements

• 7+ years in Product Security, Application Security, DevSecOps, or related fields
• Strong development skills (Python, Java, JavaScript, Go, or C# preferred)
• Solid hands-on experience with Azure (Azure DevOps, App Services, Key Vault, AKS)
• Familiarity with security standards like OWASP, CWE, and secure coding best practices
• Experience with CI/CD security automation (GitHub Actions, Azure DevOps)
• Strong understanding of infrastructure-as-code and cloud security (Terraform, Docker, Kubernetes)
• Background with IAM, API security, and regulatory compliance (SOC 2, ISO 27001, NIST)
• Experience troubleshooting production issues and optimizing performance in cloud environments

• Strong communication and collaboration skills

   

Preferred Qualifications

• Experience working with multi-tenant SaaS applications
• Understanding of AI/ML security principles
• Familiarity with threat intelligence and attack surface management tooling

What’s In It for You?

• Career Growth – Opportunities to develop and advance.
• Performance Reviews – Regular feedback and support.
• Work Anniversaries – Special gifts to celebrate milestones.
• Flexible Work – Hybrid or remote (Lviv office available).
• Mentorship – Guidance from experienced professionals.
• Accounting Support – We handle the paperwork.
• Paid Time Off – 18 vacation days + 5 sick days per year.
• Extra Leave – 10 additional days off annually.
• Free Office Lunches – Enjoy meals on us.
• Team Events – Gatherings, gifts, and a welcoming atmosphere.

FAVBET Tech develops software that is used by millions of players around the world for the international company FAVBET Entertainment.
We develop innovations in the field of gambling and betting through a complex multi-component platform which is capable to withstand enormous loads and provide a unique experience for players.
FAVBET Tech does not organize and conduct gambling on its platform. Its main focus is software development.

Main areas of work:

• Betting/Gambling Platform Software Development — software development that is easy to use and personalized for each customer.
• Highload Development — development of highly loaded services and systems.
• CRM System Development — development of a number of services to ensure a high level of customer service, effective engagement of new customers and retention of existing ones.
• Big Data — development of complex systems for processing and analysis of big data.
• Cloud Services — we use cloud technologies for scaling and business efficiency.
  
  Responsibilities:
• Lead the design, implementation, and integration of various cyber defense tools
• Conduct threat hunting over log sources connected to the SIEM and develop new coverage
• Monitor security alerts, perform triage and analysis, and respond to security incidents
• Identify security tools and implement solutions from POC to production (e.g., container security, cloud security, etc.)
• Develop SOAR to enhance monitoring, response, and observability for security alerts
• Managing infrastructure as code with Terraform
• Managing configuration as code with Ansible (AWX), Helm and Jsonnet
• Work closely with Engineering and DevOps teams to define a security strategy and execute it
   
• Requirements:
• Strong knowledge of AWS, Kubernetes, containerized, and microservice architectures
• Strong knowledge of Linux and using languages such as Shell/Bash, Python, or Go
• Strong knowledge of Terraform, Ansible and Helm
• Experience with security solutions in cloud environments (e.g., DDoS, WAF, IDS/IPS, DB-FW, Kubernetes security, etc.)
• Knowledge of build/release systems and CI/CD pipelines.
• Nice to Have:
• Experience with Elastic XDR, including fine-tuning ILMs, onboarding custom log sources, fine-tuning integrations
• Knowledge of Jsonnet and Grafana Tanka, with the ability to write and understand configurations described in Jsonnet.
   
• We offer:
• 30 days off per year (vacation and sick days);
• Medical insurance;
• Free corporate English language courses;
• Flexible schedule with full-time work, minimal bureaucracy, no micromanagement, and no time tracking;

• A fantastic team of creative and interesting people.

   

The leading provider of crypto and banking solutions, is looking for an IT Information Security to work full-time remotely.

✅ This is an innovative developer of financial products and services, focused on streamlining financial processes. The company offer a hybrid payment solution to individual and business customers to buy, sell, store, and exchange over 350 cryptocurrencies and to make local and international transfers from a multi-currency account supporting 60 currencies.

Have over 100,000 users in over 100 countries since 2021.

✅ The company grew 30 times in 2024 and continues to expand rapidly, increasing by 10-15% each month.

The process is quick — just two interview stages in total.

✅ Required: experience in participating in the company's PCI DSS certification, other certifications are a plus; experience with SIEM systems; experience with AWS.

Mandatory requirements:

• Experience in working with embedded systems, cloud enabled systems, and IoT systems
   
• Background in leveraging industry standard threat modeling and risk management frameworks.
• Background in penetration testing or leading pen testing engagements with third party organizations.
• Practical knowledge of Agile and agile-based methodologies
• Degree in computer science, software engineering, or cybersecurity

Optional:

• Experience advising on or writing cybersecurity SOPs for Quality Management Systems
• Experience with regulatory submission process
• Experience leading cross functional teams to incorporate cybersecurity across product engineering, Quality, Regulatory, IT, and other business functions
• Minimum of 2 years of product security experience in the medical device industry either directly for a medical device manufacturer or for a product security services organization providing consultative services to the manufacturer.
  Experience working with standards such as ISO 13485, ISO 14971, IEC 62304, NIST 800-30, NIST 800-53, AAMI TIR 57, UL 2900-2-1, IEC 62443.
• Understanding of the cybersecurity requirements of international regulations and guidance documents, including FDA Premarket Guidance for Cybersecurity of Medical Devices, MDR, IVDR, etc.

Job Responsibilities

At our client, the cybersecurity team plays a crucial role in protecting sensitive patient and customer data, as well as safeguarding the company’s intellectual property, including proprietary medical technologies. They implement and maintain robust security measures to prevent data breaches, cyberattacks, and vulnerabilities across both product development and operational environments. Additionally, the team ensures compliance with industry standards and regulations related to healthcare data protection, such as HIPAA, securing the company’s digital infrastructure and maintaining resilience against evolving cyber threats.

• Design, implement and govern security solutions architectures for robust healthcare software solutions: cloud platforms, user applications, medical devices and IoMT solutions.
• Support and coordinate security assessments, risk analysis, and threat modeling to identify vulnerabilities and develop proactive mitigation strategies.
• Collaborate with engineering and development teams to integrate security into system designs, software development, and cloud infrastructure by following security-by-design best practices.
• Train delivery staff on risk assessment, threat modeling, security best practices (pre & post market requirements), testing requirements, security monitoring. regulatory requirements, etc.
• Support the definition and enforcement of security policies, standards, best practices and cyber security architecture frameworks across the organization.
• Participate in industry working groups, technical advisory groups in order to monitor the evolving threat landscape, trend development & promote GL Thought Leadership.
• Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, HIPAA, ISO 27001, NIST, IEC 62443, UL 2900-2-1).

Department/Project Description

Our client is a global leader in eye care, specializing in the development, manufacturing, and marketing of innovative products for vision correction and surgical treatments. Their portfolio includes a wide range of contact lenses, eye care solutions, and surgical instruments for cataract and retina procedures. Committed to improving lives by enhancing sight, our client serves customers in over 140 countries, focusing on advancing technologies and solutions for eye health.

Role Overview

We are seeking a Cloud Security Engineer for EU client with deep expertise in Microsoft Azure. In this role, you will design, implement, and maintain robust security controls across our Azure environments. Experience with Oracle Cloud is a plus but not required.

Key Responsibilities

• Security Architecture: Define and implement security frameworks for Azure subscriptions, resource groups, and workloads
• Identity & Access Management: Configure and manage Azure AD, role-based access control (RBAC), and conditional access policies
• Network Security: Design and enforce network controls using NSGs, Azure Firewall, and Azure Virtual WAN
• Data Protection: Implement encryption at rest and in transit (Azure Key Vault, Azure Disk Encryption, TLS)
• Monitoring & Incident Response
• Compliance & Governance: Deploy and tune Azure Sentinel workspaces for SIEM and SOAR
• Automation & DevSecOps: Integrate security checks into CI/CD pipelines using Azure DevOps or GitHub Actions

Must-Have Qualifications

• 3+ years in cloud security engineering, with a focus on Azure
• Microsoft Certified: Azure Security Engineer Associate (AZ-500), equivalent or higher
• Proficiency with Azure security services: Azure AD, Key Vault, Sentinel, and Firewall
• Strong scripting skills (PowerShell, Python) for security automation
• Experience with network security design and implementation in Azure
• Solid understanding of compliance frameworks and regulatory requirements

Preferred Skills

• Hands-on with Azure DevOps or GitHub Actions for pipeline security integrations
• Familiarity with container security (AKS) and Kubernetes network policies
• Optional: Experience with Oracle Cloud Infrastructure (OCI) security controls and migration strategies
• Knowledge of vulnerability management tools and processes
• Excellent communication skills and the ability to translate technical requirements for stakeholders

About Time2Launch:
Time2Launch is a forward-thinking product company, committed to building reliable, scalable, and secure infrastructure for modern digital products. Our mission is to combine speed with security, enabling product teams to launch confidently. We’re expanding and looking for a Senior DevSecOps Engineer to strengthen our cloud and application security practices.
 

Responsibilities:

• Embed security practices into CI/CD pipelines and development workflows
• Design and implement cloud security controls in AWS/GCP/Azure environments
• Automate security scans and threat detection (SAST, DAST, container scanning, etc.)
• Collaborate with DevOps, engineering, and compliance teams to ensure secure development lifecycle
• Define and enforce security policies using IaC tools like Terraform, Ansible
• Monitor and respond to infrastructure-related security incidents
• Provide guidance and mentorship on security best practices

Requirements:

• 5+ years of experience in DevOps or DevSecOps roles
• Strong understanding of cloud security principles and best practices
• Experience with CI/CD tools and integrating security checks (e.g., GitHub Actions, GitLab CI)
• Familiarity with container security (e.g., Docker, Kubernetes, Trivy, Aqua)
• Knowledge of infrastructure as code (Terraform, Pulumi, etc.)
• Proficiency in scripting languages (Python, Bash)
• Experience with logging, SIEM, and monitoring tools (e.g., ELK, Grafana, Splunk)
• Strong communication skills and a proactive security mindset
• Upper-Intermediate English or higher

Nice to Have:

• Experience with SOC2/ISO27001 compliance
• Familiarity with secure coding practices and application-level security
• Hands-on experience with secrets management tools (Vault, AWS Secrets Manager)

We Offer:

• Remote-first work environment with flexible hours
• Dynamic and security-conscious team
• Participation in the development of secure, high-load systems
• Career growth and access to industry-leading tools and practices
• Professional development support and mentorship

About the Role:
We are seeking a skilled Security Architect to join our team for a US-based SaaS Healthcare project. This role is integral in building and implementing a robust security architecture focused on a microservices architecture environment. As a Security Architect, you will collaborate closely with cross-functional teams to ensure security standards are embedded across the development lifecycle of our SaaS platform.
 

Requirements:

- 2+ years of Proven experience as a Security Architect.
- 5+ years of security experience across areas such as mobile security, secure coding, identity management, cryptography, network security, and system administration, with a focus on healthcare-related projects.
- Strong expertise in security engineering, authentication protocols, and cryptographic technologies.
- Deep understanding of microservices architecture and its security implications, particularly in cloud-based environments.
- Experience in designing and implementing security protocols and solutions at a business division or enterprise level.
- Strong understanding of network protocols (TCP/IP, IPSEC, HTTP/HTTPS) and security protocols related to web services.
- Hands-on experience with secure architecture reviews, threat modeling, and secure coding practices.
- Excellent written and verbal communication skills to effectively engage with technical and non-technical stakeholders, especially in explaining complex security concepts.
- English is upper -intermediate.
 

Responsibilities:

- Design and implement a scalable and secure architecture that aligns with the unique needs of a healthcare SaaS platform. Collaborate with development teams to ensure that security is deeply integrated into the design of microservices, APIs, and other system components.
-  Conduct comprehensive security reviews for web and mobile applications, ensuring adherence to best practices in secure coding, encryption, and authentication methods.
-  Identify potential threats to the system and develop threat models for both existing and upcoming projects. Ensure that vulnerabilities are mitigated before they impact the system or its data.
- Oversee the implementation of security controls at the business division level, ensuring compliance with healthcare security standards such as HIPAA. Work closely with DevOps teams to incorporate security automation within CI/CD pipelines.
-  Lead the architecture and implementation of robust IAM solutions, including multi-factor authentication, identity federation, and secure session management, tailored to healthcare environments.
- Ensure that the platform meets regulatory requirements, including HIPAA, HITECH, and other relevant healthcare security regulations. Collaborate with legal and compliance teams to ensure that all security policies align with healthcare standards.
- Provide regular security training to development and operations teams, fostering a security-first mindset across the organization. Develop security guidance documentation for internal stakeholders.
- Conduct ongoing research on emerging security threats, tools, and best practices. Proactively enhance the security posture of the platform by implementing innovative security solutions.
-  Develop and track key security metrics, using them to improve security operations and processes. Collaborate with internal teams to develop security tools tailored to the platform's needs.
 

Skills and Experience Requirements:

- 3+ years of experience as an Information Security Auditor/Internal Security Assessor.

- Experience managing controls or compliance with SOC2, ISO 27001, PCIDSS.

- Experience managing multiple projects in a fast paced, ambiguous environment, accountability/ownership for the audit project lifecycle.

- A high degree of personal integrity, attention to detail, and strong investigative skills.

- Associate or bachelor’s degree in  Information Security/IT/Cybersecurity related discipline is preferred.

Responsibilities:

- Schedule, coordinate, and lead company internal audits. Handle the full internal audit cycle.

- Develop and implement of audit program ( ISO/IEC 27001, PCIDSS, GDPR).

- Support preparation for external audits, liaise with external auditors and provide internal guidance in support of external audits.

- Plan, implement, monitor, and upgrade security measures to protect the organization’s data, systems, and networks.

- Conduct audits regular audits and provide recommendations.

- Maintain, monitor, and improve the audit process. 

- Control of implementation of corrective actions addressing nonconformities with management systems standards and document requirements.

We offer:

- 20 working days of vacation;

- 12 sick days;

- Compensation for sick leave;

- Medical insurance;

- Flexible work schedule;

- Gifts and benefits for significant occasions;

- Mental health care;

- Support and development of volunteer culture.

Only office Kyiv❗
 

Delasport — Implementing Technological Solutions Here and Now.

Delasport is an iGaming Software company providing Sports Betting & Online Casino software, and turnkey B2B solutions. Established in 2010, Delasport delivers a one-stop-shop solution of Sports Betting and Online Casino from a White-Label, with a full range of management services to a Plug&Play iFrame and a complete Turnkey. We are establishing an R&D center in Kyiv, and are looking for top talents to join our team.

RESPONSIBILITIES

• Monitor compliance with information security and privacy policies at a technology company
• Conduct vendor security assessments and reviews to ensure our partners align with security standards
• Review security clauses in customer and vendor contracts to ensure proper alignment with policies and regulations
• Provide, review, and enhance security training and awareness programs for internal teams
• Manage the organization's technological risk assessments, identifying potential vulnerabilities
• Help security leaders identify, assess, and mitigate organizational risks by developing strategies
• Develop and implement best practices for assessing and evaluating IT and security controls within the company and third-party businesses
• Manage the end-to-end process of penetration testing and technical risk assessments
• Support the business with customer engagements, including attending calls and supporting sales teams

REQUIREMENTS  

• 5 years of experience in application security and network security, including the understanding of application security attacks, vulnerabilities, and mitigations
• Knowledge of common Web Application security vulnerabilities (OWASP TOP10, SANS 25, etc.)
• Proficiency with cloud security principles and best practices (e.g., AWS, Azure, GCP), experience with DevOps, SRE, Kubernetes, Containers, and CI/CD
• Hands-on experience in the implementation and maintenance of Palo Alto / Checkpoint Firewall systems and a deep understanding of working with L2/L3/L7 Policies
• Familiarity with security tooling such as WAF, FW, CSPM, CNAPP, EDR, SIEM, SOAR, DLP
• Ability to conduct investigations into information security events – analysis of network and application-based events, issuing IOCs and implementing them in the systems
• Ability to work autonomously, taking ownership of security challenges and driving solutions
• Excellent communication skills and ability to effectively communicate security risks and recommendations to technical and non-technical stakeholders 
• Fluent in English

WHAT WE CAN OFFER YOU

• Modern office in Podil with an uninterruptible power supply and the Internet
• Personal time off (21 business days of paid vacation, paid days on special occasions, sick leaves, emergency days off)
• Public holidays
• Health insurance with the broker which is available from the first month of cooperation
• Life insurance with the broker which is available from the first month of cooperation
• Modern technical equipment
• English courses with native speakers
• Ukraine-based educational programs
• Sports activities reimbursement
• Corporate entertainments
• Happy hours on Fridays
• Gig contract support

Samsung R&D Institute Ukraine is looking for a passionate and collaborative Junior mobile security researcher to join our team.

You will perform device-side white/black-box software security research of Samsung mobile products:

• security review of Android mobile applications, firmware components, internal modules
• perform security evaluation\validation for internally discovered vulnerabilities and for public domain issues
• research and monitor emerging threats, including new attack methods and new types of security issues

Major Requirements

• Foundational programming skills, ability to understand execution logic in C/C++, Java.
• Solid understanding of Linux and Android basic security architecture.
• Foundational understanding of common software security issues (buffer/integer overflows, format string, use-after-free, path traversal, etc).
• Competent technical English: clear reporting, vulnerability description capabilities and communication skills.
• Prior security background (University, relevant prior employment\work).
• Ability and desire to study and develop assessment skills

Optional Requirements

• Practical experience in reverse-engineering (preferably *.apk and ARM binaries), software exploitation, binary and source code audit as a great plus.
• Exploitation proof-of-concept development experience as a great plus.
• Participation in security contests (ex. CTF), own write-ups publications, community activities.
• Hands-on experience with assessment automation tools (fuzzers, static source code analyzers).
• Applied crypto: basic knowledge of existing algorithms and their applied usage (AES/RSA/ECC/SHA).

Working Conditions

• official employment, as per Ukrainian labor law (regular employee) or GIG contract
• remote work is possible as well as work in Kyiv office

Benefits

• competitive salary, annual salary review, annual bonuses
• paid 28 work days of annual vacations and sick leaves
• opportunity to become an inventor of international patents with paid bonuses
• medical & life insurance for employees and their children
• paid lunches
• discounts to Samsung products, gym, restaurants, services
• regular education and self-development on internal courses and seminars