Jobs Security

🧙‍♂️ About the Role

The work happens directly inside client cloud environments: identifying security and compliance gaps, then remediating them through code — Terraform, OpenTofu, Bicep, YAML. Not manual configurations. Not PowerPoint recommendations. Real implementation work in production systems.

This role is part of a client delivery team supporting fast-growing US companies across multiple concurrent engagements in a consulting-driven environment. It combines cloud engineering, security, compliance, and advisory work.

The goal is not only to close gaps, but to help clients build security programs that survive real operational scale — not just audit

 

🧙‍♂️ In This Role You Will

• Harden cloud environments across AWS, Azure, GCP, and Oracle Cloud — IAM, network segmentation, secrets management, logging, monitoring, and CSPM.
• Remediate compliance and security gaps through Infrastructure as Code using Terraform, OpenTofu, Bicep, and YAML-based configurations.
• Use automated scanning and compliance tooling to assess posture across cloud environments, code repositories, HRIS, and ERP systems.
• Support clients through security and compliance initiatives including ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 42001, SOC 2, and NIST 800-171.
• Automate security and operational workflows using Python, Bash, CI/CD pipelines, and vendor APIs.
• Participate directly in client calls, remediation planning sessions, technical workshops, and security roadmap discussions with engineering and security stakeholders.
• Build reusable IaC modules, automation scripts, and internal accelerators that improve delivery efficiency across future engagements.
• Collaborate with client engineering and security teams to deliver scalable, production-ready security solutions.
  
   

🎯 You May Be Interested If

• You enjoy solving real-world cloud infrastructure and security problems across different environments and industries.
• You prefer practical engineering and implementation work over checkbox security.
• You're comfortable managing multiple projects and adapting quickly to different client stacks and operational contexts.
• You take ownership of your work and can independently manage technical delivery workstreams.
• You're comfortable communicating directly with engineering leaders and explaining technical decisions clearly.
• You want to grow beyond pure execution into a more strategic, advisory-oriented security role.
• You come from a strong cloud engineering or DevSecOps background and want to move deeper into security and compliance engineering.
  
   

🍰 Must-Have

• Strong Infrastructure as Code experience — Terraform, OpenTofu, Bicep, or YAML in real production environments.
• Hands-on experience with at least one major cloud platform (AWS, Azure, or GCP); multi-cloud exposure is a strong plus.
• Understanding of security and compliance frameworks such as ISO 27001, SOC 2, or NIST, including how technical controls are implemented in practice.
• Experience with Python and/or Bash scripting for automation and operational workflows.
• Experience with CI/CD pipelines, GitHub Actions, infrastructure automation, and cloud-native tooling.
• Ability to communicate directly with client-side engineering and security stakeholders.
• Strong ownership mindset and ability to independently manage delivery workstreams.
• English proficiency at B2 level or higher.
• Availability for collaboration with US-based clients and scheduled calls starting from 16:00 Kyiv time.
  
   

🍒 Nice to Have

• Experience with Oracle Cloud Infrastructure (OCI).
• Experience with CSPM and automated compliance tooling such as Wiz, Lacework, Vanta, Drata, or similar platforms.
• Exposure to AppSec, vulnerability management, detection engineering, SIEM, or incident response workflows.
• Previous consulting, MSP, or client delivery experience.
• Relevant certifications such as AWS Security Specialty, CISSP, CCSP, or Security+.
  
   

💻 Working Conditions

• Employment Type: Full-Time
• Fully remote position with distributed teams across Ukraine and the US.
• Flexible remote setup with required overlap for US-based client communication and delivery coordination.
• 20 working days of paid vacation per year.
• Results-oriented environment with high autonomy and ownership expectations.
• Access to continuous learning opportunities, certifications, and professional development support.

About the company

Our client is a leading autonomous vehicle technology company operating at the cutting edge of self-driving software development. 

Role overview

We are not looking for a traditional SOC analyst. This role is about building detection systems, not clicking through alerts. You will work with large volumes of logs (cloud, application, network), design detection logic, and improve it over time. That includes both rule-based detection (SIEM/XDR) and data-driven approaches (statistical models, anomaly detection, simple ML where it makes sense). You should be comfortable treating logs as a data problem, not just a monitoring stream.

Important! This is not a role where you:

• sit in SIEM all day clicking alerts
• blindly add rules
• overcomplicate things with ML

This is a role where you: build detection systems that work in practice.

What you'll be doing

Detection & analytics

• Build and maintain detections across:
• application logs (auth, APIs, business logic abuse)
• cloud activity (CloudTrail, IAM, infrastructure changes)
• network telemetry (DNS, proxy, firewall, NetFlow)
• Work directly with data in platforms like Elasticsearch / Splunk / similar
• Write and tune detection logic (queries, correlation rules)
• Reduce noise — expect to spend time fixing false positives, not just adding new rules.

Working with data (this is a big part of the job)

• Build pipelines for:
• log ingestion
• normalization
• feature extraction
• Work with streaming or batch pipelines (Kafka / queues / scheduled jobs)
• Turn raw logs (e.g. CloudTrail) into structured data usable for detection.

Anomaly detection / ML (practical, not theoretical)

• Apply simple models where they add value (e.g. One-Class SVM or similar approaches)
• Focus on:
• behavior baselining
• anomaly scoring
• Tune models based on real output (false positives matter more than theory) 
• If ML does not improve signal — don't use it.

Automation & response

• Build response playbooks for common cases
• Automate where it actually saves time (not for the sake of it)
• Integrate with SOAR or write lightweight orchestration
• Improve:
• detection speed
• response consistency.

AI usage (realistic expectations)

• Use LLMs for:
• alert enrichment
• investigation summaries
• internal tooling
• Not building an "AI security platform"
• Focus on practical gains, not hype.

Threat hunting

• Run targeted hunts based on hypotheses
• Use internal data + external signals
• Identify gaps in logging and detection.

Requirements

• Solid experience with SIEM (Elastic, Splunk, Sentinel, etc.)
• Strong understanding of:
• cloud activity (especially AWS logs and IAM)
• network basics
• modern application behavior (APIs, auth flows)
• Comfortable working with large datasets (not afraid of raw logs)
• Python or similar for data processing
• Experience with automation (SOAR or custom scripts).

Nice-to-have (but not critical)

• Experience applying ML to logs (even simple models is enough)
• Familiarity with LLMs in tooling (not research)
• Experience with data pipelines (Kafka, Spark, etc.)
• MITRE ATT&CK mapping

What will make you effective here

• You don't trust alerts blindly
• You care about signal quality, not number of detections
• You can debug why a detection is noisy or useless
• You understand systems, not just tools
• You prefer building something once instead of repeating manual work.

How success looks like

• Fewer false positives
• Better visibility across systems
• Faster investigations
• Less manual work in SOC
• Detections that actually catch real issues

About Teramind

Teramind is the leading platform for user behavior analytics, serving multiple use cases from insider risk mitigation to business process optimization. With our comprehensive suite of solutions, organizations gain unprecedented visibility into user activities while enhancing security, optimizing productivity, and ensuring compliance. Trusted by Fortune 500 companies and businesses of all sizes across industries, our innovative platform helps organizations protect sensitive data, maximize workforce performance, and create safer, more efficient digital workplaces. Through real-time monitoring and advanced analytics, we enable businesses to safeguard their most sensitive information while optimizing employee productivity in both in-office and remote work environments.

Our Core Values

At Teramind, our values drive everything we do. We embrace innovation as a fundamental principle, constantly pushing boundaries to improve our products, streamline processes, and enhance customer experiences. We foster resourcefulness by empowering our team members with the autonomy and confidence to solve problems independently while providing collaborative support when needed. As a globally inclusive organization, we celebrate diversity and create an adaptable work culture where respect and collaboration thrive across our international teams. Above all, we are committed to excellence, delivering the highest quality in every aspect of our work and consistently exceeding expectations in service to our clients and each other.

Key Responsibilities 

Security in the SDLC

• Own and enforce DevSecOps practices across CI/CD pipelines (SAST, DAST, SCA, and other practices)
• Integrate automated security tooling into development workflows; reduce manual security gates
• Partner with development teams to perform secure code reviews and threat modeling

Vulnerability & Risk Management

• Drive vulnerability identification, triage, and remediation across infrastructure and applications
• Manage security tooling stack
• Produce and maintain a risk register; track remediation SLAs

Penetration Testing, crowd testing & Incident Response

• Lead or coordinate internal/external penetration testing cycles
• Manage crowd testing campaigns
• Develop and maintain an incident response playbook; support incident investigations

Compliance & Governance

• Support compliance with SOC 2, ISO 27001, GDPR, and relevant data protection frameworks
• Define and enforce security policies, standards, and developer security training

Leadership & Collaboration

• Act as the primary security SME for the engineering organization
• Mentor developers on secure coding practices; build a security-first engineering culture
• Interface with external auditors, clients, and the executive team on security posture

Requirements

• 5+ years of experience in DevSecOps, application security, or security engineering
• Demonstrated experience managing security in software development environments (not just ops/infrastructure)
• Strong development background, proficiency in at least 1 language (eg: Python, Go, Java, C#)
• Hands on experience with CI/CD security tooling (SAST/DAST/SCA integration, secrets management)
• Experience with cloud security (AWS, Azure, or GCP) and container security (Docker, Kubernetes)
• Familiarity with SOC 2 or ISO 27001 compliance frameworks
• Excellent English communication skills (written and verbal)

Preferred/Nice to Have

• Penetration testing experience or relevant certification (OSCP, CEH, GPEN)
• Security certifications (CISSP, CSSLP, AWS Security Specialty, or similar)
• Experience at a B2B SaaS or cybersecurity product company
• Familiarity with insider threat, DLP, or endpoint security product domains

Why join us?

• Opportunity to shape the technical vision of a fast-growing company.

• Work alongside talented engineers solving challenging problems.

• Influence not just the codebase, but also the culture and processes of the engineering organization.

Benefits

This is a remote job. Work from anywhere! We’ve been thriving as a fully-remote team since 2014. To us, remote work means flexibility and having truly diverse, global teams.

Additionally:

• Collaboration with a forward-thinking team where new ideas come to life, experience is valued, and talent is incubated.

• Competitive salary

• Career growth opportunities

• Flexible paid time off

• Laptop reimbursement

• Ongoing training and development opportunities

About our recruitment process

We don’t expect a perfect fit for every requirement we’ve outlined. If you can see yourself contributing to the team, we want to hear your story. You can expect up to 3 interviews. In some scenarios, we’re able to streamline the process to have minimal rounds. Director-level roles and above should expect a more thorough process, with multiple rounds of interviews.

All roles require reference and background checks

Teramind is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration without regard to race, age, religion, color, marital status, national origin, gender, gender identity or expression, sexual orientation, disability, or veteran status.

We are looking for an Affiliate Operations & Anti-Fraud Analyst to support our Affiliate team by ensuring traffic quality, accurate partner reconciliations, and correct payout calculations.

This role combines affiliate operations and fraud analysis, helping us maintain transparent relationships with partners and protect the business from low-quality or fraudulent traffic.

HOW YOU WILL MAKE AN IMPACT:

• Analyze affiliate traffic across CPA / RevShare / Hybrid models;
• Detect fraud patterns (bot traffic, duplicates, incentive traffic, low-quality traffic);
• Cross-check traffic and player data across multiple platforms;
• Perform monthly reconciliations with affiliate partners;
• Calculate and verify final payout amounts;
• Ensure invoice accuracy before submitting to the finance team;
• Communicate with partners regarding discrepancies and fraud cases;
• Align and approve final reconciliation results with affiliates;
• Clearly explain discrepancies and defend calculations;
• Support Affiliate Managers with operational tasks and data validation.

WHAT WILL HELP YOU SUCCEED IN THE ROLE:

• 1+ years of experience in affiliate operations, traffic analysis, fraud, risk, or similar roles;
• Strong understanding of affiliate models (CPA, RevShare, Hybrid);
• Experience with reconciliation processes and payout calculations;
• Understanding of tracking systems, postbacks, and attribution logic;
• Knowledge of fraud detection principles (bot traffic, duplicates, incentive traffic, chargebacks);
• Strong Excel / Google Sheets skills;
• Ability to work with large datasets and meet deadlines;
• Intermediate English for partner communication. 

WILL BE A PLUS:

• Basic understanding of AML/KYC principles;
• Experience in iGaming / betting / high-risk verticals;
• Experience working with large volumes of traffic and payouts. 
   

WHY YOU’LL LOVE IT HERE:

• Flexible working hours and a remote work setup, so you can plan work around your life and not your life around work!
• Unlimited vacation days and paid sick leave—because your rest matters.
• A competitive compensation that truly reflects your skills and expertise.
• Employee referral bonus and gifts to celebrate your special occasions.
• 50% financial support for learning expenses to supercharge your professional growth!
• A positive atmosphere where you always feel respected and truly belong.
• Inspirational team-building activities that turn colleagues into best friends.
• Wellness benefits: We’ll support your sports passions, from yoga classes to gym memberships.
• Co-working space reimbursement to save your nerves from always working from home :)

About the company

Our client is a leading autonomous vehicle technology company operating at the cutting edge of self-driving software development. 

Role overview

We are not looking for a traditional SOC analyst. This role is about building detection systems, not clicking through alerts. You will work with large volumes of logs (cloud, application, network), design detection logic, and improve it over time. That includes both rule-based detection (SIEM/XDR) and data-driven approaches (statistical models, anomaly detection, simple ML where it makes sense). You should be comfortable treating logs as a data problem, not just a monitoring stream.

Important! This is not a role where you:

• sit in SIEM all day clicking alerts
• blindly add rules
• overcomplicate things with ML

This is a role where you: build detection systems that work in practice.

What you'll be doing

Detection & analytics

• Build and maintain detections across:
• application logs (auth, APIs, business logic abuse)
• cloud activity (CloudTrail, IAM, infrastructure changes)
• network telemetry (DNS, proxy, firewall, NetFlow)
• Work directly with data in platforms like Elasticsearch / Splunk / similar
• Write and tune detection logic (queries, correlation rules)
• Reduce noise — expect to spend time fixing false positives, not just adding new rules.

Working with data (this is a big part of the job)

• Build pipelines for:
• log ingestion
• normalization
• feature extraction
• Work with streaming or batch pipelines (Kafka / queues / scheduled jobs)
• Turn raw logs (e.g. CloudTrail) into structured data usable for detection.

Anomaly detection / ML (practical, not theoretical)

• Apply simple models where they add value (e.g. One-Class SVM or similar approaches)
• Focus on:
• behavior baselining
• anomaly scoring
• Tune models based on real output (false positives matter more than theory) 
• If ML does not improve signal — don't use it.

Automation & response

• Build response playbooks for common cases
• Automate where it actually saves time (not for the sake of it)
• Integrate with SOAR or write lightweight orchestration
• Improve:
• detection speed
• response consistency.

AI usage (realistic expectations)

• Use LLMs for:
• alert enrichment
• investigation summaries
• internal tooling
• Not building an "AI security platform"
• Focus on practical gains, not hype.

Threat hunting

• Run targeted hunts based on hypotheses
• Use internal data + external signals
• Identify gaps in logging and detection.

Requirements

• Solid experience with SIEM (Elastic, Splunk, Sentinel, etc.)
• Strong understanding of:
• cloud activity (especially AWS logs and IAM)
• network basics
• modern application behavior (APIs, auth flows)
• Comfortable working with large datasets (not afraid of raw logs)
• Python or similar for data processing
• Experience with automation (SOAR or custom scripts).

Nice-to-have (but not critical)

• Experience applying ML to logs (even simple models is enough)
• Familiarity with LLMs in tooling (not research)
• Experience with data pipelines (Kafka, Spark, etc.)
• MITRE ATT&CK mapping

What will make you effective here

• You don't trust alerts blindly
• You care about signal quality, not number of detections
• You can debug why a detection is noisy or useless
• You understand systems, not just tools
• You prefer building something once instead of repeating manual work.

How success looks like

• Fewer false positives
• Better visibility across systems
• Faster investigations
• Less manual work in SOC
• Detections that actually catch real issues

Come build something true with us.

We’re True Sea Moss, a fast-growing wellness brand built on the healing powers of one of nature’s oldest superfoods, sea moss.

No powdered promises. No pretty lies. Our products move through a complex global supply chain — and behind that flow sits structure, discipline, and crystal-clear organization.

As we scale across marketplaces, systems, marketing platforms, data warehouses, and internal tools, security is no longer optional — it’s foundational.

We’re looking for a Cybersecurity Specialist — someone exceptionally structured, risk-aware, and confident owning company-wide security, access control, and infrastructure protection end-to-end.

Now — who are we looking for?

You’re the person who sees vulnerabilities before others even notice them.

You think in permissions, identity management, audit logs, and prevention frameworks. You don’t just react to incidents — you design systems that minimize the chance of them happening.

You’re calm under pressure, precise in execution, and serious about protecting company data, systems, and people.

What You’ll Be Doing

• Own company-wide access management (Google Workspace, Slack, AWS, Shopify, BI tools, internal systems, etc.)
• Create, modify, and revoke user access based on role and security policies
• Implement role-based access control (RBAC) and least-privilege principles
• Maintain secure credential and password management systems
• Implement and enforce multi-factor authentication (MFA) across all platforms
• Secure cloud environments and monitor infrastructure permissions
• Monitor logs, detect suspicious activity, and define response protocols
• Build and maintain internal security policies and documentation
• Conduct periodic security audits and vulnerability assessments
• Develop backup and disaster recovery strategies
• Lead incident response processes when needed
• Educate the team on security awareness and best practices

What You Bring

• Proven experience in cybersecurity or information security
• Strong understanding of identity & access management (IAM) principles
• Experience securing cloud environments (AWS preferred)
• Knowledge of endpoint protection and monitoring tools
• Understanding of encryption, authentication, and network security fundamentals
• Experience implementing MFA and access governance frameworks
• Ability to create clear security policies and enforce standards
• Strong sense of ownership and discretion when handling sensitive data
• English level B2+
• Comfortable working remotely

Nice-to-Haves

• Experience working with fast-growing e-commerce or digital-first companies
• Experience preparing companies for compliance audits
• Background in cloud infrastructure security automation

Why Work With Us

• A role with real responsibility and ownership from day one
• Direct impact on how safely and confidently we scale
• High trust and autonomy
• Opportunity to build security systems from the ground up
• A team that values structure, clarity, and calm execution

Here’s How We Back Our Words with Care

• Welcome Pack and custom TrueSeaMoss merch to make sure you arrive like you were always meant to be here
• Sports reimbursement to support your physical and mental health
• Additional vacation days beyond standard holidays
• Coaching & career consultations to support your personal and professional growth
• Access to corporate English lessons to sharpen your communication skills
• WHOOP membership to help you track your health, sleep, and recovery
• Coworking membership if you prefer a hybrid work lifestyle
• Sabbatical options after long-term contributions
• Travel grants to support work-related or wanderlust trips — we believe in leaving to come back better
• Project grants for side ideas, personal initiatives, or creative experiments

So — does this sound like you?

If you’re serious about protecting systems, building secure foundations, and owning cybersecurity end-to-end — we’d love to meet you.

We are looking for an IAM Security Engineer to build and strengthen our identity and access security controls across cloud, SaaS, and internal systems. In this role, you will be responsible for implementing practical Zero Trust principles, ensuring secure authentication, enabling Single Sign-On (SSO), enforcing Multi-Factor Authentication (MFA), and handling other key security tasks. Join our team to help protect sensitive data and improve the overall security posture of our systems.

Responsibilities

• Implement and maintain IAM controls across cloud, SaaS, and internal platforms
• Configure and optimize SSO integrations using SAML, OAuth 2.0, and OIDC
• Design and refine MFA and Conditional Access policies 
• Support secure user lifecycle processes, including Joiner, Mover, and Leaver (JML) activities
• Participate in access reviews and privilege cleanup activities
• Troubleshoot  authentication and authorization issues
• Analyze authentication events and provide technical expertise for identity-related investigations
• Collaborate with Engineering and IT teams to ensure secure onboarding of applications and access models
• Ensure alignment with audit and compliance requirements related to IAM controls
• Contribute to practical Zero Trust improvements based on company priorities and maturity

Requirements

• 3+ years of hands-on experience in IT or Information Security with a dedicated focus on Identity and Access Management (IAM), authentication, SSO, MFA, access control and user administration
• Practical experience with major Identity Providers such as Microsoft Entra ID, Okta, or similar solutions
• Solid grasp of identity standards, including SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC)
• Proven ability to configure SSO integrations, manage MFA policies, and administer user/group/role hierarchies
• Strong understanding of Least Privilege, Conditional Access frameworks, and Joiner-Mover-Leaver (JML) lifecycles
• Ability to troubleshoot authentication issues and analyze identity-related logs
• Proficiency in PowerShell, Python or Bash
• English - Intermediate or higher (for free communication)

Will be a plus

• Practical experience in automating identity workflows, including user provisioning, deprovisioning, access reviews, and role-based access assignments
• Experience in enterprise-scale Fintech, Banking, or Telecom industries

We offer

• 20 paid vacation days per year
• 10 paid sick leave days per year
• Public holidays as per the company’s approved Public holiday list
• Medical insurance
• Opportunity to work remotely
• Professional education budget
• Language learning budget
• Wellness budget (gym membership, sports gear and related expenses)

Playson is a leading iGaming supplier operating in multiple regulated markets, delivering engaging casino content and advanced technology. We’re a fast-growing, tech-driven company that values innovation, autonomy, and ownership. At Playson, we welcome people who are curious, proactive, and passionate about solving complex challenges at scale.

We are ISO/IEC 27001 certified and committed to maintaining a robust security and compliance posture across all our operations.

About the Role

We are looking for a Security Lead to strengthen Playson’s information security framework and drive continuous improvement of our security culture. This role combines technical expertise, investigative focus, and process leadership - ensuring that our systems, data, and people remain secure, compliant, and resilient.

What will you be doing?

Information Security & Compliance

• Maintain and continuously improve the ISO/IEC 27001:2022 Information Security Management System (ISMS).
• Foster a strong Security-First mindset across the organization.
• Work closely with the CTO, Head of IT, and DevOps to enhance internal security controls.
• Conduct internal audits, risk assessments, and coordinate certification renewals.
• Update security policies and controls in line with ISO 27001, GDPR, and relevant international frameworks (e.g., NIST CSF and NIS2 principles where applicable).
  Manage integrations and alerting within Datadog SIEM, CrowdStrike, Cloudflare, and Google Workspace.
• Support DLP implementation and maintain central tracking of security events.
• Document risks, incidents, and corrective actions to ensure continuous compliance.

Incident Response & Investigation

• Lead investigations into security incidents such as phishing, data leakage, or unauthorized access.
• Collect and analyze digital evidence across systems (CrowdStrike, Cloudflare, Google, Slack).
• Maintain and enhance incident response playbooks and escalation workflows.
• Collaborate with HR, Legal, and IT teams during internal investigations.
• Produce post-incident reports and recommend remediation measures.

Endpoint & Access Security

• Manage MDM systems (Zoho MDM, Endpoint Central) and ensure full compliance for macOS endpoints.
• Maintain CrowdStrike Falcon configurations and endpoint posture enforcement.
• Oversee SSO, MFA, and 2FA enforcement across services (Google SSO, DUO Mobile, 1Password).
• Implement Just-in-Time (JIT) privilege elevation and regular admin access reviews.
• Perform Quarterly RAS Access Management Reviews.

• Maintain a consistent audit trail for access management throughout the year.

   

To succeed in the role, you will have:

• 3+ years of experience in information security, IT audit, or digital investigations.
• Solid understanding of ISO 27001, GDPR, and modern security frameworks (NIST CSF / NIS2).
• Hands-on experience with SIEM / EDR systems
• Proven ability to manage SSO, MFA, DLP, and MDM environments.
• Strong communication skills in English (B2 or higher).
• Analytical mindset, integrity, and attention to detail.

Preferred additional qualifications:

• Certifications: CISSP, CISM, CEH, ISO 27001 Lead Auditor, AWS Security Specialty.
• Experience with Zero Trust, PAM, DLP/CASB, or SOAR platforms.
• Forensics experience.
• Experience in designing awareness programs or running phishing simulations.

What you get in return:

• Competitive Salary: We offer a competitive salary in EUR, subject to annual performance reviews
• Quarterly Bonuses: Benefit from a transparent and systematic quarterly bonus system
• Flexible Schedule: We offer a flexible work schedule to accommodate your needs
• Remote Work Option: Choose to work remotely, providing greater flexibility and comfort
• Medical Insurance: Receive comprehensive medical insurance for both you and a significant other
• Financial Support for Life Events: We provide financial support during special life events
• Unlimited Paid Vacation: Enjoy unlimited paid vacation leave
• Unlimited Paid Sick Leave: Take unlimited paid sick leave whenever necessary
• Professional Development: Get reimbursement for professional development courses and training

The recruitment process includes the following steps:

1. HR Interview (30-45 mins)

2. Technical interview with Service Desk & Security Lead (60 mins)

3. Final Interview with CTO and People Business Partner (60 mins)

KPMG is a global network of professional firms providing Audit, Tax and Advisory services.
 

We operate in 143 countries and territories, and in FY22, collectively employed more than 265,000 people working in member firms around the world. KPMG is the brand under which the member firms of KPMG International Limited (“KPMG International”) operate and provide professional services. “KPMG” is used to refer to individual member firms within the KPMG organization or to one or more member firms collectively.
 

KPMG is committed to three key imperatives: quality of services, insight into the problems of our clients, and integrity in our business. It is these principles that drive our firms’ professionals to provide audit, tax, and advisory services that reflect global consistency and unwavering integrity. We will build and sustain our reputation as the best firm to work with by ensuring that our people, our clients and our communities achieve their full potential.
 

Experience and Skills

• Education: Bachelor’s or Master’s degree in Information Technology, Engineering, Computer Science, Information Systems, or Cybersecurity.
• Work Experience: Minimum of 5 years in designing and administering network infrastructure (or 2–3 years of experience in information security and/or at least 1 year in a managerial role).
• Network and Cloud Technologies: In-depth knowledge of network protocols and infrastructure, operating systems (Linux, Windows), and hands-on experience with cloud platforms (AWS, Azure, GCP), including ensuring their security.
• Network Security Tools: Experience in configuring and managing modern network security solutions such as next-generation firewalls (NGFW), web application firewalls (WAF), VPNs, IDS/IPS systems, as well as SIEM, EDR, NDR, SOAR, network access control (NAC), and similar protection tools.
• Secure Architecture: Practical skills in building secure network architectures using segmentation, micro-segmentation, and zero-trust principles.
• Incident Response: Experience in responding to cybersecurity incidents and investigating security events using appropriate tools and evidence analysis.
• Threat Modeling and Risk Assessment: Ability to perform threat modeling and cyber risk assessments, analyze potential threats, and develop appropriate security measures.
• Regulations and Standards: Knowledge of and compliance with information security legislation and standards (ISO/IEC 27001, NIST Cybersecurity Framework, NBU requirements, PCI DSS, etc.).
• Automation and Scripting: Hands-on experience in scripting and automating processes using Python, PowerShell, Bash, or similar languages.
• Certifications: Possession of international cybersecurity certifications is an advantage (e.g., CISSP, CISM, CISA, GIAC/SANS, OSCE, OSCP, CCNP Security/CyberOps, CCSP, and vendor-specific certifications).
   

Benefits:

• comprehensive remuneration package;
• transparent path of career growth;
• a wide range of training and development programs;
• opportunities for further development of professional skills through participation in diverse projects with international focus.
   

If you are passionate about cybersecurity, possess strong technical and managerial skills, and thrive in a collaborative environment, we invite you to join our team and contribute to the security and success of our clients.
 

KPMG in Ukraine creates a work environment that provides everyone with opportunities to develop and build a career. We are committed to the principle of zero tolerance for any form of discrimination based on age, gender, sexual orientation or disability. We respect the diversity of opinions and experiences, as we are convinced that by working together, people with different knowledge and views generate more creative ideas, find better solutions and develop innovative products.
 

You are welcome to join the diverse team of KPMG in Ukraine, express your individuality and realise your potential

About the project

We're working on an enterprise-scale Cyber Recovery Environment in AWS — built to protect critical workloads from ransomware and destructive attacks. Think highly isolated cloud architecture, immutable storage, fail-closed security, and automated access controls. Everything is scoped to NIST 800-53 Moderate, with a full audit-ready evidence package ready at go-live.

The role

You'll be the person who owns security controls — from design to validation to ongoing review — with everything implemented as code. It's a part-time engagement (~20 hrs/week) with a predictable twice-weekly review cadence covering infrastructure, IAM, encryption, and serverless automation. You'll work closely with GRC, SOC, and Cloud/DevOps teams, so communication matters as much as technical depth here.

What you'll be doing

• Designing and implementing security controls against NIST 800-53 Moderate — tailoring them to the environment and mapping inheritance across layers
• Running regular security reviews of Terraform and IaC changes, keeping a clean findings log and tracking remediations
• Reviewing and shaping IAM policies, SCPs, and access models across a multi-account AWS setup
• Designing and validating KMS encryption — key policies, rotation schedules, and cross-account access patterns
• Reviewing and improving serverless automation — replication windows, access controls, and security boundaries
• Making sure logging, monitoring, and threat detection are properly configured end-to-end
• Validating the fail-closed model — access restrictions, automated controls, and break-glass procedures
• Keeping the Control Traceability Matrix up to date and putting together audit evidence packages in immutable storage
• Supporting SIEM integration, tuning detection rules, writing runbooks, and helping internal teams get up to speed

What we're looking for

• 5+ years in AWS Security or DevSecOps engineering
• Solid, hands-on Terraform experience — you know what to look for in an IaC security review
• Real familiarity with NIST 800-53 Rev. 5 and what it actually takes to pass an audit
• Deep knowledge of IAM, Identity Center, SCPs, and multi-account AWS architecture
• Strong background in KMS and encryption design
• Hands-on with AWS security and monitoring services — logging, config, threat detection
• Experience validating automated, fail-closed security architectures
• Comfortable writing Python and/or Bash
• Clear communicator — you document things well and can explain security decisions to non-security people

Nice to have

• Cyber recovery / immutable storage
• S3 Object Lock
• Security Hub Macie · Inspector · Access Analyzer
• AWS Solutions Architect Pro / DevOps Pro
• SOC 2 · PCI-DSS · HIPAA
• SIEM integration experience

What AppRecode offers

• 20 days of paid annual leave plus public holidays.
• 5 paid sick days per year.
• Remote-first work environment.
• Friendly and supportive team culture.
• Personal development plans and access to experienced mentors and technical leaders.
• Reimbursement for sports activities and professional certifications (after probation).
• Ongoing learning opportunities: internal trainings and knowledge-sharing sessions.
• Free English classes if you want to further improve your communication skills.

Join the Wix security team as a SOC Analyst and help protect our global platform. This role focuses on incident analysis, threat hunting, and security automation within our large-scale, hybrid-cloud environment. You'll work alongside security experts to defend against modern threats.

Key Responsibilities

• Incident Management: Manage the full incident lifecycle from detection to resolution.
• Security Automation: Build and maintain SOAR playbooks to reduce manual work and improve detection.
• Threat Hunting: Proactively hunt for threats across our networks and endpoints using a hypothesis-driven approach.
• Team Collaboration: Partner with Incident Response and Engineering to enhance our security posture.

Qualifications

• 1+ years of experience in the cyber security field (e.g., SOC, incident response, or similar security roles).
• Hands-on expertise with modern security tools like SIEM, EDR, and SOAR.
• Strong investigative skills with a deep understanding of core cybersecurity concepts.
• Experience securing complex hybrid-cloud environments (AWS, GCP, or Azure).
• Excellent analytical and communication skills.
• Willingness to cover occasional off-hours shifts as part of our 24/7 follow-the-sun team.
• Relevant security certifications (e.g., GIAC, HTB CDSA, THM SAL) are a plus.

About the Role

We are looking for a highly skilled and strategic Senior DevSecOps Engineer to lead our security operations and infrastructure automation initiatives. In this role, you will bridge the gap between development, security, and operations, ensuring our on-premise environment remains secure, resilient, and efficient.
You will act as a subject matter expert, leveraging cutting-edge tools like CrowdStrike to automate threat detection and response, while maintaining robust perimeter security via Cloudflare.

Key Responsibilities
Implementation and automation of security tools in the CI/CD process (SAST, DAST, SCA).
Analysis of vulnerabilities in code, infrastructure and containers.
Development and configuration of security monitoring systems, incident response.
Monitoring and improving the security level of on-prem infrastructures.
Interaction with developers, DevOps and security teams to implement secure practices.
Active participation in the processes of IAM configuration, management of certificates, secrets and access policies.
Conducting internal security audits, participation in external (e.g. penetration) tests.

Requirements

Must-have:
Experience: 5+ years of experience in DevSecOps, Security Engineering, or a related field, with at least 2 years in a Senior role.
Tooling Expertise: Deep hands-on experience with the following specific tools:
Baremetal/on-premise infrastructure
Docker (Docker Swarm is a strong plus)
Gitlab CI 
CrowdStrike
Cloudflare
ELK.
SIEM Proficiency: Proven experience deploying and tuning SIEM solutions (e.g., Splunk, Elastic Security, Datadog, or similar).
Infrastructure: Strong background in managing on-premise infrastructure (physical servers, data centers, virtualization, networking).
Scripting: Proficiency in Python, Go, or Bash for automation and tooling.

Nice-to-have:
Experience with Kubernetes and such tools as Wiz.io and Torq.
Previous involvement in high-load, regulated, or 24/7 production environments (e.g., iGaming, FinTech, telecom or similar).

We offer
Fully remote work opportunity
Enhanced leave benefits:
20 days of paid vacation
5 paid days off
14 paid sick leaves
Company clubs & communities
Celebration gifts for personal milestones
Corporate online events, raffles & challenges
Corporate English program
Corporate yoga classes
Team-building activities
Coworking compensation
Training and development programs (internal & external).

We are looking for an IT Security Analyst with hands-on experience working with IT infrastructure and understanding cybersecurity compliance requirements.

The primary objective of the role is to conduct technical audits of security systems, infrastructure and processes, verify compliance with standards requirements and help departments implement secure practices. 
 

Main responsibilities:
 

• Conducting technical audits of IT infrastructure (servers, network, cloud services, access systems);
• Checking compliance with standards and regulatory requirements: ISO 27001,PCI DSS, NIST, internal security policies;
• Analysis of system configurations (Windows/Linux, network devices, IAM);
• Verification of: logging and monitoring, access management, network segmentation, backup, vulnerability management;
• Assessing the security architecture of IT systems;
• Preparing technical audit reports and recommendations;
• Interacting with IT teams to address identified risks;
• Participating in the implementation of security processes.
   

Main requirements:
 

• 4+ years in IT administration;
• 1–2 years in cybersecurity;
• Experience working in a company with formal security compliance requirements.
   

Technical knowledge:

• Windows Server / Linux, VMware;
• Networking (TCP/IP, VLAN, VPN, firewall);
• Active Directory / IAM;
• Logging and SIEM;
• Cloud infrastructure (AWS / Azure / GCP would be a plus);
• Basic knowledge of DevOps / containers would be a plus.
   

Security knowledge:

• System hardening;
• Access management;
• Vulnerability management;
• Security monitoring;
• Network security.
   

Standards:

• ISO 27001;
• PCI DSS;
• NIST.
   

Would be a big plus:
 

• Experience in technical audits;
• Work in a SOC;
• Experience in pentests or vulnerability scanning;
• Certifications: CISSP, CISA, CEH, ISO 27001.
   

What we offer:
 

• Having the capability to create something new and witness your own input;
• You can find confidence in the future here, but rest assured it won’t be dull;
• Join a dynamic and expanding community. Our company is experiencing growth and expanding into Europe. Currently, we have offices in Kyiv, and Warsaw and plan to open additional locations in other countries;
• Join our experienced team that values professional development and embraces new opportunities.
   

Are you passionate about making the internet a safer place? We are looking for a Middle Security Operations Researcher to join our team and help protect enterprise clients from harmful bots and online threats. This is a remote, full-time role that offers the opportunity to work directly with global customers, analyzing traffic patterns and neutralizing malicious activity.

At Sigma Software, we value expertise, ownership, and proactive communication. You will collaborate with a diverse international team while enjoying the flexibility of working from anywhere.

Why join us? You will work on impactful cybersecurity projects, gain exposure to cutting-edge analytics tools, and contribute to safeguarding digital ecosystems worldwide.

CUSTOMER
Our customer is a global provider of comprehensive security solutions, protecting individuals, organizations, and communities from a wide range of risks, particularly in the digital space. Their enterprise-focused products specialize in bot defense and invalid traffic detection, helping clients safeguard critical systems and maintain operational integrity.

PROJECT
The project focuses on real-time threat detection and bot mitigation for enterprise-scale clients. Security Operations Researchers collaborate directly with customers, leveraging advanced analytics platforms to identify malicious traffic patterns and neutralize online threats. This dynamic environment requires both technical expertise and strong communication skills.

JOB DESCRIPTION:

• Provide Tier 2 technical support to customers in real time, delivering clear and professional responses
• Analyze logs, graphs, and dashboards, isolating and investigating data using tools like Kibana
• Manage and organize cases, tickets, and requests in Salesforce
• Perform back-office tasks, including writing and maintaining suspicious field expressions
• Write and optimize SQL queries for data retrieval, analysis, and manipulation in BigQuery
• Communicate with global customers, ensuring timely responses and effective issue resolution
• Work in a shift-based schedule, including weekend shifts

QUALIFICATION:

• 3+ years of experience in data analysis, including working with logs and dashboards
• Experience working with web traffic data, including HTTP traffic, logs, request analysis, and traffic pattern investigation
• Strong SQL skills: Common Table Expressions (CTE), aggregations, GROUP BY, ORDER BY, filters, window functions (e.g., RANK()), and subqueries
• Experience with SIEM systems. Nice to have: experience with the Elastic Stack
• Technical understanding of web technologies and client–server architecture (APIs, HTTP, basic HTML/JavaScript)
• Strong troubleshooting and problem-solving skills
• Experience in customer support, including direct communication with clients; professionalism and politeness are essential

• Strong English communication skills

   

WILL BE A PLUS:

• Experience in a Cybersecurity Analyst/Researcher role, ideally supporting external customers in threat detection and response
• Experience in web security and security research: web application security, bot management, fraud detection
• Basic Python skills
• Experience with Kibana

PERSONAL PROFILE:

• High level of responsibility and ownership
• Ability to work independently with minimal supervision
• Planning and decision-making skills with considerations for multiple integrated systems
• Proactive communicator who keeps stakeholders informed without being prompted

Work schedule: 40 hours per week, 5 days per week. Workdays can be adjusted to start earlier or later, including weekends if necessary.

N-iX is looking for skilled Senior/Lead Active Directory Engineer to join our team! Our customer is the European online car market with over 30 million monthly users, with a market presence in 18 countries. As a Lead Active Directory Engineer, you will play a pivotal role in shaping the future of online car markets and enhancing the user experience for millions of car buyers and sellers. We require a Lead Engineer to assess, clean up, and harden multiple inherited single-forest, single-domain Active Directory environments. These environments require standardization, security hardening, and alignment with current best practices. The focus will be on improving AD structure, security posture, Group Policy hygiene, and operational consistency, while also evaluating long-term viability and integration with enterprise IAM platforms. This is a hands-on senior role requiring deep expertise in Active Directory architecture, security, identity integration, and remediation of legacy configurations, including alignment with industry audit and compliance standards (e.g., PCI DSS).

Requirements:

• EDT Timezone work hours
• Extensive hands-on experience (typically 7+ years) with Active Directory engineering and administration.
• Proven experience performing AD clean-up, consolidation, or post-transition integration work.
• Strong expertise in: Active Directory (single-domain environments at scale), Group Policy design, cleanup, and optimization, OU design and delegation models.
• Demonstrated experience with: AD security hardening (tiered admin model, least privilege, attack surface reduction), identifying and remediating, stale objects (users, computers, groups), legacy permissions and misconfigurations, GPO sprawl and conflicts.
• Experience integrating Active Directory with IAM/IdP platforms, including: Azure AD / Entra ID - must have, Okta - nice to have, etc, SSO, federation, and identity synchronization (e.g., AAD Connect or equivalent), role-based access control (RBAC) and identity lifecycle management.
• Experience working within regulated or audited environments, including: PCI DSS (or similar frameworks such as ISO 27001, NIST).
• Implementing controls related to identity, access management, and auditability.
• Strong knowledge of: Authentication protocols (Kerberos, NTLM, SAML/OIDC basics), DNS (AD-integrated), replication, and site topology.
• Experience with tools such as: ADUC, ADSIEdit, Group Policy Management Console, PowerShell (AD module - must have) for bulk changes and reporting.
• Experience in auditing and improving: privileged access (Domain Admins, Enterprise Admins), service accounts and delegation.
• At least upper-intermediate English level.

 Responsibilities:

• Perform a comprehensive assessment of current AD environments.
• Identify and remediate: inactive/stale objects, legacy groups and excessive permissions, GPO duplication, conflicts, and inefficiencies.
• Redesign and implement: OU structure and delegation model, Group Policy strategy aligned to best practices.
• Implement security hardening measures, including: privileged access model (e.g., tiering), reduction of attack surface and legacy protocols.
• Alignment with audit/compliance requirements (e.g., PCI DSS controls).
• Integrate AD environments with enterprise IAM platforms, including: identity synchronization and federation, access model alignment (RBAC / least privilege), SSO enablement and identity lifecycle processes.
• Review and optimize: AD Sites and Services (replication topology), DNS configuration and health.
• Develop and execute cleanup and remediation plans with minimal disruption.
• Automate tasks and reporting using PowerShell.
• Produce clear documentation and operational standards, including audit-ready configurations.

Nice-to-Have Certifications:

• Microsoft Certified: Windows Server Hybrid Administrator Associate
• Microsoft Certified: Identity and Access Administrator Associate (SC-300)
• Microsoft Certified: Azure Solutions Architect Expert
• MCSA / MCSE (legacy but relevant)
• Security certifications (e.g., CISSP, Security+, CISM)
• Okta Certified Professional / Administrator (or similar IAM certifications)