Jobs Security Analyst

Position Name: Information Security Analyst
Reports to: Chief Information Security Officer
Location/Type: Remote (UA Candidates only)

Atlas Technica's mission is to shoulder IT management, user support, and cybersecurity for our clients, who are hedge funds and other investment firms. Founded in 2016, we have grown year over year through our uncompromising focus on service.

We value ownership, execution, growth, intelligence, and camaraderie. We are looking for people who share our Core Values, thrive, and contribute to this environment while putting the customer first. At Atlas Technica, we offer a competitive salary, comprehensive benefits, and great perks to our global Team. We strive to maintain a professional yet friendly environment while promoting professional and career development for our Team Members. Join Atlas Technica now!

We seek a skilled Information Security Analyst to join our rapidly growing organization. This is a highly technical role providing excellent career development opportunities for the successful candidate. You will be work closely with the Chief Information Security Officer (CISO) and various teams to maintain and improve the security posture of Atlas and its clients. As a new position, this role will evolve, providing opportunities for growth and adaptation.

Responsibilities:

Vulnerability Management:

• Review vulnerability reports.
• Research scalable solutions for vulnerability remediation.
• Collaborate with Support/NOC to ensure remediations have minimal impact on clients and facilitate maintenance windows.
• Work with CS/Engineering to script and automate remediations.
• Track progress in ticketing system, including master tickets for multi-client initiatives and sub tickets for individual clients.
• Address vulnerabilities for clients' third-party vulnerability management, including overlap with Cavelo, and apply remedies to other clients.

Risk Management and Due Diligence:

• Provide accurate and timely responses to Due Diligence Questionnaires (DDQs).
• Review and analyze findings from risk assessments and penetration tests for Atlas and clients.
• Address identified vulnerabilities and recommend remediation strategies.
• Participate in Business Impact Analyses and tabletop exercises to enhance organizational resilience.

Industry Benchmark Alignment and Standards Updating:

• Start measuring alignment with Microsoft benchmarks in Intune and work on increasing the score.
• Address vulnerabilities and issues identified in workstation builds, cloud infrastructure configurations, and security configurations.
• Harden systems to enhance security across workstations, cloud infrastructure, and security configurations.

SOC 2 Maintenance and Additional Security Tasks:

• Perform test restores.
• Conduct reviews of our KnowBe4 phishing tests and training.
• Review SIEM logs.
• Assist in addressing cybersecurity incidents.
• Work with NOC and outsourced SOC on remediation runbooks.

• Perform additional tasks as assigned to support the security team and organization.

   

Requirements:

• Strong understanding of cybersecurity principles and practices.
• Experience with vulnerability management and remediation.
• Familiarity with Microsoft Intune and security benchmarks.
• Excellent analytical and problem-solving skills.
• Ability to work collaboratively with cross-functional teams.
• Strong communication skills, both written and verbal.
• Strong ability to work independently.
• Experience with security tools (SIEM, IDS/IPS, vulnerability scanners).
• Experience with RMM/SOAR and other automation platforms.
• Experience scripting.
• Experience writing runbooks.

Desirable Qualities:

• Experience working in an MSP environment (preferred, but not required).
• Relevant certifications (AZ-500, SC-900, SC-300, CompTIA Security+, etc.)

We are seeking a hands-on IT Security Specialist to design, implement, and operate effective security controls across our corporate IT and SaaS ecosystems. This role focuses on endpoint, identity, and SaaS security, building and maintaining secure baselines through effective use of MDM, EDR, and IAM, while ensuring controls are measurable, documented, and continuously improved.

You will work closely with Security and IT, Delivery, and Business stakeholders to reduce security risk, improve operational resilience, strengthen company-wide security awareness, and support audit readiness (SOC 2 / ISO/IEC 27001) through strong documentation, evidence collection, and continuous control improvement via GRC workflows.

Responsibilities

• Implement and administer MDM, EDR, and IAM controls (device enrollment & baselines, endpoint protection policies, hardening, SSO/MFA, conditional access, access reviews, etc.).
• Maintain and continuously improve the security baseline for endpoints and corporate SaaS services.
• Conduct regular security audits and assessments to ensure compliance with industry best practices and regulatory requirements (e.g., GDPR, ISO/IEC 27001, HIPAA).
• SIEM implementation, onboarding log sources, maintaining ingestion, and alerting.
• Perform risk assessments and recommend appropriate mitigation strategies.
• Prepare and maintain security awareness materials and support company-wide security awareness activities to improve employees’ cyber hygiene.
• Manage and respond to security incidents, including investigation, containment, eradication, recovery, and post-incident analysis.
• Support vulnerability and patch remediation workflows.
• Contribute to the development and maintenance of internal policies, procedures, and controls related to security and compliance.
• Support SOC 2 and ISO/IEC 27001 readiness by maintaining evidence, assisting with control implementation tracking, and operating via GRC workflows where applicable.
• Collaborate with other teams on secure onboarding of systems/vendors and ongoing security improvements.
• Monitor and mitigate phishing, malware, and other cyber threats.

• Maintain awareness of emerging threats and recommend improvements.

   

Requirements

• 3+ years of hands-on experience in an IT service/outsourcing company in the position of IT Security / SecOps with strong security ownership.
• Proven hands-on experience implementing and administering CrowdStrike Falcon (EDR/XDR), ManageEngine Endpoint Central (Zoho), and Okta IAM, in real environments (not just “familiarity”).
• Strong understanding of endpoint and identity security fundamentals (device hardening, patching, MFA/SSO, conditional access, access lifecycle, etc.).
• Hands-on experience with SIEM/log aggregation, including SIEM implementation, onboarding log sources, maintaining reliable log ingestion pipelines, and configuring alerting/use cases.
• Solid understanding of SaaS security.
• Experience with Google Workspace security administration at scale.
• Practical familiarity with SOC 2 and/or ISO/IEC 27001 concepts and operational routines.
• Experience in investigating security events and incidents, conducting root cause analysis, and producing post-incident reports.
• Basic scripting knowledge (Bash, Python, PowerShell) for automation.
• Strong analytical and troubleshooting skills, ability to work with logs, alerts, and system telemetry.
• Ability to write and maintain technical documentation (policies, standards, processes, playbooks).
• English: Upper intermediate or higher.
• Ability to work independently and as part of a team.
• Strong communication and interpersonal skills.

Would be a plus:

• Familiarity with data privacy and regulatory compliance requirements (e.g., GDPR, HIPAA, PCI DSS).
• Experience in data-intensive projects (DWH, BI, AI, analytics).

Who we  are: 

RBI Retail Innovation is a product development company, a part of the group of Raiffeisen Bank International (Vienna, Austria). We are a stable company that works in the EU market. Now we have products in Poland. Our ambition will be widespread in EU countries in the next few years. Our projects include next-gen digital banking platforms’ design, delivery, and post-delivery activities. Our team is international but mainly consists of Ukrainian developers. We have offices in Kyiv and Rivne. Our mission is to provide seamless banking with ease and speed that’s built for people. Our values are People First, Product Passion, and Trust.

About you: 

• At least 3 years of experience in the information security field, including but not limited to: Web/Mobile Application Security, Cloud Security, Penetration Testing, Vulnerability Assessment, etc.
• Ability to manually find and exploit basic web vulnerabilities
• Familiarity with OWASP Security Testing Guides, OWASP Top 10
• Knowledge and understanding of Application Security, Cloud Security (AWS), Authentication and Security protocols
• Strong communication troubleshooting skills
• Good English skills (Intermediate+)
• Self-disciplined

Will be a plus:

• Experience in web/mobile development
• Relevance certifications such as AWS Cloud Security, EC-Council CEH, Offensive Security: OSCP, OSWE, OSCE
• Security related publications, blog posts, and/or participation in tools development
• BugBunty experience (please provide link to your profile)
• Experience with various penetration testing tools (e.g., BurpSuite, Metasploit, OWASP ZAP)

You will:

Drive company application security and product improvements:

• Performing security assessment and internal penetration testing
• Working closely with Developers and DevOps on promoting, clarification, and implementing leading security mechanisms in the products and infrastructure
• Provide guidance on secure system architecture (including cloud security) and software development processes aiming to achieve best in class security for our products
• Estimate application security risks and suggest mitigation strategies, maintain Threat Modeling
• Assess current application security posture against OWASP ASVS and MASVS

Drive vulnerability management including:

• Provide recommendation and best practice on vulnerability remediation
• Facilitate, communicate, and assess mitigation steps
• Help key stakeholders to understand the vulnerabilities

Participate as (SME) subject matter expert in security incidents assessment, analysis, and remediation.

What we offer: 

• You will be a part of global team of RBI Group — one of the leading banking groups in Central and Eastern Europe 
• An opportunity to work with some of the most talented and experienced people in the Fintech industry 
• The ability to drive change and innovation in the products we develop 
• Official employment, gig-contract 
• Remote-first work model 
• Competitive salary 
• Personal and professional growth, corporate English courses 
• Paid sick days-off and 20 working days of vacation per year 
• Medical insurance 

Hello guys,

we are looking for a experienced soc analyst who had already worked with Wazuh or Graylog and is experienced in working with alerts.

It is best if he is skilled with deep alert management and threat hunting.

We are using Wazuh Explore tab for threat hunting but need some guidance to work with alerts. 

We are the creators of a new fintech era!
Our mission is to revolutionize the world by making blockchain technology accessible to everyone in everyday life. WhiteBIT is a global team of more than 1,200 professionals united by a shared vision of shaping the Web3 future.
We are building our own blockchain ecosystem, ensuring maximum transparency and security for over 8 million users worldwide. Our cutting-edge solutions, rapid adaptation to market challenges, and technological excellence set us apart from traditional companies.
Our official partners include the National Football Team of Ukraine, FC Barcelona, Lifecell, FACEIT, and VISA.


The future of Web3 starts with you — join us Cybersecurity Compliance Analyst !

Requirements:
Hard Skills:

- Strong understanding of cybersecurity frameworks and regulations (ISO/IEC 27001, SOC 2, PCI DSS, GDPR, MICA/DORA, CCSS).

- Hands-on experience with internal audits and evidence collection.

- Knowledge of risk management principles (ISO 31000, NIST RMF is a plus).

- Familiarity with network and cloud security basics, data protection, and secure development lifecycle (SSDLC).

- Understanding of business continuity and disaster recovery concepts.

Soft Skills:

- Attention to detail and strong analytical mindset.

- Excellent written and verbal communication skills.

- Ability to work effectively with cross-functional teams.

- Critical thinking and problem-solving approach.

- Adaptability and willingness to learn.

Responsibilities

- Support the implementation and maintenance of cybersecurity governance frameworks (ISO 27001, SOC 2, PCI DSS, GDPR, MICA/DORA, CCSS).

- Assist in conducting internal security audits: prepare checklists, perform interviews, collect evidence, and document findings.

- Maintain and improve cybersecurity policies, procedures, and compliance documentation.

- Participate in risk assessments for systems, processes, and third-party vendors.

- Contribute to the development and monitoring of risk registers and control matrices.

- Assist in Business Continuity (BCP) and Disaster Recovery (DRP) planning and testing.

- Collaborate with IT, security engineers, legal, and business stakeholders to ensure compliance and mitigate risks.

- Prepare clear and concise reports on compliance status, audit results, and identified gaps.

Work conditions

Immerse yourself in Crypto & Web3:
— Master cutting-edge technologies and become an expert in the most innovative industry.
Work with the Fintech of the Future:
— Develop your skills in digital finance and shape the global market.

Take Your Professionalism to the Next Level:
— Gain unique experience and be part of global transformations.
Drive Innovations:
— Influence the industry and contribute to groundbreaking solutions.

Join a Strong Team:
— Collaborate with top experts worldwide and grow alongside the best.
Work-Life Balance & Well-being:
— Modern equipment.
— Comfortable working conditions, and an inspiring environment to help you thrive.
— 24 calendar days of paid leave.
— 5 calendar days of sick leave.
— Additional days off for national holidays.

We are the creators of a new fintech era!
Our mission is to revolutionize the world by making blockchain technology accessible to everyone in everyday life. WhiteBIT is a global team of more than 1,200 professionals united by a shared vision of shaping the Web3 future.
We are building our own blockchain ecosystem, ensuring maximum transparency and security for over 8 million users worldwide. Our cutting-edge solutions, rapid adaptation to market challenges, and technological excellence set us apart from traditional companies.
Our official partners include the National Football Team of Ukraine, FC Barcelona, Lifecell, FACEIT, and VISA.

The future of Web3 starts with you — join us as a SOC Analyst L1!

 

Requirements:

— Basic understanding of cybersecurity principles, common attack vectors, and threat detection methods.
— Familiarity with key cybersecurity frameworks (MITRE ATT&CK, NIST, CIS etc.)
— Familiarity with EDR/XDR and SIEM platforms (e.g., CrowdStrike, SentinelOne, Splunk, QRadar, etc.).
— Strong analytical and problem-solving skills.
— Ability to work in a fast-paced, team-oriented environment.
— Good written and verbal communication skills in English (B1+).
— Willingness to work in a shift-based schedule, including nights and weekends. Shifts are distributed evenly across the department.

Responsibilities:

— Monitor and analyze alerts from EDR, SIEM platforms and other corporate tools.
— Perform initial triage to determine the severity, credibility, and urgency of security events, sorting out False Positives.
— Escalate incidents to Level 2 analysts or incident response teams when necessary.
— Document findings, actions taken, and outcomes in a ticketing system.
— Follow standard operating procedures (SOPs) and playbooks for alert handling.
— Assist in the continuous tuning of EDR/SIEM rules to reduce False Positives.
— Stay current with emerging threats and industry best practices.
— Participate in active learning and Purple Teaming of the SOC team.

Work conditions:

Immerse yourself in Crypto & Web3:
— Master cutting-edge technologies and become an expert in the most innovative industry.
Work with the Fintech of the Future:
— Develop your skills in digital finance and shape the global market.

Take Your Professionalism to the Next Level:
— Gain unique experience and be part of global transformations.
Drive Innovations:
— Influence the industry and contribute to groundbreaking solutions.

Join a Strong Team:
— Collaborate with top experts worldwide and grow alongside the best.
Work-Life Balance & Well-being:
— Modern equipment.
— Comfortable working conditions, and an inspiring environment to help you thrive.
— 24 calendar days of paid leave.
— 5 calendar days of sick leave.
— Additional days off for national holidays.

About the Role

We are looking for a Risk & Fraud Specialist to join our iGaming team and help protect the business from fraud, abuse, and compliance risks.
This role is ideal for someone who enjoys investigations, data, patterns, and independent decision-making.

Fraud evolves daily — so we need someone who can think critically, act confidently, and doesn’t need constant instructions or hand-holding.

Responsibilities

• Monitor player activity to detect suspicious or fraudulent behavior (bonus abuse, multi-accounting, AML red flags).
• Review all first-time deposits (FTDs) daily and apply risk checks.
• Conduct enhanced due diligence (EDD) on high-risk and high-value players.
• Investigate player connections to identify syndicates, collusion, or affiliate-related fraud.
• Perform open-source checks (Google, social media, public data).
• Review and manage duplicate accounts, including locking/unlocking decisions.
• Handle player disputes and responsible gaming cases in line with company policies.
• Monitor responsible gaming behavior (deposit limits, self-exclusion) and escalate concerns when needed.
• Support GDPR processes: data access requests, account closures, data retention.
• Maintain clear and accurate investigation records and decisions.
• Provide feedback to improve fraud tools, risk rules, and internal processes.
  
   

Requirements

• Minimum 2+ years of experience in Risk, Fraud, or AML within the iGaming industry.
• Hands-on experience working under Curaçao license or MGA.
• Fluent English (written and spoken).
• Strong analytical mindset and confidence in independent decision-making.
• Ability to identify fraud without relying on predefined scripts or constant supervision.
  
   

Skills

Must have

• Solid understanding of fraud typologies and AML principles in online gambling.
• Experience with fraud prevention tools such as SEON, Sumsub, or similar platforms.
• Strong analytical skills — able to identify patterns, trends, and risks on both individual and systemic levels.
• High attention to detail and ability to work with sensitive data.
   

Nice to have

• Knowledge of Russian or Ukrainian.
   

What We Offer

💰 Competitive compensation package.

🌴 20 vacation days + 36 sick days.

🩺 Health coverage & learning budgets (courses, conferences, certifications).

🌍 Work with a global team where your impact is visible and direct.

🎂 Bonuses for birthdays & life events.

🏡 Flexible setup: Remote, Hybrid, or Office — your choice.

We are looking for an Analyst to join our Information Security Solutions team and contribute to the support and development of the Security Operations Center (SOC) functionality. You will work on tasks related to protecting infrastructure from cyber threats and improving cybersecurity technologies.

Key Responsibilities:

• Monitor systems and detect potential threats using SIEM and other tools.
• Develop parsers.
• Perform infrastructure inventory and vulnerability analysis.
• Analyze and investigate incidents, providing recommendations for risk mitigation.
• Configure and enhance event correlation rules.
• Prepare reports and document identified vulnerabilities and incidents.
• Participate in improving incident response processes and automation, designing security system architecture, and implementing solutions (Firewall, DLP, EDR, etc.).
• Configure SIEM, SOAR, and other tools.
• Create and refine incident response procedures and protocols, ensuring compliance with internal policies.
• Collaborate with other departments to maintain overall information security within the organization.

Required Skills and Experience:

• Basic knowledge of cybersecurity: network protocols, vulnerabilities.
• Knowledge of operating systems (Linux, Windows) at the administrator level.
• Strong analytical thinking.
• Understanding of information security tools (FW, IDS/IPS, Antivirus, Windows server OS, etc.).

Nice to Have:

• Familiarity with MITRE ATT&CK framework.
• Experience with scripting languages and regular expressions (Python, PowerShell, Bash).
• Hands-on experience with SIEM.
  
  If you are interested in working on breakthrough technologies and making a real impact — join us! 
  
  
   

Delasport — Implementing Technological Solutions Here and Now.

Delasport is an iGaming Software company providing Sports Betting & Online Casino software and turnkey B2B solutions. Established in 2010, Delasport delivers a one-stop-shop solution for Sports Betting and Online Casino from a White-Label, with a full range of management services to a Plug&Play iFrame and a complete Turnkey. We are establishing an R&D center in Kyiv, and are looking for top talents to join our team.

This position requires full-time office work. Kyiv, 58 Yaroslavska str.

RESPONSIBILITIES
 

• Monitor compliance with information security and privacy policies at a technology company.
• Completing vendor security assessments and reviews.
• Reviewing security clauses in customer and vendor contracts.
• Providing, reviewing, and enhancing security training and awareness programs.
• Management of the organization’s technological risk assessments.
• Helping security leaders to identify and assess risks of the organization and developing strategies to manage and mitigate these risks.
• Develop and implement best practices for assessing and evaluating IT and security controls for the organization’s third-party businesses.
• Manage the penetration testing and technical risk assessments from end to end.
• Supporting the business with customer engagements, including attending customer calls and supporting our sales teams

REQUIREMENTS
 

• Minimum of 5 years of experience in a similar role in a technology/software/cloud organization
• Experience implementing and enforcing information security, regulatory, and privacy policies across the business.
• Acquaintance working with cyber security tools and products.
• Solid knowledge of information security principles and practices.
• Knowledge of risk management frameworks and industry compliance standards such as ISO 27001/ SOC2/ PCI DSS
• Excellent interpersonal skills and ability to work in a team with multiple interfaces.
• Experience working at SaaS provider company — an advantage.
• Fluent English
   

WHAT WE CAN OFFER YOU
 

• Modern office in Podil with an uninterruptible power supply and the Internet
• Personal time off (21 business days of paid vacation, paid days on special occasions, sick leaves, emergency days off)
• Public holidays
• Health and life insurance with our broker, available starting from the month following the employee’s start date with the company
• Modern technical equipment
• English courses with native speakers
• Ukraine-based educational programs
• Sports activities reimbursement
• Corporate entertainments
• Happy hours on Fridays
• Gig contract support

• Project Description:

  One of the world's largest providers of products and services to the energy industry has a need to develop, support and integrate software system in Oil & Gas domain.
  You will be a member of a cross functional team.
  Key project stakeholders are open for innovative ideas.
  Project is based on SCRUM methodology.
  This is a great opportunity to work in an international team, apply and learn modern IT technologies

   

• Responsibilities:

  Quickly learn new technologies and improve proficiency
  Follow up with Developer on open vulnerabilities
  Share reports of open, closed vulnerabilities
  Develop unique, effective security strategies for software systems, networks, and cloud provider
  Safeguards information system assets by
  identifying and solving potential and actual security problems
  Maintain quality service by following
  organization standards
  Contribute to team effort by accomplishing
  related results as needed

   

• Mandatory Skills Description:

  Understanding of definitions related to cyber security: Vulnerability, attack vector, threat , security risk, SAST, DAST, WAF ets
  Understanding of networking, Operating systems (Windows and Linux)
  Basic concepts in programming Ex: Python
  Very good English as team is multinational

Responsibilities: 

• Develop, implement, and maintain documentation for Information Security Management Systems (ISMS) and Business Continuity Management Systems (BCMS). 
• Conduct and support Business Impact Analysis (BIA) for the organization's key processes. 
• Perform risk assessments for processes, assets, and projects. 
• Develop, maintain, and periodically test Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP). 
• Participate in the implementation of compliance requirements aligned with ISO 27001, ISO 22301, and other relevant standards. 
• Prepare documentation for internal and external audits and actively participate in audit activities. 
• Deliver employee training sessions related to Information Security and Business Continuity policies. 

Requirements: 

• 4+ years of experience in information security or business continuity domains. 
• Practical experience in developing, implementing, and maintaining ISMS and BCMS policies, procedures, and standards. 
• Strong knowledge of ISO 27001, ISO 22301, and other related frameworks. 
• Valid certifications such as ISO 27001 Lead Implementer/Auditor and ISO 22301 Implementer/Auditor. 
• Hands-on experience with audit participation and certification projects. 

One of the world's largest providers of products and services to the energy industry has a need to develop, support and integrate software system in Oil & Gas domain.
You will be a member of a cross functional team.
Key project stakeholders are open for innovative ideas.
Project is based on SCRUM methodology.
This is a great opportunity to work in an international team, apply and learn modern IT technologies

• Responsibilities:

  Quickly learn new technologies and improve proficiency
  Follow up with Developer on open vulnerabilities
  Share reports of open, closed vulnerabilities
  Develop unique, effective security strategies for software systems, networks, and cloud provider
  Safeguards information system assets by
  identifying and solving potential and actual security problems
  Maintain quality service by following
  organization standards
  Contribute to team effort by accomplishing
  related results as needed

• Mandatory Skills Description:

  Understanding of definitions related to cyber security: Vulnerability, attack vector, threat , security risk, SAST, DAST, WAF ets
  Understanding of networking, Operating systems (Windows and Linux)
  Basic concepts in programming Ex: Python
  Very good English as team is multinational

• Nice-to-Have Skills Description:

  Willing to have a hacker mindset and methodology
  Familiar with agile methodologies

Our ideal candidate will possess:

• A “Shift-Left” Mindset: A passion for integrating security early and throughout the CI/CD pipeline, not as an afterthought;
• Proficiency in Security Tooling: Hands-on experience with SAST, DAST, SCA, and IaC scanning tools, including within CI/CD platforms (e.g., Jenkins, GitLab CI, GitHub Actions);
• Cloud-Native Security Expertise: Extensive knowledge of securing cloud environments (AWS, Azure, and/or GCP) and containerized workloads (Docker, Kubernetes);
• Infrastructure as Code (IaC) Security: Strong experience auditing and securing infrastructure defined in Terraform, Ansible, or SaltStack;
• Scripting & Automation Mastery: Ability to automate security checks and remediations using scripting and software configuration management tools;
• Solid Foundational Knowledge and commercial experience in: web apps and infrastructure penetration testing, with a strong understanding of OWASP Top 10, network security, web application firewalls (WAF), and SIEM principles;
• Threat Modeling & Risk Assessment: Experience with threat modeling methodologies (e.g., STRIDE) to identify and mitigate risks during design phases;
• Collaborative Communication: Excellent communication skills to articulate security risks to engineers and leadership, fostering a culture of security awareness;
• Analytical Problem-Solving: Strong investigative and analytical skills to diagnose complex security issues in a dynamic environment.

Will be an advantage:

Industry certifications such as OSCP, ISO 27001, HTB, CompTIA Security+, CISSP, Microsoft, Cisco, AWS Security Specialty, or GIAC DevSecOps-related certs.

Requirements:

• Integrate security practices into DevOps pipelines (CI/CD) to enable secure software delivery;
• Implement, monitor, and improve security automation in infrastructure as code, build, and deployment processes;
• Handle information security incidents and support root cause analysis;
• Perform application and infrastructure penetration testing;
• Continuously perform vulnerability management process to improve resilience of corporate systems, applications, cloud, and container environments;
• Maintain PCI DSS related procedures;
• Develop, document, and enforce security policies, standards, and best practices;
• Maintain compliance with frameworks such as PCI DSS and support secure architecture design reviews;
• Build and manage secure environments for networks, storage, and cloud services using infrastructure as code;
• Champion DevSecOps culture across teams by advocating for shift-left security and security-as-code principles.

Required:

• Scanning tools within CI/CD platforms (e.g., Jenkins, GitLab CI, GitHub Actions, Nexpose, Nessus, Burpsuite, Owasp zap);
• Securing cloud environments (AWS, Amazon Detective, Azure, and/or GCP) and containerized workloads (Docker, Kubernetes);
• Auditing and securing infrastructure defined in Terraform, Ansible, or SaltStack.
• Scripting and software configuration management tools;
• OWASP Top 10, network security, web application firewalls (WAF), and SIEM principles;
• Threat modeling methodologies (e.g., STRIDE).

What we offer:

• Working in a stable company with more than 14-years history in the media market;
• The opportunity to participate in the creation of a service of the future;
• Free English lessons;
• Table tennis lessons;
• Corporate psychologist;
• Discounts from partner brands for company employees.

We don’t just want to be an employer — we want to be your employer of choice.

We’d appreciate it if you could take a moment to fill out a short survey about what matters most to you. It will help us better understand candidates’ expectations and create an even more comfortable environment at MEGOGO. Here’s the link: bit.ly/43YaxBH

By responding to the vacancy and sending your CV to the Company (LLC “MEGOGO”), registered and operating in accordance with the laws of Ukraine, registration number 38347009, address: Ukraine, 01011, Kyiv, Rybalska Street, building 22 (hereinafter “the Company”), you confirm and agree that the Company processes your personal data presented in your CV in accordance with the Law of Ukraine “On Personal Data Protection” and GDPR.

Агенція оборонних закупівель DOT — державне підприємство, що займається закупівлею техніки, боєприпасів, БПЛА, харчування, одягу, паливно-мастильних матеріалів для ЗСУ та Сил Оборони.

Наша місія: забезпечуємо Сили Оборони та розвиваємо національний ВПК задля стійкості та обороноздатності України.

Наша візія: драйвер розвитку системи забезпечення Сил оборони України за стандартами НАТО.
 

Зараз ми в пошуку фахівця з кібербезпеки (Security Analyst), який/яка відповідатиме за аналіз подій безпеки, виявлення та розслідування інцидентів, моніторинг стану захищеності систем, а також взаємодію з командою для своєчасного реагування на загрози й забезпечення надійності та захищеності цифрових продуктів для війська.
 

Обов'язки на посаді:

1. Моніторинг сповіщень безпеки та вдосконалення процесів: Аналіз сповіщень безпеки, системних журналів з метою виявлення потенційних загроз та аномалій; вдосконалення існуючих процесів для підвищення ефективності виявлення та реагування на кіберзагрози; розробка рекомендацій щодо покращення моніторингу.
2. Менеджмент вразливостей: Виявлення, аналіз та оцінка вразливостей в мережевій інфраструктурі, додатках та системах; вдосконалення існуючих процесів управління вразливостями для своєчасного виявлення та усунення потенційних загроз.
3. Проактивне полювання на загрози: Активний пошук та ідентифікація потенційних кіберзагроз в інфраструктурі та їх усунення.
4. Адміністрування безпекових додатків: SIEM, EDR, антивірус, сканер вразливостей (Web application, Network, SAST, DAST), DLP, PAM і тд.
5. Взаємодія з ІТ підрозділом, провайдерами хмарних рішень та постачальниками послуг у сфері захисту інформації.
6. Участь у  групі реагування на інциденти.
7. Участь у  проведенні навчання співробітників.

Вимоги до кандидатів:

1. Вища технічна освіта.
2. Досвід роботи на аналогічній посаді не менше року.
3. Розуміння процесу реагування на кіберінциденти.
4. Розуміння принципів безпеки хмарних платформ.
5. Знання різновидів шкідливого ПЗ, принципів його роботи, методів виявлення та реагування; розуміння основних векторів атак та сценаріїв поширення загроз.
6. Досвід роботи з SIEM, EDR, DLP, PAM, сканерами вразливостей.
7. Розуміння принципів проактивного полювання на загрози (Proactive threat hunting).
8. Розуміння процесу менеджменту вразливостей.
9. Нульова толерантність до корупції.

Буде перевагою:

1. Знання у домені application security, досвід побудови SSDLC.
2. Знання продуктів Microsoft.
3. Досвід роботи та налаштування NGAV, WAF.

Ми пропонуємо:

• Команду, де кожен важливий: ми команда однодумців, де панує взаємоповага та підтримка.
• Прозорість та системність: чіткі цілі, зрозумілі внутрішні комунікації та системний підхід.
• Професійне зростання та навчання: ми сприяємо постійному розвитку наших працівників.
• Комфортний старт: на вас чекає структурований процес адаптації та підтримка ментора, який допоможе швидко увійти в курс справ.
• Конкурентні умови: офіційне працевлаштування, соціальні гарантії, конкурентна заробітна плата та можливість працювати над наймасштабнішими проєктами країни.

• Комфорт та умови роботи: сучасний затишний офіс у доступності до метро, обладнаний укриттям та безперебійним інтернетом.

   

Дізнайтесь більше про нашу діяльність та корпоративну культуру:

• Сайт
• Instagram
• Linkedin
• Facebook

Долучившись до нашої команди, ви отримаєте шанс власноруч творити фундаментальну реформу забезпечення Сил Оборони України і зробити свій внесок для перемоги України.

Готові перетворити свою експертизу на реальний внесок в перемогу? Надсилайте резюме вже зараз!

*Звертаємо увагу: надіславши своє резюме, ви надаєте автоматичну згоду на обробку ваших персональних даних згідно закону.

**Оскільки ми отримуємо велику кількість відгуків, зворотний зв’язок буде надано лише тим кандидатам, чий досвід та кваліфікація найбільше відповідають вимогам вакансії.

Локація: Київ, гібридний формат роботи.

Fast Corporation - ізраїльська продуктова IT-компанія з офісами в Ізраїлі та Україні, яка розробляє десктопні додатки та платформу PC App Store для Tier-1 ринків.

Ми працюємо у сфері дистрибуції програмного забезпечення, user acquisition та монетизації. Наша платформа поєднує B2C і B2B напрямки, допомагаючи користувачам знаходити та встановлювати додатки, а партнерам - керувати дистрибуцією та ефективністю каналів залучення.

Ми приділяємо велику увагу якості продуктів, стабільності роботи додатків та користувацькому досвіду. Нашими рішеннями користується широка міжнародна аудиторія, а платформа щоденно обробляє значні обсяги інсталяцій і трафіку. Безпека та цілісність програмного забезпечення для нас є критично важливими.

Про роль:

Ми шукаємо Security Analyst, який/яка буде займатися перевіркою додатків на наявність шкідливої поведінки, аналізом їх активності у системі та допомогою у виявленні потенційних ризиків безпеки.

Це роль для людини, якій цікаво працювати з VM та Sandbox середовищами, аналізом поведінки програм і базовими malware техніками.

Чим ти будеш займатись:

• Перевірка програм та інсталерів на наявність шкідливої активності.
• Аналіз поведінки програм у системі.
• Перевірка цифрових підписів і цілісності файлів.
• Статичний та динамічний аналіз executables.
• Моніторинг системної активності процесів, служб, реєстру та файлової системи.
• Аналіз мережевої активності.
• Виявлення підозрілих або небезпечних дій.
• Робота з VM та Sandbox середовищами.
• Документування результатів аналізу та знайдених ризиків.
• Взаємодія з командою розробки.

Що для нас важливо:

• Від 1 року досвіду у сфері інформаційної безпеки або strong security awareness, з практикою в аналізі програм і перевірці на загрози.
• Розуміння принципів роботи операційної системи Windows, зокрема процесів, служб, реєстру та файлової системи.
• Досвід роботи з VM або Sandbox буде плюсом.
• Базовий досвід аналізу програм або executables буде плюсом.
• Впевнена робота з інструментами Procmon, Process Explorer, Autoruns, Wireshark, Sysmon, VirusTotal або аналогами.
• Розуміння цифрових підписів та базових принципів PKI.
• Розуміння базових технік malware і persistence.
• Базові навички роботи з PowerShell або CMD.
• Англійська мова рівень B1 або вище.

Технології та інструменти:

Windows, Procmon, Process Explorer, Autoruns, Wireshark, Sysmon, Threat intelligence tools (VirusTotal, Shodan, URLScan, theHarvester), VM, Sandbox, PowerShell, CMD.

Що ми пропонуємо:

• Сучасний офіс у БЦ «Хвиля» біля м. Печерська (онбординг в офісі до 2 тижнів щодня, надалі команда збирається в офісі 1 раз на тиждень).
• Фіксований графік 9:30–18:30, без овертаймів і вечірніх мітингів.
• Оплата в $ на ФОП, відповідно до твоїх навичок і досвіду, без затримок, компанія покриває податки та надає бухгалтера.
• Відпустка: 14 робочих днів, 10 лікарняних за довідкою та 5 без довідки.
• Стабільність у команді - люди залишаються надовго.
• Повне технічне забезпечення (ноутбук, монітор).
• Цікаві задачі у сфері безпеки, можливість розвивати експертизу у malware аналізі та системній безпеці.
• Мінімум бюрократії, швидкі рішення та проста комунікація.