Jobs Security

We are the creators of a new fintech era!
Our mission is to revolutionize the world by making blockchain technology accessible to everyone in everyday life. WhiteBIT is a global team of more than 1,200 professionals united by a shared vision of shaping the Web3 future.
We are building our own blockchain ecosystem, ensuring maximum transparency and security for over 8 million users worldwide. Our cutting-edge solutions, rapid adaptation to market challenges, and technological excellence set us apart from traditional companies.
Our official partners include the National Football Team of Ukraine, FC Barcelona, Lifecell, FACEIT, and VISA.


The future of Web3 starts with you — join us Cybersecurity Compliance Analyst !

Requirements:
Hard Skills:

- Strong understanding of cybersecurity frameworks and regulations (ISO/IEC 27001, SOC 2, PCI DSS, GDPR, MICA/DORA, CCSS).

- Hands-on experience with internal audits and evidence collection.

- Knowledge of risk management principles (ISO 31000, NIST RMF is a plus).

- Familiarity with network and cloud security basics, data protection, and secure development lifecycle (SSDLC).

- Understanding of business continuity and disaster recovery concepts.

Soft Skills:

- Attention to detail and strong analytical mindset.

- Excellent written and verbal communication skills.

- Ability to work effectively with cross-functional teams.

- Critical thinking and problem-solving approach.

- Adaptability and willingness to learn.

Responsibilities

- Support the implementation and maintenance of cybersecurity governance frameworks (ISO 27001, SOC 2, PCI DSS, GDPR, MICA/DORA, CCSS).

- Assist in conducting internal security audits: prepare checklists, perform interviews, collect evidence, and document findings.

- Maintain and improve cybersecurity policies, procedures, and compliance documentation.

- Participate in risk assessments for systems, processes, and third-party vendors.

- Contribute to the development and monitoring of risk registers and control matrices.

- Assist in Business Continuity (BCP) and Disaster Recovery (DRP) planning and testing.

- Collaborate with IT, security engineers, legal, and business stakeholders to ensure compliance and mitigate risks.

- Prepare clear and concise reports on compliance status, audit results, and identified gaps.

Work conditions

Immerse yourself in Crypto & Web3:
— Master cutting-edge technologies and become an expert in the most innovative industry.
Work with the Fintech of the Future:
— Develop your skills in digital finance and shape the global market.

Take Your Professionalism to the Next Level:
— Gain unique experience and be part of global transformations.
Drive Innovations:
— Influence the industry and contribute to groundbreaking solutions.

Join a Strong Team:
— Collaborate with top experts worldwide and grow alongside the best.
Work-Life Balance & Well-being:
— Modern equipment.
— Comfortable working conditions, and an inspiring environment to help you thrive.
— 24 calendar days of paid leave.
— 5 calendar days of sick leave.
— Additional days off for national holidays.

Description

We are looking for a Senior DevSecOps who will help make our cloud infrastructure safe, stable, and automated. You will work together with the development, platform, and security teams to add security at every step of product creation.

This is a great chance to grow in security automation, improve processes, and bring modern DevSecOps practices into the company.

Requirements
Must-Have Skills

5+ years of hands-on experience in DevOps / DevSecOps / Cloud Engineering roles;

Deep expertise with AWS services (IAM, VPC, CloudTrail, GuardDuty, KMS, WAF);

Proven experience with Kubernetes security — RBAC, network segmentation, image scanning, Falco or similar runtime security tools;

Strong proficiency in Infrastructure-as-Code tools, particularly Terraform (modules, state management, policy as code);

Experience managing CI/CD pipelines on GitHub Actions with integrated vulnerability scanning and secret protection;

Solid knowledge of Cloudflare security suite (Zero Trust, WAF, DNS, Access, API Gateway rules);

Familiarity with SSO and MFA solutions (DUO SSO, OIDC flows, federation via SAML);

Scripting and automation using Python, Bash, or Go;

Strong understanding of network security, TLS management, logging, and monitoring pipelines;

Excellent collaboration and communication skills, with the ability to work effectively with cross-functional engineering and compliance teams.

Nice-to-Have

Experience with policy-as-code frameworks (OPA, Conftest, Terraform Cloud Policies);

Hands-on knowledge of container security scanners (Trivy, Aqua, Anchore, Grype);

Exposure to SIEM / SOC integrations;

Familiarity with compliance frameworks (ISO 27001, NIST CSF, CIS Benchmarks);

Relevant certifications (AWS Security Specialty, Terraform Associate, CISSP, or DevSecOps certifications).

Responsibilities
Integrate security practices (SAST, DAST, SCA, secret management, compliance checks, etc) directly into CI pipelines on GitHub;

Build and manage infrastructure using Terraform (IaC) with a strong focus on least privilege, encryption, and auditing;

Strengthen security across Kubernetes clusters (RBAC, network policies, Falco runtime threat detection);

Implement security automation and continuous monitoring for vulnerabilities, misconfigurations, and drift in AWS + Kubernetes environments;

Collaborate closely with Development, Platform, SRE, Cloud Delivery Engineers, and Security teams to embed “security-by-design” principles throughout SDLC;

Conduct threat modeling, risk assessments, and incident response for cloud and container workloads;

Drive adoption of DevSecOps best practices, mentor team members, and promote a proactive security culture;

Continuously research and implement new security tools, policies, and automation opportunities to improve visibility and resilience.

Benefits

Why Join Us?

🎰 Be part of the international iGaming industry – Work with a top European solution provider and shape the future of online gaming;

💕 A Collaborative Culture – Join a supportive and understanding team;

💰 Competitive salary and bonus system – Enjoy additional rewards on top of your base salary;

📆 Unlimited vacation & sick leave – Because we prioritize your well-being;

📈 Professional Development – Access a dedicated budget for self-development and learning;

🏥 Healthcare coverage – Available for employees in Ukraine and compensation across the EU;

🫂 Mental health support – Free consultations with a corporate psychologist;

🇬🇧 Language learning support – We cover the cost of foreign language courses;

🎁 Celebrating Your Milestones – Special gifts for life’s important moments;

⏳ Flexible working hours – Start your day anytime between 9:00-11:00 AM;

🏢 Flexible Work Arrangements – Choose between remote, office, or hybrid work;

🖥 Modern Tech Setup – Get the tools you need to perform at your best;

🚚 Relocation support – Assistance provided if you move to one of our hubs.

PrivatBank is the largest bank in Ukraine and one of the most innovative banks around the world. It holds a leading position for all the financial indicators in the area and comprises about a quarter of the whole banking system of our country.

We are looking for an Application Security Engineer. We are searching for the person who seeks to work in a dynamic environment and shares the values of initiative, openness and mutual trust.

We are striving to find a goal-oriented and multitask professional who would be focused on making good results and high quality.

Requirements:

• At least 3 years of experience in application security or related fields such as penetration testing and security architecture
• Proficiency in using security scanners such as SAST, DAST, SCA, Secret Detection, and Container scanning
• Experience integrating security scanners in CI/CD pipelines using Jenkins for GitLab
• Certifications such as CEH, OSCP, CSSLP, AWS Certified Security Specialty, etc. is preferred
• Background in software development, including roles such as Developer, Business Analyst, Architect, DevOps, etc
• Knowledge of Secure Software Development Life Cycle (S-SDLC) and frameworks like OWASP SAMM, BSIM, and Microsoft SDL
• Familiarity with the software development process and stages
• Basic understanding of software code
• Knowledge of key infrastructure components like databases, queues, application servers, load balancers, NoSQL, etc
• Understanding of major types of vulnerabilities
• Understanding of software architecture
• Knowledge of network protocols such as DNS, HTTP/S, SMTP, SSH, and FTP
• Ability to independently research information and solve complex problems
• Critical thinking skills

Responsibilities:

• Conduct security audits using the OWASP SAMM framework to assess current practices, identify gaps, and evaluate compliance levels within the organization
• Develop and implement strategic plans aimed at enhancing security maturity levels throughout the organization, with gradual improvements
• Application security governance and metrics
• Collaborate with various team members, including developers and top management, to advocate and implement application security best practices
• Improve our application security management platform
• Manage security architecture, focusing on integrating security at every stage of the software development lifecycle
• Integrate and oversee security automation tools to enhance security processes and reduce manual error
• Oversee security testing across various stages of software development to identify and mitigate potential security vulnerabilities
• Engage in threat modeling activities to predict and neutralize potential security threats before they impact the system
• Ensure compliance with relevant industry standards and regulations by regularly updating security policies and standards
• Track and manage software defects to ensure timely resolution of security-related issues
• Develop and conduct training and awareness programs to enhance security knowledge and practices across the organization
• Spearhead the secure integration of CI/CD practices into software development processes to ensure continuous security
• Use cloud services for application security

We offer:

• Work in the largest and most innovative bank of Ukraine
• Official employment and 24+4 calendar days of vacation
• Sick leave compensation
• Medical Insurance
• Competitive salary
• Bonuses, premium according to company policy
• Corporate training
• Modern comfortable office
• Interesting projects, ambitious tasks and dynamic growth
• Corporate financial assistance in critical situations
• A friendly professional and strong team
• Possibility of remote work format

PrivatBank is open to support and employ veterans and people with disabilities.

We believe that discrimination due to health conditions, physical abilities, age, race and ethnicity, gender or marital status is unacceptable.

We are ready to train veterans and candidates with disabilities without banking experience.

Head of Cybersecurity Product Management 

Softprom

Europe / CEE | Hybrid or Remote
Full-time
IT Distributor / VAD (Cybersecurity & Enterprise IT)

About Softprom

Softprom is an international IT distributor and value-added partner operating across Central and Eastern Europe, CIS, and neighboring regions.
We work with leading global vendors in Cybersecurity, Cloud, Infrastructure, and Enterprise IT, helping partners and customers build secure, scalable solutions.

We are now looking for a Head of Cybersecurity Product Management to lead and develop our cybersecurity product portfolio and team.

About the role

This is a senior leadership role for an experienced B2B product professional who understands IT distribution and cybersecurity markets.

You will be responsible for product strategy, portfolio development, vendor management, and people leadership, acting as a key link between vendors, sales, marketing, pre-sales, and top management.

We are looking for a system-oriented leader who builds processes and teams — not someone who tries to do everything alone.

Key responsibilities

• Lead and develop a team of Product Managers (2–3+ people)
   
• Own and manage the cybersecurity product portfolio (multiple vendors and solutions)
   
• Build and optimize product management processes, including:
   
  • onboarding and launch of new vendors
     
  • product lifecycle management
     
  • cross-functional collaboration with Sales, Marketing, and Pre-Sales
     
• Act as the main point of contact for cybersecurity vendors (local and international)
   
• Define product strategy, positioning, and go-to-market approach
   
• Participate in:
   
  • pricing and margin strategy
     
  • sales forecasting and pipeline planning
     
  • product P&L ownership
     
• Set goals and KPIs for product managers, conduct performance reviews and mentoring
   
• Represent the product function in communication with top management
  
   

Requirements (Must-have)

Experience & Expertise

• 5+ years of experience in B2B IT product management
   
• 2+ years of experience managing product managers (team lead / head role)
   
• Hands-on experience working with:
   
  • IT vendors (local and/or international)
     
  • multi-product portfolios
     
• Strong understanding of the cybersecurity market, including:
   
  • solution categories (NGFW, EDR/XDR, IAM, SIEM, DLP, SASE, etc.)
     
  • competitive landscape
     
  • typical customer use cases
    
     

Management & Business Skills

• Ability to:
   
  • set goals and KPIs
     
  • prioritize products and initiatives
     
  • develop people through mentoring and performance management
     
• Proven experience building and improving product processes
   
• Solid business mindset with understanding of:
   
  • product P&L
     
  • go-to-market strategy
     
  • pricing and positioning
     
  • sales forecasting
     
• Confident working with numbers: pipeline, funnel, margins
  
   

Communication

• Strong negotiation and stakeholder management skills
   
• Ability to speak the same language with:
   
  • vendors
     
  • sales teams
     
  • technical experts
     
  • executive management
    
     
• English — Upper-Intermediate or higher (negotiations, presentations, documentation)
  
   

Nice to have

• Experience working in a distributor or VAD
   
• Exposure to regional markets (CEE, CIS, Baltics)
   
• Experience launching new vendors or products from scratch
   
• Understanding of partner ecosystem:
   
  • resellers
     
  • system integrators
     
  • MSPs
     
• Relevant certifications:
   
  • CISSP / CISM
     
  • vendor certifications
    
     

Personal qualities

• High level of ownership and accountability
• Ability to work effectively in ambiguous and changing environments
• Proactive, results-oriented mindset
• Natural authority without micromanagement
• Strong multitasking and prioritization skills
  
   

Why Softprom

• Strategic leadership role with real influence on business results
• Mature B2B environment and international vendor portfolio
• Opportunity to shape and scale cybersecurity business across regions
• Professional, experienced team
• Long-term growth and stability
   

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a talented and motivated Junior Pentester who will join our security team to work on penetration testing and vulnerability/cloud security assessment projects.

We expect a short motivation letter where you can explain your skills, achievements and motivation.

Required skills

- Solid non-commercial cybersecurity experience, such as HTB/THM

- Junior-level cybersecurity certifications would be a plus.

- Comfortable with basic application security testing and common vulnerabilities (like OWASP Top 10, CWE Top 25) and cybersecurity fundamentals

- Strong basic IT skills: Linux, networking (TCP/IP, DNS, HTTP etc.)

- Some experience in scripting/coding languages, such as Java, JS, Python, Shell, etc.

- Strong drive to learn and develop cybersecurity skills

- Technical English (Intermediate)

We offer

- Good salary + bonus system

- Rewarding environment: brilliant team ready to share knowledge and collaborate

- Support in obtaining professional certifications, such as BSCP, OSCP, eWPTX, cloud certifications, etc.

- Courses and conferences which are relevant to the position are sponsored by the company.

- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Execute penetration tests and security assessments as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more

- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps

- Conduct security research

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a Middle/Senior Security Consultant / Penetration tester to work on and lead penetration testing and vulnerability/cloud security assessment projects.

In this role, you will work on technically challenging projects and also spend some time leading/mentoring our junior pentesting colleagues.

Required skills

- 1.5+ years of intensive commercial experience

- OSCP, eWPTx2 or similar would be a plus

- Scripting/coding skills and being comfortable with advanced pentesting tooling

- Strong knowledge of mobile/web security

- Comfortable with cloud and container security

- Basic RE skills

- Ability to mentor/lead colleagues

- Strong ability and drive to learn and develop cybersecurity skills

- Technical English (Intermediate+)

We offer

- Good salary + bonus system

- Diverse project portfolio and technologies to work with

- Rewarding environment: brilliant team ready to share knowledge and collaborate

- Courses and conferences which are relevant to the position are sponsored by the company.

- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Participate in various pentesting projects

- Lead junior colleagues

- Perform threat modeling in pentesting and security assessment projects

- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps

- Consult clients on efficient issues remediation

- Conduct security researches

- Develop tools and scripts to automate and improve current pentesting processes

We are looking for a Cybersecurity Testing Team Lead to join our team!  

Requirements: 
- 5+ years in offensive security/penetration testing
- 2+ years in a technical leadership role (team lead/principal/tech lead)
Hands-on experience with:
- Web, API, Mobile (iOS/Android) pentesting
- Secure code review (at least one backend language)
- Cloud & infrastructure security testing
- Proven experience working with product teams, not only 'report delivery' 

Will be plus: 
- Advanced Offense
- Red Team/Purple Team experience
- Adversary emulation (MITRE ATT&CK)
- Threat modeling from an attacker’s perspective
- Experience with exploit development or advanced bypass techniques

- Cloud & Platform Security
- AWS (Preferred)
- Kubernetes security testing
- CI/CD attack vectors
- Secrets, identity, and supply chain attacks

Responsibilities:  
Leadership and Team Management:
- Lead and grow the Offensive Security team (pentest/red team)
- Define roles, expectations, and competency levels
- Mentor team members and conduct technical reviews
- Own capacity planning and prioritization 

Offensive Security Operations:
- Own the pentest intake process (Jira-based)
- Ensure consistent coverage:
- Web/API/Mobile
- Cloud/Infra
- Enforce quality standards for test depth, reports, risk assessment, and retesting
- Findings & Risk Management 

Ensure:
- Findings are exploitable, reproducible, and actionable
- False positives are minimized
- Risk is clearly communicated

Our benefits to you:
☘️An exciting and challenging job in a fast-growing holding, the opportunity to be part of a multicultural team of top professionals in Development, Architecture, Management, Operations, Marketing, Legal, Finance and more
🤝🏻Great working atmosphere with passionate experts and leaders, sharing a friendly culture and a success-driven mindset is guaranteed
🧑🏻‍💻Modern corporate equipment based on macOS or Windows and additional equipment are provided
🏖Paid vacations, sick leave, personal events days, days off
💵Referral program — enjoy cooperation with your colleagues and get the bonus
📚Educational programs: regular internal training sessions, compensation for external education, attendance of specialized global conferences
🎯Rewards program for mentoring and coaching colleagues
🗣Free internal English courses
✈️In-house Travel Service 
🦄Multiple internal activities: online platform for employees with quests, gamification, presents and news, clubs for movie / book / pets lovers and more
🎳Other benefits could be added based on your location 

Required hard skills
• Strong understanding of network security (LAN, WAN, VPN, firewalls, IDS/IPS, proxies)
• Experience securing infrastructure (on-prem, cloud, hybrid environments)
• Knowledge of Zero Trust and least-privilege access models
• Experience with endpoint security (EDR, antivirus, disk encryption)
• OS security knowledge: Windows, macOS, Linux
• Experience with monitoring and logging systems (endpoints, servers, network traffic)
• Understanding of authentication, authorization, IAM
• Experience with security hardening and patch management
• Familiarity with security awareness and training platforms
• Basic scripting skills (Bash, PowerShell, Python)
• Understanding of networking protocols (TCP/IP, DNS, HTTP/S)
Required soft skills
• Ability to explain security concepts to non-technical users
• Strong communication and presentation skills
• Proactive and security-first mindset
• High attention to detail
• Ability to influence user behavior and promote security culture

Responsibilities:

• Design and maintain secure network and infrastructure architecture
• Configure and manage firewalls, VPNs, access controls, and network segmentation
• Secure servers, cloud resources, containers, and virtual machines
• Secure employee workstations and enforce security baselines
• Monitor endpoints and infrastructure for suspicious activity
• Collect, analyze, and correlate security logs
• Detect, investigate, and respond to security incidents
• Perform vulnerability analysis, risk assessment, and remediation
• Conduct system and network hardening
• Develop and deliver internal security trainings and awareness sessions
• Manage and maintain security training platforms and learning content
• Organize phishing simulations and awareness campaigns
• Collaborate with IT, DevOps, Infrastructure, and HR teams
• Complete and review clients security questionnaires and security assessment forms to demonstrate the company’s security posture
• Participate in security and compliance calls with client information security specialists and stakeholders

Monitoring & Incident Response
• Set up and maintain security monitoring and alerting
• Investigate anomalies and security incidents
• Perform root-cause analysis and post-incident reviews
• Improve detection, response, and prevention processes

Security Awareness & Training
• Plan and deliver security awareness programs
• Manage training platforms and user enrollment
• Track training completion and effectiveness
• Continuously improve training materials based on incidents and risks

Nice to have
• Experience with SIEM and SOAR tools
• Experience with MDM solutions
• Knowledge of cloud security (AWS / GCP / Azure)
• Experience running phishing simulations
• Familiarity with security frameworks and compliance standards
• Security certifications (optional)

Required Skills & Experience

Technical Skills
Strong understanding of:
Network security principles
TCP/IP, DNS, HTTP/S, VPNs
Experience with:
Firewalls (hardware or software)
Endpoint security / EDR solutions
Monitoring & logging tools
OS security knowledge:
Windows, macOS, Linux

Experience securing:
On-prem infrastructure
Cloud environments (AWS / GCP / Azure — at least one)

Security Knowledge
Authentication & authorization mechanisms
Identity and access management (IAM)
Security best practices and frameworks
Threat detection and response fundamentals

Knowledge of:
Zero Trust
MDM solutions
Cloud security posture management
Security certifications (e.g., Security+, CEH, CISSP — optional)

About us: 
Devoted Studios is a US-based game development company specializing in Co-development, Porting, and End-to-End Art Production for the global gaming industry. With a distributed team of over 1,900+ skilled professionals, we collaborate across time zones to support projects on all major platforms, engines and styles - from AAA titles to emerging technologies.

Our team includes world-class talents who bring deep expertise in external development, pipeline optimization, and creative problem-solving. Whether it’s porting games to new systems, enhancing gameplay features, or crafting stunning visuals, Devoted Studios operates as a trusted, flexible extension of our partners’ internal teams.

We are proud to be the development partner of choice for industry leaders such as: 2K, Xbox, Meta, Obsidian Entertainment, Turtle Rock Studios, Gearbox Software

At Devoted Studios, we’re committed to making outsourcing more efficient, collaborative, and impactful. If you're passionate about co-development, game art, or solving technical challenges on a global scale. 

PwC is a global network of more than 370,000 professionals in 149 countries that turns challenges into opportunities. We create innovative solutions in audit, consulting, tax and technology, combining knowledge from all over the world.

PwC SDC Lviv, opened in 2018, is part of this global space. It is a place where technology is combined with team spirit, and ambitious ideas find their embodiment in real projects for Central and Eastern Europe.

What do we guarantee?

• Work format: Remote or in a comfortable office in Lviv - you choose.
• Development: Personal development plan, mentoring, English and Polish language courses.
• Stability: Official employment from day one, annual review of salary and career prospects.
• Corporate culture: Events that unite the team and a space where everyone can be themselves.

We are seeking a Security Engineer to provide deep technical expertise, tooling evaluations, and hands‑on engineering support across our security program. This role acts as a builder‑defender, driving practical security control implementation, assessing emerging technologies, and ensuring secure integration patterns for modern applications—including but not limited to AI systems. You will bridge high‑level security strategy with real engineering execution.

Key Responsibilities:
 

• Implement and operationalize security controls, translating policies and theoretical requirements into real, functioning technical solutions.
• Evaluate and integrate modern security tools, performing hands‑on testing and delivering data‑driven recommendations.
• Design and review secure architecture patterns for application and platform integrations (APIs, cloud services, third‑party tools, internal services).
• Conduct threat modeling for complex use cases, identifying risks such as data exposure, API abuse, system compromise, and emerging AI‑related attack vectors.
• Provide technical security guidance to engineering and product teams proposing new solutions or integrations.
• Partner closely with DevSecOps teams to embed security practices into CI/CD pipelines, container workflows, and cloud environments.

Requirements:
 

• 4+ years in Application Security, Cloud Security, Security Engineering, or DevSecOps.
• Strong knowledge of API security, OAuth/OIDC, containers, and cloud‑native services.
• Hands‑on experience with security tools (posture management, vulnerability scanners, SIEM/SOAR).
• Ability to assess third‑party vendors and modern security technologies.
• Proficiency in Python or another scripting language.
• Understanding of generative AI risks (prompt injection, data leakage) is a plus.
• Strong analytical thinking and clear communication skills.
• Self‑driven, adaptable, and proactive in a fast‑changing tech landscape.

Policy statements:
https://www.pwc.com/ua/uk/about/privacy.html

We are the creators of a new fintech era!
Our mission is to revolutionize the world by making blockchain technology accessible to everyone in everyday life. WhiteBIT is a global team of more than 1,200 professionals united by a shared vision of shaping the Web3 future.
We are building our own blockchain ecosystem, ensuring maximum transparency and security for over 8 million users worldwide. Our cutting-edge solutions, rapid adaptation to market challenges, and technological excellence set us apart from traditional companies.
Our official partners include the National Football Team of Ukraine, FC Barcelona, Lifecell, FACEIT, and VISA.

The future of Web3 starts with you — join us as a SOC Analyst L1!

 

Requirements:

— Basic understanding of cybersecurity principles, common attack vectors, and threat detection methods.
— Familiarity with key cybersecurity frameworks (MITRE ATT&CK, NIST, CIS etc.)
— Familiarity with EDR/XDR and SIEM platforms (e.g., CrowdStrike, SentinelOne, Splunk, QRadar, etc.).
— Strong analytical and problem-solving skills.
— Ability to work in a fast-paced, team-oriented environment.
— Good written and verbal communication skills in English (B1+).
— Willingness to work in a shift-based schedule, including nights and weekends. Shifts are distributed evenly across the department.

Responsibilities:

— Monitor and analyze alerts from EDR, SIEM platforms and other corporate tools.
— Perform initial triage to determine the severity, credibility, and urgency of security events, sorting out False Positives.
— Escalate incidents to Level 2 analysts or incident response teams when necessary.
— Document findings, actions taken, and outcomes in a ticketing system.
— Follow standard operating procedures (SOPs) and playbooks for alert handling.
— Assist in the continuous tuning of EDR/SIEM rules to reduce False Positives.
— Stay current with emerging threats and industry best practices.
— Participate in active learning and Purple Teaming of the SOC team.

Work conditions:

Immerse yourself in Crypto & Web3:
— Master cutting-edge technologies and become an expert in the most innovative industry.
Work with the Fintech of the Future:
— Develop your skills in digital finance and shape the global market.

Take Your Professionalism to the Next Level:
— Gain unique experience and be part of global transformations.
Drive Innovations:
— Influence the industry and contribute to groundbreaking solutions.

Join a Strong Team:
— Collaborate with top experts worldwide and grow alongside the best.
Work-Life Balance & Well-being:
— Modern equipment.
— Comfortable working conditions, and an inspiring environment to help you thrive.
— 24 calendar days of paid leave.
— 5 calendar days of sick leave.
— Additional days off for national holidays.

Playson is a leading iGaming supplier operating in multiple regulated markets, delivering engaging casino content and advanced technology. We’re a fast-growing, tech-driven company that values innovation, autonomy, and ownership. At Playson, we welcome people who are curious, proactive, and passionate about solving complex challenges at scale.

We are ISO/IEC 27001 certified and committed to maintaining a robust security and compliance posture across all our operations.

About the Role

We are looking for a Security Lead to strengthen Playson’s information security framework and drive continuous improvement of our security culture. This role combines technical expertise, investigative focus, and process leadership - ensuring that our systems, data, and people remain secure, compliant, and resilient.

What will you be doing?

Information Security & Compliance

• Maintain and continuously improve the ISO/IEC 27001:2022 Information Security Management System (ISMS).
• Foster a strong Security-First mindset across the organization.
• Work closely with the CTO, Head of IT, and DevOps to enhance internal security controls.
• Conduct internal audits, risk assessments, and coordinate certification renewals.
• Update security policies and controls in line with ISO 27001, GDPR, and relevant international frameworks (e.g., NIST CSF and NIS2 principles where applicable).
  Manage integrations and alerting within Datadog SIEM, CrowdStrike, Cloudflare, and Google Workspace.
• Support DLP implementation and maintain central tracking of security events.
• Document risks, incidents, and corrective actions to ensure continuous compliance.

Incident Response & Investigation

• Lead investigations into security incidents such as phishing, data leakage, or unauthorized access.
• Collect and analyze digital evidence across systems (CrowdStrike, Cloudflare, Google, Slack).
• Maintain and enhance incident response playbooks and escalation workflows.
• Collaborate with HR, Legal, and IT teams during internal investigations.
• Produce post-incident reports and recommend remediation measures.

Endpoint & Access Security

• Manage MDM systems (Zoho MDM, Endpoint Central) and ensure full compliance for macOS endpoints.
• Maintain CrowdStrike Falcon configurations and endpoint posture enforcement.
• Oversee SSO, MFA, and 2FA enforcement across services (Google SSO, DUO Mobile, 1Password).
• Implement Just-in-Time (JIT) privilege elevation and regular admin access reviews.
• Perform Quarterly RAS Access Management Reviews.

• Maintain a consistent audit trail for access management throughout the year.

   

To succeed in the role, you will have:

• 3+ years of experience in information security, IT audit, or digital investigations.
• Solid understanding of ISO 27001, GDPR, and modern security frameworks (NIST CSF / NIS2).
• Hands-on experience with SIEM / EDR systems
• Proven ability to manage SSO, MFA, DLP, and MDM environments.
• Strong communication skills in English (B2 or higher).
• Analytical mindset, integrity, and attention to detail.

Preferred additional qualifications:

• Certifications: CISSP, CISM, CEH, ISO 27001 Lead Auditor, AWS Security Specialty.
• Experience with Zero Trust, PAM, DLP/CASB, or SOAR platforms.
• Forensics experience.
• Experience in designing awareness programs or running phishing simulations.

What you get in return:

• Competitive Salary: We offer a competitive salary in EUR, subject to annual performance reviews
• Quarterly Bonuses: Benefit from a transparent and systematic quarterly bonus system
• Flexible Schedule: We offer a flexible work schedule to accommodate your needs
• Remote Work Option: Choose to work remotely, providing greater flexibility and comfort
• Medical Insurance: Receive comprehensive medical insurance for both you and a significant other
• Financial Support for Life Events: We provide financial support during special life events
• Unlimited Paid Vacation: Enjoy unlimited paid vacation leave
• Unlimited Paid Sick Leave: Take unlimited paid sick leave whenever necessary
• Professional Development: Get reimbursement for professional development courses and training

The recruitment process includes the following steps:

1. HR Interview (30-45 mins)

2. Technical interview with Service Desk & Security Lead (60 mins)

3. Final Interview with CTO and People Business Partner (60 mins)

About Playson

Founded in 2012, Playson is a leading iGaming supplier recognized worldwide. We provide our partners with a high-end, microservice-based Platform-as-a-Service capable of processing billions of financial transactions daily. Our global infrastructure is designed for cross-regional performance, with a relentless focus on latency reduction and flawless player experience, regardless of bandwidth or connectivity.

We are now building a Platform & Cloud Security function and are looking for the first hire to launch and lead it. This is a rare opportunity to set the standards from scratch and shape how security is embedded into a modern, high-load, cloud-native environment.

Key Responsibilities

• Establish the DevSecOps function at Playson, defining best practices and security standards across the Platform Tribe.
• Integrate security into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning).
• Harden infrastructure and runtime environments (Linux, Docker, Kubernetes/EKS, RBAC).
• Design and enforce cloud security controls in AWS (IAM least-privilege, GuardDuty, Security Hub, encryption at rest/in transit).
• Define and maintain IaC security policies (Terraform/Terragrunt, drift detection, policy-as-code).
• Implement and manage secrets management solutions (Vault, AWS Secrets Manager).
• Build centralized security monitoring & alerting (Datadog, ELK, CloudWatch, SIEM/SOAR).
• Lead vulnerability management and threat modeling practices.
• Automate workflows through scripting (Python, Bash).
• Partner with backend, infrastructure, and platform engineers to embed security in design & delivery.
• Contribute to compliance readiness (ISO 27001, GDPR, PCI-DSS).
• Act as a security subject-matter expert, mentoring engineers and raising awareness.
• Continuously evaluate and implement new security tools and approaches.

Requirements

• 5+ years in Security Engineering / DevSecOps roles, with proven success delivering secure infrastructure and applications.
• Strong skills in Python and Bash for building and automating security workflows.
• Cloud Security (AWS focus) - Deep knowledge of IAM least-privilege design, encryption at rest/in transit, GuardDuty, Security Hub, and best practices for securing multi-account environments.
• Implementation of security controls in pipelines (SAST, DAST, dependency scanning, container image scanning, policy-as-code).
• Hardening of Linux systems, Docker, Kubernetes/EKS; strong experience with RBAC, PodSecurity/OPA/Gatekeeper/Kyverno policies.
• Terraform/Terragrunt, including policy-as-code, drift detection, and compliance enforcement.
• Expertise with HashiCorp Vault, AWS Secrets Manager, or equivalent.
• Hands-on with centralized logging, SIEM/SOAR tools (Datadog Security, ELK, CloudWatch, etc.) and incident response workflows.
• In-depth understanding of secure network design, segmentation, and monitoring.
• Experience with tools enabling temporary, approval-based access (Teleport, AWS IAM Identity Center, Okta, etc.).
• Ability to design and enforce zero trust principles (continuous verification, microsegmentation, contextual access).
• Familiarity with SBOM generation (CycloneDX, Syft), artifact signing (Cosign, Sigstore), and applying SLSA/in-toto frameworks.
• Understanding of ISO 27001, GDPR, PCI-DSS (iGaming relevance), plus experience automating compliance checks with IaC and policy engines.

Nice to have:

• Exposure to Kafka or ClickHouse in security-sensitive environments.
• Familiarity with GitOps tooling (FluxCD/ArgoCD).
• Broader knowledge of SOC 2, HIPAA, or other regulatory frameworks.

What We Offer

• Compensation at top industry standards + quarterly bonuses based on transparent evaluation.
• Remote-first flexibility and adaptable working hours.
• Unlimited paid vacation & sick leave.
• Comprehensive medical insurance (for you and your partner).
• Financial support for major life events.
• Professional growth budget for courses, training, and certifications.

Recruitment Process

1. HR Interview – 45 min
2. Hiring Manager Interview – 60 min
3. Technical Interview – 90 min
4. Final Interview with Head of Platform & CTO – 60 min

We are looking for an InfoSec Manager to develop and enforce security strategy, policies, and operations across the company. This role combines governance and hands-on technical responsibility: from Security Risk management and IAM to endpoint protection, security operations, and IT infrastructure. Information Security Manager will work closely with leadership and IT teams to ensure resilience against evolving threats and compliance with data protection requirements.

Responsibilities:

• Develop and maintain corporate information/cybersecurity strategy aligned with business goals.
• Define and enforce security policies, standards, and guidelines for information security, PII protection, and IAM.
• Build and update a cybersecurity plan based on evolving risks and threats.
• Conduct periodical risk assessments of infrastructure, applications, and processes based on the comprehensive asset management.
• Integrate data confidentiality and privacy (PII) protection into daily operations (“privacy by design”).
• Manage Accesses with SSO, MFA, and RBAC implementations on corporate systems.
• Oversee provisioning/deprovisioning and regular access reviews.
• Manage workstation and laptop security, including BYOD policies.
• Establish incident detection, response, and recovery processes.
• Ensure secure configuration of corporate tools (Google Workspace, Slack, etc.).
• Maintain backup, disaster recovery, and business continuity readiness.
• Execute Information Security Awareness campaigns.

Requirements:

• Ability to collaborate with leadership and technical teams, balancing governance and practical controls.
• Proven experience in developing and maintaining corporate information/cybersecurity strategy aligned with business objectives.
• Strong knowledge of security governance, including definition and enforcement of security policies, standards, and guidelines (information security, PII/data privacy, IAM).
• Practical experience building and maintaining a cybersecurity roadmap and adapting to evolving threats.
• Design and implementation of IT asset management and hands-on experience conducting risk assessments across infrastructure, applications, and business processes. 
• Technical expertise with Identity & Access Management (IAM): SSO, MFA, and RBAC implementations for SaaS and on-prem applications.
• Experience managing user lifecycle (provisioning, deprovisioning, and access reviews).
• Knowledge of security operations practices: incident detection, response, and recovery.
• Experience securing corporate IT tools such as Google Workspace, Slack, and similar SaaS platforms.
• Familiarity with backup solutions, disaster recovery planning, and business continuity management.
• Practical experience in running Awareness Campaigns, evaluate its effectiveness and continuously improve them
• Relevant certifications (CISSP, CISM, ISO 27001, or equivalent) are a strong plus.

Paycord is a PayTech company with a high-load platform for payment processing. We combine fintech expertise with merchant insights to create innovative solutions. We’ve successfully developed a strong product that helps businesses succeed in new markets.

Our primary focus is on solution-driven development, and we prioritize the needs of our business clients. We provide access to a wide range of local and international payment methods, supporting businesses in reaching new heights and achieving excellence.

We`re rapidly growing and inviting an Information/System Security Engineer to our team.

You would be running such tasks as:

• Assess cybersecurity risks and develop measures to minimize them.
• Implement and administer SOC tools, and integrate threat monitoring systems.
• Manage vulnerabilities, respond to security incidents, analyze root causes, and mitigate attack impacts.
• Handle identity protection and privileged access management.
• Secure Windows, macOS, and Linux endpoints.
• Ensure information and data protection.
• Conduct cybersecurity awareness training and promote best security practices among staff.
• Collaborate closely with Legal, HR, Business & Product Owners, DevOps, IT specialists, and development teams, providing expertise in information security matters.

Required skills and expertise:

• Higher education in Information Security or a related field (Computer Science, Software Engineering, Information Systems, etc.).
• At least 3 years of experience in a similar position.
• Strong understanding of user authentication principles, access control, and information resource management models.
• Experience with OSINT tools and methodologies.
• Hands-on experience with configuring and administering tools such as SIEM, EDR, SOAR, MISP, IDS/IPS.
• Experience in securing server, network, and cloud infrastructures.
• Familiarity with monitoring and logging systems.
• Experience in scripting and automation.
• Experience in Security Incident Response, ability to analyze and interpret data, and prepare reports based on incident investigation results.
• Experience with IT audits and risk management processes.
• Risk-oriented mindset with the ability to assess consequences and implement systemic improvements.
• English level: Intermediate or higher (ability to read technical documentation and correspond in English).

Will be a plus:

• Relevant security certifications and training.

We offer:
Care for your health and well-being
• 100 % paid sick leaves;
• 20 working days of paid vacation;
• Medical support;
• Benefits Cafeteria (budget for gym/stomatology/psychological service & etc.);
• Ability to work remotely or in the office (as you wish);
• Corporate gifts & events.

Professional growth & development
• Competitive salary with annual salary promotions;
• The annual budget for professional courses, conferences, workshops, and books;
• Internal training courses;
• Work with a team of professionals and have the opportunity to share knowledge.

Corporate Culture
• Dynamic and result-oriented work environment;
• The ability to influence product development at an early stage;
• Openness to new ideas and approaches, healthy team discussions;
• No “red tape” culture.

Candidate journey:
HR Interview — Technical Interview — Final Interview

• Project Description:

  One of the world's largest providers of products and services to the energy industry has a need to develop, support and integrate software system in Oil & Gas domain.
  You will be a member of a cross functional team.
  Key project stakeholders are open for innovative ideas.
  Project is based on SCRUM methodology.
  This is a great opportunity to work in an international team, apply and learn modern IT technologies

   

• Responsibilities:

  Quickly learn new technologies and improve proficiency
  Follow up with Developer on open vulnerabilities
  Share reports of open, closed vulnerabilities
  Develop unique, effective security strategies for software systems, networks, and cloud provider
  Safeguards information system assets by
  identifying and solving potential and actual security problems
  Maintain quality service by following
  organization standards
  Contribute to team effort by accomplishing
  related results as needed

   

• Mandatory Skills Description:

  Understanding of definitions related to cyber security: Vulnerability, attack vector, threat , security risk, SAST, DAST, WAF ets
  Understanding of networking, Operating systems (Windows and Linux)
  Basic concepts in programming Ex: Python
  Very good English as team is multinational