Jobs Security

ВАКАНСІЯ: CI Resilience and Vulnerability Assessment Manager  for U.S. Cybersecurity for Critical Infrastructure in Ukraine (CCI) Activity

BACKGROUND:

The U.S. Cybersecurity for Critical Infrastructure in Ukraine (CCI) Activity began in May 2020. The purpose of the CCI Activity is to reduce, and ultimately eliminate, cybersecurity vulnerabilities in Ukraine’s critical infrastructure sectors. In the same way that cyberattacks drove Estonia to innovate cybersecurity practices, systems, and entrepreneurship as the backbone of its digital transformation. 

The CCI Activity continues to improve the cyber-resilience of Ukraine and its critical infrastructure sectors through three interlinked, mutually reinforcing objective areas that address legal, policy, institutional, workforce, and market gaps to strengthen long-term national resilience.

Building on progress achieved from 2020 to 2026, and under the Department of State, the Activity will continue implementation of these objectives while aligning them with U.S. foreign-policy priorities for trusted technology, supply-chain security, and transatlantic digital integration.

Objective 1: Create a safe, trusted environment to accelerate the development of people, processes, and technology to support cybersecurity across CI sectors and assets in Ukraine.

Objective 2: Strengthen Ukraine as a sovereign nation built on a secure, protected, and dynamic economy, supported by a talented pool of human capital.

Objective 3: Stimulate demand for and supply of Ukrainian cybersecurity solutions and service providers to empower, equip, and finance cybersecurity entrepreneurs and businesses

The CCI Activity consists of three complementary, mutually reinforcing, and integrated components:

Component 1: Strengthen the Cybersecurity Enabling Environment

This component enhances Ukraine’s ability to protect and modernize its civilian digital infrastructure by embedding U.S. and allied cybersecurity standards into the governance, architecture, and operational systems of critical infrastructure (CI). It prioritizes the divestment of high-risk digital assets and the adoption of secure-by-design technologies that advance trusted supply chains, secure communications, and resilient public services in line with U.S. strategic and commercial interests.

Component 2: Develop Ukraine’s Cybersecurity Workforce

This component builds the institutional and technical foundation for a civilian cyber workforce capable of securing Ukraine’s critical infrastructure during wartime and sustaining digital resilience throughout long-term recovery. It anchors that workforce in U.S.-backed standards, trusted technology principles, and interoperable training models aligned with allied strategic frameworks. All workforce development activities under this component shall be focused on applied operational capability and demonstrable use of skills, rather than academic, theoretical, or strategy-only training outcomes.

Component 3: Build a Resilient Cybersecurity Industry

This component strengthens Ukraine’s domestic cybersecurity and dual-use technology sector as a frontline contributor to national resilience and a trusted partner in U.S. and allied digital ecosystems. It aims to reduce Ukraine’s reliance on high-risk and adversary-origin platforms, and position select Ukrainian firms as interoperable contributors within U.S. and allied technology supply chains where this serves U.S. strategic, security, and commercial interests.

The secured digital infrastructure of the Operators of Critical Infrastructures (OCIs), including government agencies, is a crucial component of the CCI Activity’s efforts to bolster Ukraine’s cyber resilience. Maintaining the functionality of this infrastructure and protecting it from cyberattacks is essential for the uninterrupted delivery of public services and the core services of the OCIs.

The CCI Activity is seeking a CI Resilience and Vulnerability Assessment Manager is responsible for leading and coordinating technical interventions that strengthen the cyber resilience of Ukrainian critical-infrastructure operators

1. Role’s Purpose:     

The CI Resilience and Vulnerability Assessment Manager is responsible for leading and coordinating technical interventions that strengthen the cyber resilience of Ukrainian critical-infrastructure operators through telemetry-driven digital-twin capabilities and recurring vulnerability assessment and penetration-testing programs. The role ensures that supported activities result in operational, telemetry-enabled resilience capabilities and measurable improvements in security posture on live or representative systems, rather than conceptual demonstrations or advisory outputs only. In addition to the core digital-twin and vulnerability-assessment workstreams, the role provides surge capacity for urgent, ad-hoc resilience testing, risk assessment, and remediation-support tasks assigned by CCI Activity leadership in response to emerging threats or sectoral priorities.

The CI Resilience and Vulnerability Assessment Manager will be responsible for providing all the monitoring performance reports against the Monitoring, Evaluation, and Learning Plan (MELP) targets and supporting the successful completion of activities.

1. Task / Responsibilities:

• Lead end-to-end deployment of a telemetry-driven digital-twin infrastructure for designated critical-infrastructure sectors, ensuring integration of live or near–real time telemetry and operational application in resilience testing scenarios.
• Coordinate configuration of telemetry pipelines and trusted technology components in cooperation with designated Government of Ukraine institutions, ensuring alignment with approved architectures and security protocols.
• Ensure that digital-twin capabilities are activated in at least one priority CI sector and demonstrably used to analyse system behaviour, validate defensive configurations, or evaluate responses under simulated stress conditions without affecting live operations.
• Lead implementation of a recurring vulnerability-assessment and penetration-testing program building on CICIPA and NIST-aligned methodologies, targeting high-risk systems identified through structured assessment processes.
• Oversee execution of focused penetration-testing cycles on approved live or representative systems and ensure documented identification of vulnerabilities and recommended remediation actions.
• Support and document remediation efforts undertaken by operators within defined remediation windows, ensuring measurable improvements in participating entities’ security posture.
• Ensure that technical outputs are reliable, structured, and suitable for coordination with other donors, including burden-sharing and modernization follow-up actions.
• Provide rapid-response coordination for urgent resilience testing, vulnerability analysis, or remediation-support tasks assigned by CCI Activity leadership.

Qualifications and experiences

Qualifications:

• Master or higher educational degree in cybersecurity / information security or information technology
• Strong knowledges of international cybersecurity standards and frameworks (ISO, NIST, CAF, Cobit or similar)
• Strong knowledges of the cyber security solutions
• Solid presentation skills
• Solid communications skills
• Skills in developing technical project documentation
• Good command of English language is preferred

Experiences:

• At least 5 years of experience working with cybersecurity / information security or information technology
• At least 5 years of experience with cybersecurity / information security or information technology projects implementation
• Experience as an auditor or implementer would be an advantage

Equal Employment Opportunity

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or status as a protected veteran. 

DAI and its employees are committed to confronting discrimination in all forms, nurturing respect for our interpersonal relationships, and holding ourselves accountable for positive change within the company and in the communities, cultures, and countries in which we live and work.  DAI is committed to attracting and retaining the best employees from all races, ethnicities, and backgrounds in our continued effort to become a better development partner. 

DAI upholds the highest ethical standards. We are committed to the prevention of sexual exploitation, abuse, and harassment as well as other ethical breaches. All our positions are therefore subject to stringent vetting and reference checks.”

DAI promotes workforce diversity and encourages persons from excluded groups, including persons with disabilities, to apply.

It’s Kyiv-based position, long-term. 

Qualified candidates should send their CV and cover letter by June 30, 2026 6:00pm Kyiv time. Only short-listed candidates will receive notice requesting additional information. Interviews will be conducted on the rolling basis.

About the Role

We are looking for a highly skilled and strategic Senior DevSecOps Engineer to lead our security operations and infrastructure automation initiatives. In this role, you will bridge the gap between development, security, and operations, ensuring our on-premise environment remains secure, resilient, and efficient.
You will act as a subject matter expert, leveraging cutting-edge tools like CrowdStrike to automate threat detection and response, while maintaining robust perimeter security via Cloudflare.

Key Responsibilities
Implementation and automation of security tools in the CI/CD process (SAST, DAST, SCA).
Analysis of vulnerabilities in code, infrastructure and containers.
Development and configuration of security monitoring systems, incident response.
Monitoring and improving the security level of on-prem infrastructures.
Interaction with developers, DevOps and security teams to implement secure practices.
Active participation in the processes of IAM configuration, management of certificates, secrets and access policies.
Conducting internal security audits, participation in external (e.g. penetration) tests.

Requirements

Must-have:
Experience: 5+ years of experience in DevSecOps, Security Engineering, or a related field, with at least 2 years in a Senior role.
Tooling Expertise: Deep hands-on experience with the following specific tools:
Baremetal/on-premise infrastructure
Docker (Docker Swarm is a strong plus)
Gitlab CI 
CrowdStrike
Cloudflare
ELK.
SIEM Proficiency: Proven experience deploying and tuning SIEM solutions (e.g., Splunk, Elastic Security, Datadog, or similar).
Infrastructure: Strong background in managing on-premise infrastructure (physical servers, data centers, virtualization, networking).
Scripting: Proficiency in Python, Go, or Bash for automation and tooling.

Nice-to-have:
Experience with Kubernetes and such tools as Wiz.io and Torq.
Previous involvement in high-load, regulated, or 24/7 production environments (e.g., iGaming, FinTech, telecom or similar).

We offer
Fully remote work opportunity
Enhanced leave benefits:
20 days of paid vacation
5 paid days off
14 paid sick leaves
Company clubs & communities
Celebration gifts for personal milestones
Corporate online events, raffles & challenges
Corporate English program
Corporate yoga classes
Team-building activities
Coworking compensation
Training and development programs (internal & external).

Come Back Agency supports US software and technology companies by running their hiring process. We work with delivery and leadership teams to define roles, screen candidates, and manage interviews. Successful candidates are hired directly by the company and become part of its team.

This position is with a US-based software company providing custom development and AI implementation for North American clients. The team builds and maintains production software, including AI-enabled systems, and works in long-term client engagements. Team members operate as part of an internal, distributed team and collaborate directly with client stakeholders.

About the role

The company is moving deeper into enterprise work. We need a DevOps engineer who can help harden our infrastructure, implement security best practices, and drive compliance readiness so we can pass enterprise vendor reviews and pursue certifications like SOC 2 and ISO 27001. You will work closely with engineering and leadership across infrastructure, security, and compliance.

What you will do:

• Build and maintain secure cloud infrastructure and CI/CD pipelines
• Implement access control, least privilege, and secrets management across environments
• Standardize logging, monitoring, alerting, and audit trails
• Create and maintain secure SDLC practices, including code scanning, dependency scanning, and change control
• Set up incident response basics, including runbooks, on-call expectations, and post-incident process
• Compliance readiness for SOC 2 and ISO 27001 by implementing required technical controls and gathering evidence
• Vulnerability management and patching routines for infrastructure and dependencies
• Improve backup, disaster recovery, and business continuity practices
• Support client security questionnaires with clear technical answers and evidence

Requirements:

• Up to 2 years of DevOps experience with cloud infrastructure and deployment pipelines
• Hands-on experience with AWS, including IAM, networking, compute, and logging services
• Experience with Infrastructure as Code such as Terraform
• Experience with containerization and orchestration, Docker and Kubernetes preferred
• Comfort setting up security tooling, SAST, DAST, dependency scanning, secret scanning
• Ability to document systems clearly and work with auditors or compliance tools when needed
• English at B2 level or higher - you will collaborate directly with US client stakeholders

Nice to have:

• SOC 2 or ISO 27001 experience, even if you were the technical owner not the compliance PM
• Experience with Vanta, Drata, Secureframe, or similar evidence automation tools
• Experience working with HIPAA or other regulated client environments
• AWS certifications such as Solutions Architect or Security Specialty

What We Offer:

• Working hours aligned with US time zones, typically 16:00-23:59 Kyiv time
• English lessons to support clear and confident communication
• Paid vacation and sick days
• Fully remote work
• Opportunities for professional growth within the team
• Structured, personalized onboarding to help you ramp up effectively

Apply with your resume and a short note outlining your relevant experience. You can also submit it through our website at comeback.ua. Selected candidates will be contacted by Come Back Agency.

BALTUM is a cybersecurity and compliance consulting company. We are looking for a freelance penetration tester to collaborate on client projects.

What we offer:
- Project-based engagement (part-time/freelance)
- Projects: web/API pentest, network assessment, cloud security review
- You work as a subcontractor - we handle client communication
- Upfront payment on first projects
- Opportunity for ongoing collaboration as demand grows

Responsibilities:
- Conduct web, API, network, and infrastructure penetration tests
- Prepare professional reports (Executive Summary + Technical, CVSS scoring)
- Provide remediation recommendations
- Communicate findings clearly in written form

Requirements:
- Real commercial pentesting experience (1+ engagements)
- Proficiency with: Burp Suite, Nmap, Metasploit, or similar tools
- Knowledge of OWASP Top 10
- Ability to write clear technical reports in English
- Must have FOP (private entrepreneur) or equivalent for invoicing

We are looking for a  DevSecOps Engineer to join our team and help maintain and improve a secure cloud infrastructure on AWS. Our applications run on Kubernetes (EKS), Cloudflare is used for edge protection, and Wazuh serves as our SIEM / HIDS platform.
 

This role is suited for an engineer with hands-on experience who will work within an existing architecture and established best practices, rather than owning the full system design.

Requirements:
AWS / Cloud

• 2+ years of commercial experience with AWS;
• Hands-on experience with EKS or other managed Kubernetes platforms;
• Basic understanding of IAM, VPC, Security Groups, and CloudWatch.

Kubernetes / Containers

• Experience with Kubernetes (deployments, services, ingress);
• Understanding of Kubernetes RBAC (ability to apply and maintain existing policies);
• Experience with Docker (building and running containers).

Security / Monitoring

• Experience with Wazuh or other SIEM / security monitoring solutions;
• Understanding of logging, alerting, and basic HIDS principles;
• Hands-on experience with Cloudflare (DNS, basic WAF configuration).

DevOps / Automation

• Experience with CI/CD tools (GitLab CI, GitHub Actions);
• Infrastructure as Code: Terraform;
• Bash or Python for basic automation tasks.

Networking

• Understanding of HTTP/S, DNS, and TLS;
• Basic knowledge of cloud networking concepts.

Responsibilities:

• Maintain and enhance CI/CD pipelines with integrated security checks;
• Support and operate Kubernetes clusters (AWS EKS);
• Configure and maintain Wazuh (agents, basic rules, alerts, dashboards);
• Support and optimize Cloudflare services (DNS, basic WAF rules, rate limiting);
• Deploy and update infrastructure using IaC (Terraform / CloudFormation);
• Manage access controls (AWS IAM, Kubernetes RBAC);
• Monitor logs and security alerts and participate in incident response;
• Apply basic hardening practices for containers and EKS nodes;
• Collaborate with development teams to ensure secure application deployments;
• Configure infrastructure according to CIS benchmarks.

Nice to Have:

• Experience with security scanning tools (Burp, Snyk, kube-bench);
• Familiarity with AWS Security Hub or GuardDuty;
• Basic understanding of Zero Trust principles;
• Experience with multi-account AWS environments;
• Exposure to security policies or compliance controls;
• Experience with ELK Stack.
   

What We Offer:

• Work in a team with established processes and mentoring;
• Clear growth path toward a Senior DevSecOps Engineer role;
• Modern cloud-native technology stack (AWS, Kubernetes, Terraform);
• Flexible work format (remote / hybrid);
• Competitive compensation based on experience

Місія ролі - забезпечити безпеку AI-застосунків, LLM/RAG-систем, API, інтеграцій і software delivery lifecycle: threat modeling, secure architecture review, secure coding controls, application security testing, AI-specific risk assessment.

Обов'язки:
-Threat modeling для AI-сервісів, RAG-пайплайнів, API та integrations.
-Security review архітектури перед розробкою та production release.
-Визначення security requirements і abuse cases для AI-функціональності.
-Перевірка access control, tenant/data isolation, auditability.
-Організація SAST/DAST/SCA/secrets scanning у SDLC.
-Проведення або координація penetration/security testing.
-Рев’ю vendor-delivered компонентів з точки зору AppSec.
-Розробка security checklist для AI-рішень.
-Спільна робота з SecOps щодо логування, detection і incident response.

Вимоги:
-5+ років досвіду в AppSec, product security, security engineering або penetration testing.
-Практичний досвід secure architecture review.
-Досвід threat modeling: STRIDE, attack trees або інші практичні підходи.
-Знання OWASP Top 10, OWASP API Security Top 10.
-Досвід SAST, DAST, SCA, secrets scanning, dependency security.
-Розуміння authN/authZ, OAuth2/OIDC, JWT, API gateways, RBAC/ABAC.
-Досвід security testing для web/API applications.
-Розуміння secure SDLC і security acceptance criteria.
Бажано:
-Досвід з OWASP Top 10 for LLM Applications.
-Розуміння prompt injection, data leakage, insecure output handling, excessive agency, model abuse.
-Досвід з RAG security: access control на рівні документів, source trust, leakage prevention.
-Досвід red teaming AI/LLM systems.
-Досвід із sensitive/classified data handling.
-Досвід із regulated environments: banking, defence, govtech, critical infrastructure.

Умови для цивільних:
-Офіційне працевлаштування
-Офісна робота, Київ, Центр
-Можливе бронювання


Умови для чинних військових:
-Військова служба
-Служба в Києві (житло не надається), Центр, Київ
-Повне грошове забезпечення для тилової посади

Who We Are 
 

At Digital Shelf by NIQ, we’re passionate about technological innovation and excellence in cybersecurity. Our cutting-edge solutions enable us to scrape data for 12 billion products and manage over 20 billion data points. In a market where anti‑bot technologies represent a $10B industry in constant evolution and consolidation, our dedicated teams tackle real‑world challenges with precision and creativity. 
 

What You’ll Do 
 

• Reverse Engineering & Decompilation: 
  Analyze web and mobile applications (APK/IPA) to uncover hidden mechanisms. Disassemble code to understand its inner workings, with a focus on cryptographic functions that secure our systems. 
• Overcoming Anti‑Bot Mechanisms: 
  Evaluate and bypass advanced security protocols such as TLS, HTTP/2, HTTP/3, WebSockets, DoH, and session management. Identify vulnerabilities to enhance our data extraction methods. 
• Developing Custom Tools: 
  Build robust Python scripts and frameworks that automate bypass procedures and dynamically adjust security measures, whether by modifying TLS stacks or patching JavaScript on the fly. 
• Implementing Stealthy Scraping Techniques: 
  Engineer sophisticated methods such as browser patching, headless browser evasion, proxy tunneling, and human‑behavior emulation to keep our operations discreet. 
• Continuous Innovation: 
  Regularly test, disrupt, and improve our tools to stay ahead of ever‑evolving defenses. 

Your Profile 
 

• P45510n4t3 C0d3 W4rr10r: 
  You thrive on pushing systems to their limits while upholding the highest ethical standards. R3v3rs3 3ng1n33r1ng isn’t just a skill it’s your creative playground. 
• R3v3rs3 3ng1n33r1ng Expertise: 
  Whether using tools like IDA Pro, Ghidra, or your own custom-built solutions, you excel at dissecting both binary and web code to uncover core functionalities. 
• W3b & N3tw0rk Pr0t0c0l Savant: 
  You possess deep expertise in pr0t0c0ls such as TLS, HTTP/2, WebSockets, DoH, and more, leveraging that knowledge to find innovative solutions. 
• Advanced Python Developer: 
  Your coding abilities go far beyond basic scripting. We're looking for a coder, someone who can design and implement robust, efficient solutions for complex challenges. 
• Collaborative Innovator: 
  While you excel as an independent problem-solver, you also thrive in a dynamic team environment that values open communication and continuous learning. 

How to Apply 
 

If you’re a dedicated code warrior with a passion for dissecting and rebuilding intricate systems and you consistently deliver high‑quality, efficient code, send us your resume.

What we offer

Direct contract with the USA
Flexible work hours and remote work

20 business days of paid vacation
Flexible days off

Maternity/Paternity leaves

Medical insurance 

Join Digital Shelf by NIQ and help us reshape the digital frontier. 

Місія ролі:
Забезпечити операційний кіберзахист AI-платформи та AI-сервісів: security monitoring, incident response, vulnerability management, IAM control, auditability, detection engineering і взаємодію з внутрішніми або зовнішніми SOC/IR-командами. Це роль, яка відповідає за те, щоб AI-рішення не були “чорною коробкою” з точки зору безпеки, логування, реагування та контролю.

Обов’язки:
_Налаштування security monitoring для AI-платформи.
_Визначення обов’язкових security logs для AI-сервісів, API, admin actions.
-Побудова detection rules та alerting.
-Управління vulnerability backlog.
-Контроль IAM, privileged access і audit logs.
-Підготовка incident response playbooks.
-Проведення security reviews перед production release.
-Взаємодія з DevOps, AppSec, PM і зовнішніми security-партнерами.
-Участь у прийманні vendor-рішень з точки зору operational security.

Вимоги:
-4+ роки досвіду в SecOps, SOC, infrastructure security або security engineering.
-Досвід роботи з SIEM/log management: Microsoft Sentinel, Splunk, Elastic, OpenSearch, Wazuh або аналоги.
-Практичний досвід incident response: triage, containment, escalation, post-incident review.
-Досвід vulnerability management: scanning, prioritization, remediation tracking.
-Розуміння IAM, MFA, privileged access, RBAC, service accounts.
-Розуміння Linux hardening, network security, firewalling, TLS, VPN.
-Досвід створення security playbooks/runbooks.
-Вміння читати технічні логи та знаходити аномалії.
Бажано:
-Досвід Kubernetes/container security.
-Досвід з MITRE ATT&CK, NIST, ISO 27001.
-Досвід у regulated або critical environments.
-Досвід побудови detection rules для API, identity, infrastructure та application events.
-Досвід інтеграції security logging з DevOps/MLOps платформами.

Умови для цивільних:

-Офіційне працевлаштування
-Офісна робота, Київ, Центр

-Можливе бронювання


Умови для чинних військових:
-Військова служба 

-Служба в Києві (житло не надається), Центр, Київ

-повне грошове забезпечення для тилової посади

This position is open exclusively for Ukrainian residents within Ukraine (preferably Kyiv or Lviv).
 

We are looking for a Cryptography engineer with software engineering experience to join our team and work with us on mission-critical systems. If you are interested in applied cryptography, modern math and application security, this may be the position for you!
 

Responsibilities:

• Work as part of cryptographic research and development team.
• Analyse modern applied cryptography structures and algorithms, participate in the analysis of their security, and adapt them for our software needs.
• Participate in the code review of someone else’s cryptographic code (it’s fun!).
• Design, write, test, implement, wrap, debug code that implements certain mathematical and cryptographic constructions for mission-critical systems.
• Write code, write tests, read cryptographic papers, write specs, discuss cryptography, jump on calls, draw diagrams on the board.
   

Requirements:

We’re looking for people who fit one of two profiles, both are equally welcome:

• Cryptography-first — strong theoretical foundation in cryptography and mathematics, with enough software engineering experience to build and ship real systems (or the drive to develop it).
• Engineering-first — strong software engineering background (systems, protocols, or application development) with some cryptography fundamentals and the appetite to go deeper into the theory.

In either case, we expect:

• Experience with at least one general-purpose programming language (preferably Rust, Go or Python) and readiness to learn Rust.
• Solid knowledge of modern systems, including how protocols operate within the real-world stack (from the network level to operating systems, web services, and client applications).
• Good understanding of cryptography basics (hash functions, signature, symmetric encryption, asymmetric encryption, ECC, DH).
• Comfort with mathematical reasoning and the ability to read technical literature. You will need to work with modern math, and modern algorithms often, and your colleagues will use academic language with you.
   

Nice to have:

• Good knowledge of applied cryptography, and / or formal education in this area and knowledge of the underlying mathematics.
• A general overview of programming languages will be a big plus.
• An overall understanding of what information security is, how real-world risks and threats affect the choice of security controls and cryptographic structures, where cryptography needs to be supported by other security controls, what zero trust architecture is, and why AES-CBC is a questionable choice.
• An understanding how modern blockchains work with transaction privacy, what primitives are used, multi-signature protocols, consensus.
• General understanding of modern applied cryptography: HPKE, key wrapping, CT on Merkle trees, the problem of searching in encrypted data.
   

Our hiring process:

• Resume review — up to 5 business days
• Test task — estimated time 4-6 hours
• Introductory meeting
• Technical interview
• Offer discussion
   

What’s in it for you?

• A sense of meaning and responsibility for those who seek purpose — we’re building “invisible texture of modern civilisation” — bits of infrastructure finance, power grids, healthcare rely on, and we are trusted with very challenging aspects of it.
• Competitive compensation with a flexible bonus scheme.
• Hybrid work model: this position allows for a combination of in-office and remote work as needed.
• UK, EU and USA clients.
• Working at the crossroads of ML security, cryptographic protocol support, hardware protection, reverse-resilient mobile app development, and securing web apps for millions of users.
• Public track record in the open-source aspect of our products.
• Personalised mentorship and formal personal development plans, together with conferences, books, courses — we encourage learning and sharing with the community. Our team members share a lot in talks, workshops, and blog posts.
• Paid vacation — 21 business days per year.
• Paid sick leaves.

Format: Part-time (with option to increase to full-time) · Fully remote · Long-term (until 2027/2028, with option for extension) Location: EU · No citizenship restrictions Workload: 2–3 days per week (~120 person-days/year) · optionally up to 4–5 days per week (~240 person-days/year) Start: ASAP

About the Role

Testing activities across the NFHM and GLAS systems, covering test design, manual and automated execution, and test data management. The role operates in an agile environment using Jira xRay and Tricentis Tosca.

Responsibilities

• Creation and maintenance of test data using JSON and CSV
• Development and maintenance of scripts (PowerShell, Batch)
• Derivation of test cases based on user stories and requirements
• Structured test design using standard methods (equivalence class partitioning, boundary value analysis)
• Execution of manual test cases and structured documentation of results
• Use of Jira xRay as the test management tool
• Development and maintenance of automated test cases using Tricentis Tosca
• Integration of automated tests into existing processes

Requirements

• Several years of hands-on experience in test execution and documentation
• Experience with test automation (Tricentis Tosca)
• Experience in bug analysis and reporting
• Knowledge of Jira and xRay
• Scripting skills: PowerShell, Batch
• Basic understanding of API / interface testing
• Experience working in agile environments: Scrum, Kanban
• ISTQB Foundation Level or equivalent — a plus
• Solid understanding of retail processes, especially In & Out promotion planning
• English B2 · German B2 — nice to have

About The Position

MWDN is an international recruitment and outstaffing company with 23+ years of experience connecting exceptional tech talent with leading companies across Israel, the USA, Great Britain, and Western Europe. In this role, MWDN acts as the recruitment partner, and the selected candidate will work directly with the client’s team on their product in an international environment.
 

Why does MWDN rock?

Here’s what you can expect when you join MWDN:

• Security: We carefully vet our clients to minimize risks and ensure reliability and timely payments—no fraud or unpleasant surprises.
• Career support: If a project isn’t the right fit, we support you and actively help find new opportunities that match your skills and career goals.
• Legal assistance: We provide guidance on legal matters, including opening and managing your independent contractor or sole proprietorship status, taxes, and related processes.
• Professional development: We offer English courses and professional growth opportunities, as well as team-building events.

Why choose us? MWDN is ranked among the top 5 IT employers in our region according to DOU. We take pride in our transparency and strong commitment to our team. Curious to learn more? See what our employees say about working with us on DOU.
 

What is your new project?

• Domain: Identity and Access Management (IAM) software
• Location: Israel
• Company size: 200-500 employees
• Founded in: 2014
   

What is your new project?

Are you ready to join a game-changing force in identity and access management?

Our client is revolutionizing the way enterprises protect user identities in a passwordless world. You’ll be working at the intersection of cutting-edge biometrics, behavioral analytics, and next-gen identity orchestration — helping the world’s leading brands safeguard millions of users. Backed by more than 100 M Series A — one of the largest in cybersecurity history — and trusted by major global enterprises, they offer the agility of an innovator with the strength and backing of an industry leader.

Ready to take part in redefining IAM for the modern era? Let’s talk.
 

What makes you a great fit

• 3+ years of hands-on experience in security research, mobile security, browser research, fraud research, detection research, reverse engineering, or a related technical role.
• Experience with web browsers, mobile browsers, WebViews, browser APIs, JavaScript runtime behavior, browser automation, fingerprinting, client-side web security, and low-level browser technologies.
• Familiarity with the architecture or codebase of modern open-source browsers and rendering engines, such as Chromium, WebKit, Blink, or Gecko, with the ability to reason about how browser internals can expose new security and fraud signals.
• Experience with native Android and/or iOS applications, mobile OS behavior, app instrumentation, emulators, device spoofing, mobile automation, mobile security, and low-level platform APIs.
• Attacker mindset and practical understanding of how malicious actors attempt to bypass detection using automation, AI agents, spoofing, and anti-detection techniques.
• Ability to identify subtle technical signals and turn them into practical detection or data collection opportunities.
• Experience designing technical experiments and validating research hypotheses.
• Experience with one or more SDK development languages and environments, such as TypeScript/JavaScript for web, Kotlin/Java for Android, or Swift/Objective-C for iOS, with the ability to understand implementation constraints and collaborate effectively with SDK engineering teams.
• Scripting ability, preferably in Python, for building research tools, automation, and analysis workflows.
• Ability to work independently on ambiguous problems and communicate findings clearly to engineering, product, and research stakeholders.
   

Advantages

• Experience with Web SDKs, Mobile SDKs, client-side telemetry, device intelligence, behavioral signals, AI agent detection, or fraud detection products.
• Experience researching bots, credential stuffing, scraping, headless browsers, AI-assisted automation, app cloning, SDK abuse, phishing kits, malware, or
• anti-detection frameworks.
• Experience with reverse engineering Android or iOS applications.
• Familiarity with detection quality measurement, feature evaluation, false-positive analysis, production monitoring, or machine learning concepts.
• Bachelor’s degree in Computer Science, Cybersecurity, Data Science, or a related field— or equivalent hands-on experience.
  
   

Your day-to-day in this position

• Research browser, WebView, Android, and iOS environments from an attacker’s perspective.
• Identify new security signals, behavioral indicators, and technical patterns that can improve fraud, abuse, automation, and AI agent detection.
• Investigate attacker techniques involving bots, browser automation, AI agents, emulators, device spoofing, hooking, instrumentation, remote access tools, and
• anti-detection methods.
• Design and run experiments to compare legitimate, automated, AI-assisted, and manipulated environments.
• Evaluate proposed signals for reliability, stability, spoofability, privacy sensitivity, performance impact, and production feasibility.
• Translate research findings into clear SDK feature requirements for web and mobile data collection.
• Build internal tools, scripts, and lab environments to support signal research and validation.
• Collaborate with SDK, engineering, product, and detection teams to move research from hypothesis to production.
  
   

Our next steps

✅ Intro call with a Recruiter — ✅ Intro call with client — ✅ Technical interview — ✅ CTO interview — ✅ HR interview — ✅ Reference check — ✅ Offer

About the company

Our client is a leading autonomous vehicle technology company operating at the cutting edge of self-driving software development. 

Role overview

We are not looking for a traditional SOC analyst. This role is about building detection systems, not clicking through alerts. You will work with large volumes of logs (cloud, application, network), design detection logic, and improve it over time. That includes both rule-based detection (SIEM/XDR) and data-driven approaches (statistical models, anomaly detection, simple ML where it makes sense). You should be comfortable treating logs as a data problem, not just a monitoring stream.

Important! This is not a role where you:

• sit in SIEM all day clicking alerts
• blindly add rules
• overcomplicate things with ML

This is a role where you: build detection systems that work in practice.

What you'll be doing

Detection & analytics

• Build and maintain detections across:
• application logs (auth, APIs, business logic abuse)
• cloud activity (CloudTrail, IAM, infrastructure changes)
• network telemetry (DNS, proxy, firewall, NetFlow)
• Work directly with data in platforms like Elasticsearch / Splunk / similar
• Write and tune detection logic (queries, correlation rules)
• Reduce noise — expect to spend time fixing false positives, not just adding new rules.

Working with data (this is a big part of the job)

• Build pipelines for:
• log ingestion
• normalization
• feature extraction
• Work with streaming or batch pipelines (Kafka / queues / scheduled jobs)
• Turn raw logs (e.g. CloudTrail) into structured data usable for detection.

Anomaly detection / ML (practical, not theoretical)

• Apply simple models where they add value (e.g. One-Class SVM or similar approaches)
• Focus on:
• behavior baselining
• anomaly scoring
• Tune models based on real output (false positives matter more than theory) 
• If ML does not improve signal — don't use it.

Automation & response

• Build response playbooks for common cases
• Automate where it actually saves time (not for the sake of it)
• Integrate with SOAR or write lightweight orchestration
• Improve:
• detection speed
• response consistency.

AI usage (realistic expectations)

• Use LLMs for:
• alert enrichment
• investigation summaries
• internal tooling
• Not building an "AI security platform"
• Focus on practical gains, not hype.

Threat hunting

• Run targeted hunts based on hypotheses
• Use internal data + external signals
• Identify gaps in logging and detection.

Requirements

• Solid experience with SIEM (Elastic, Splunk, Sentinel, etc.)
• Strong understanding of:
• cloud activity (especially AWS logs and IAM)
• network basics
• modern application behavior (APIs, auth flows)
• Comfortable working with large datasets (not afraid of raw logs)
• Python or similar for data processing
• Experience with automation (SOAR or custom scripts).

Nice-to-have (but not critical)

• Experience applying ML to logs (even simple models is enough)
• Familiarity with LLMs in tooling (not research)
• Experience with data pipelines (Kafka, Spark, etc.)
• MITRE ATT&CK mapping

What will make you effective here

• You don't trust alerts blindly
• You care about signal quality, not number of detections
• You can debug why a detection is noisy or useless
• You understand systems, not just tools
• You prefer building something once instead of repeating manual work.

How success looks like

• Fewer false positives
• Better visibility across systems
• Faster investigations
• Less manual work in SOC
• Detections that actually catch real issues

We are looking for a practical security engineer who can improve detection quality, investigate real incidents, and help reduce manual SOC work.

This role is not about building an “AI security platform”. The focus is on better visibility, cleaner detections, faster investigations, and useful automation.

What You Will Work On

Threat Hunting

Run targeted hunts based on clear hypotheses, including:

• Suspicious cloud activity
• Abnormal IAM or API usage
• Unusual network or application behavior
• Weak or missing detection coverage
• Gaps in logging and telemetry

You will use internal data and external threat intelligence to validate risks and improve detection logic.

Security Incident Investigation

Investigate security alerts and incidents end-to-end:

• Understand what happened
• Validate whether the alert is real or noisy
• Identify affected users, systems, and data
• Collect evidence from logs and infrastructure
• Document findings clearly
• Recommend fixes or detection improvements

Expected experience: 2+ years of hands-on security incident investigation.

Detection Engineering

Improve existing detections and create new ones where needed:

• Reduce false positives
• Improve signal quality
• Tune alerts based on real data
• Validate whether detections catch meaningful activity
• Map useful detections to MITRE ATT&CK where appropriate

Automation and Internal Tooling

Build small but useful tools to reduce repetitive work:

• Scripts for log analysis
• Alert enrichment
• Investigation helpers
• Data normalization
• Tool integrations
• Basic SOAR-style automation

Practical AI / LLM Usage

Use LLMs only where they bring practical value:

• Alert enrichment
• Investigation summaries
• Internal tooling
• Analyst productivity

No hype. No AI-first positioning. AI is just one tool in the workflow.

Requirements

• Solid experience with SIEM tools, such as:   - Elastic   - Splunk   - Microsoft Sentinel   - Similar platforms
• 2+ years investigating real security incidents
• Strong understanding of:   - AWS logs and IAM activity   - Cloud security basics   - Network fundamentals   - APIs, authentication flows, and modern application behavior
• Comfortable working with:   - Large datasets   - Raw logs   - Noisy alerts   - Incomplete telemetry
• Python or similar language for data processing
• Experience with automation:   - SOAR   - Scripts   - Internal tools   - Custom workflows
• Basic DevOps knowledge:   - AWS   - Linux   - Docker   - Kubernetes basics   - CI/CD basics   - Cloud infrastructure concepts   - Logs, metrics, and monitoring

Nice to Have

• Experience applying simple ML or statistical methods to logs
• Familiarity with LLMs in internal tooling
• Experience with data pipelines:   - Kafka   - Spark   - Similar systems
• MITRE ATT&CK mapping
• Detection-as-code experience
• Understanding of infrastructure monitoring:   - Prometheus   - Grafana   - OpenTelemetry

What Will Make You Effective Here

You will be effective in this role if:

• You do not trust alerts blindly
• You care about signal quality, not the number of detections
• You can explain why a detection is noisy or useless
• You understand systems, not just security tools
• You are comfortable reading raw logs
• You prefer building automation once instead of repeating manual work
• You can work with engineers and explain security findings in practical terms

Are you passionate about making the internet a safer place? We are looking for a Middle Security Operations Researcher to join our team and help protect enterprise clients from harmful bots and online threats. This is a remote, full-time role that offers the opportunity to work directly with global customers, analyzing traffic patterns and neutralizing malicious activity.

At Sigma Software, we value expertise, ownership, and proactive communication. You will collaborate with a diverse international team while enjoying the flexibility of working from anywhere.

Why join us? You will work on impactful cybersecurity projects, gain exposure to cutting-edge analytics tools, and contribute to safeguarding digital ecosystems worldwide.

CUSTOMER
Our customer is a global provider of comprehensive security solutions, protecting individuals, organizations, and communities from a wide range of risks, particularly in the digital space. Their enterprise-focused products specialize in bot defense and invalid traffic detection, helping clients safeguard critical systems and maintain operational integrity.

PROJECT
The project focuses on real-time threat detection and bot mitigation for enterprise-scale clients. Security Operations Researchers collaborate directly with customers, leveraging advanced analytics platforms to identify malicious traffic patterns and neutralize online threats. This dynamic environment requires both technical expertise and strong communication skills.

JOB DESCRIPTION:

• Provide Tier 2 technical support to customers in real time, delivering clear and professional responses
• Analyze logs, graphs, and dashboards, isolating and investigating data using tools like Kibana
• Manage and organize cases, tickets, and requests in Salesforce
• Perform back-office tasks, including writing and maintaining suspicious field expressions
• Write and optimize SQL queries for data retrieval, analysis, and manipulation in BigQuery
• Communicate with global customers, ensuring timely responses and effective issue resolution
• Work in a shift-based schedule, including weekend shifts

QUALIFICATION:

• 3+ years of experience in data analysis, including working with logs and dashboards
• Experience working with web traffic data, including HTTP traffic, logs, request analysis, and traffic pattern investigation
• Strong SQL skills: Common Table Expressions (CTE), aggregations, GROUP BY, ORDER BY, filters, window functions (e.g., RANK()), and subqueries
• Experience with SIEM systems. Nice to have: experience with the Elastic Stack
• Technical understanding of web technologies and client–server architecture (APIs, HTTP, basic HTML/JavaScript)
• Strong troubleshooting and problem-solving skills
• Experience in customer support, including direct communication with clients; professionalism and politeness are essential

• Strong English communication skills

   

WILL BE A PLUS:

• Experience in a Cybersecurity Analyst/Researcher role, ideally supporting external customers in threat detection and response
• Experience in web security and security research: web application security, bot management, fraud detection
• Basic Python skills
• Experience with Kibana

PERSONAL PROFILE:

• High level of responsibility and ownership
• Ability to work independently with minimal supervision
• Planning and decision-making skills with considerations for multiple integrated systems
• Proactive communicator who keeps stakeholders informed without being prompted

Work schedule: 40 hours per week, 5 days per week. Workdays can be adjusted to start earlier or later, including weekends if necessary.

We are looking for a DevSecOps and Application Security Lead to join our team and build our application security from scratch. In this role, you will lead the security direction within our department, focusing on integrating security into the software development process. By balancing automation with practical DevSecOps practices, you will help our engineering teams find and fix vulnerabilities early, ensuring our products are safe and strong without slowing down development.

Responsibilities

• Build the DevSecOps/AppSec function from scratch, and create the roadmap, KPIs, and metrics for leadership
• Create secure development processes, including release security gates and vulnerability management
• Choose, configure, and integrate security scanners (SAST, SCA, secrets) with a focus on automation and AI-assisted workflows
• Integrate security checks into pipelines and development processes together with Engineering, DevOps, and Product teams
• Run threat modeling and security reviews for high-risk systems and major architecture changes
• Create clear security standards, checklists, and practical guidelines for developers (covering code, APIs, and secrets)
• Launch and grow a Security Champions program to involve engineers in security processes
• Help investigate incidents related to application vulnerabilities, leaked secrets, and supply-chain attacks

Requirements

• 5+ years of experience in DevOps, SRE, Platform Engineering, or related infrastructure/security roles
• 3+ years focused on DevSecOps and Application Security
• 1+ years in a lead/ownership role
• Deep understanding of modern software development, Git workflows, and hands-on experience integrating security checks into CI/CD pipelines without creating bottlenecks
• Practical experience with SAST, SCA, secrets scanning, and vulnerability management (triage, risk rating, remediation, and validation)
• Ability to select and scale security tools based on accuracy, false-positive rates, and developer experience
• Strong knowledge of web/API/mobile risks (OWASP Top 10, auth, supply-chain risks) and ability to run threat modeling and secure design reviews
• Good scripting skills (Python, Bash, or similar) and understanding of cloud-native/containerized environments
• Ability to write clear security requirements and guidelines for developers
• English — Intermediate+ or higher

Nice to Have

• Experience building AppSec/DevSecOps functions from scratch or early maturity stages
• Hands-on experience with tools like Snyk, Aikido, Semgrep, Trivy, Gitleaks, GitHub/GitLab Security, or SonarQube
• Experience with cloud/IaC security, Kubernetes, and mobile app security
• Knowledge of compliance standards (SOC 2, ISO 27001, PCI DSS, DORA) and experience with Bug Bounty or pentest coordination
• Experience with Security Champions programs and AI-assisted security tools

We offer

• 20 paid vacation days per year
• 10 paid sick leave days per year
• Public holidays as per the company’s approved Public holiday list
• Medical budget
• Opportunity to work remotely
• Professional education budget
• Language learning budget
• Wellness budget (gym membership, sports gear and related expenses)