Jobs Security

Приєднуйтесь до CreativeByte – енергійного колективу талановитих професіоналів!

Міжнародна IT-компанія у сфері iGaming відкриває вакансію Affiliate Anti-Fraud Specialist

Ми шукаємо досвідченого фахівця, який спеціалізується на виявленні та запобіганні шахрайству в партнерському маркетингу. Ваша роль буде ключовою для забезпечення чесної роботи affiliate-мережі, захисту бізнесу від зловживань і оптимізації взаємодії з партнерами.
 

Ваші основні завдання будуть полягати в наступному:

• Проведення планових перевірок партнерського трафіку з метою виявлення:

- мотиваційного трафіку (incent traffic)

- шахрайської активності

- мультиакаунтингу

- переливів трафіку між партнерами

- трафіку низької якості

• Підготовка аналітичних звітів із чіткими висновками та рекомендаціями щодо кожного кейсу або партнера
• Формулювання резолюцій за результатами перевірок (схвалення або обмеження виплат)
• Ведення історії кейсів, фіксація прийнятих рішень та взаємодія з релевантними командами для узгодження дій
• Тісна співпраця з іншими відділами (партнерський, фінансовий, юридичний, аналітичний тощо)
• Участь в оптимізації внутрішніх антифрод-процесів:

- розробка та впровадження нових інструментів

- автоматизація аналітики

- підвищення ефективності контролю якості трафіку

Наш кандидат володіє такими характеристиками:

• Досвід роботи в iGaming від 1 року на позиціях антифрод-аналітика, affiliate-менеджера або спеціаліста з перевірки платежів
• Глибоке розуміння affiliate-моделей та ключових метрик (CPA, RevShare, Hybrid, ROI, GGR, NGR та інші)
• Вміння обробляти великі обсяги даних, виявляти аномалії, робити аналітичні висновки та формулювати чіткі рекомендації
• Досвід роботи з Google Sheets / Excel, CRM-системами; бажано — з BI-інструментами (Looker, Tableau, Power BI тощо)
• Високий рівень уважності до деталей, аналітичне мислення, структурований підхід до задач
• Впевненість у роботі з цифрами, здатність бачити причинно-наслідкові зв’язки та ризики в поведінці користувачів і партнерів
• Вміння працювати у швидкому темпі, дотримуючись точності та якості в роботі
• Командний гравець із високим рівнем відповідальності та ініціативності
• Зацікавленість у розвитку антифрод-процесів, автоматизації аналітики та впровадженні нових рішень
   

Наш Hiring процес включає три кроки, які допомагають створити успішну та ефективну команду, а саме:

• Комунікація з рекрутером;
• Інтерв'ю з керівництвом;
• Job Offer. 
   

Чому ти захочеш обрати саме нас?

• Конкурентна оплата в доларах;
• Повний ремоут;
• Гнучкий графік, який підходить саме тобі: з Пн – Пт з 09:00//10:00 до 18:00//19:00;
• Оплачувана відпустка та лікарняні;
• Можливість брати Day off за власний рахунок та додатково за рахунок компанії;
• Прогресивне керівництво з фокусом на комунікацію;
• Salary review на основі досягнень;
• Персоналізовані привітання від компанії з нагоди важливих подій;
• Затишні тимбілдинги з командою;
• Компенсація спорту чи інших захоплень;
• Ефективна підтримка HR Department, керівництва та команди;
• Компенсація ментального здоровʼя;
• Можливість відвідувати конференції.

Reply helps thousands of companies automate and scale their sales outreach — and we were among the first to put an AI SDR inside a sales engagement platform. We move fast, stay lean, and solve problems with AI, not headcount.

Now we're looking for a Security & Compliance Manager to own our security and compliance programme as we move upmarket. This is a hands-on, build-from-scratch role: you'll own the programme end-to-end, report directly to the CEO, and have the autonomy to shape how security works here rather than inherit someone else's playbook.

👉 If you like turning risk into clear business decisions — and building systems that make security something the company moves faster because of, not slower — you'll thrive here.

🎯 What you'll do

• Own and run the security and compliance programme end-to-end
• Lead annual SOC 2 Type 2 audits and lay the groundwork for ISO 27001 and other relevant certifications — owning audit readiness throughout: evidence collection, documentation, and representation in audits and regulatory interactions
• Own security and privacy governance: policies, standards, and their full lifecycle, aligned with SOC 2 and relevant frameworks
• Maintain the risk register across access controls, internal processes, data confidentiality and availability, infrastructure, and third parties — and translate identified risks into clear, prioritised treatment plans with owners and timelines
• Own identity and access management across all company systems: onboarding/offboarding, regular access reviews, and least-privilege enforcement
• Run vendor and third-party risk management, embedding security requirements into contracts and SLAs
• Handle inbound security questionnaires and enterprise security reviews from customers and prospects, independently
• Scope, procure, and manage the annual external pentest — you own the process and track remediation through to completion with DevOps
• Build and run a security awareness programme in collaboration with HR: training completion, phishing simulations, and behavioural improvement tracking
• Partner with engineering and DevOps to translate compliance requirements into technical controls
• Treat Claude Code as your core security operating system — use it daily to investigate our systems, automate GRC workflows, build and test controls, and actively challenge our own defences. This role sets the bar for what AI-first security looks like here
• Report to leadership on top risks, incidents, control effectiveness, awareness metrics, and compliance status

🧩 Requirements
Must-have:

• 4+ years in information security or GRC, including hands-on ownership of a SOC 2 programme
• Proven hands-on experience with SOC 2 Type 2 and ISO 27001 in a SaaS or product company
• Working knowledge of GDPR and its implications for a SaaS business
• Experience managing vendor and third-party risk, including security requirements in contracts and SLAs
• Experience handling customer-facing security questionnaires and enterprise security reviews independently
• Able to assess and communicate risk in business terms
• Comfortable working across teams without direct authority
• Comfortable operating in cloud environments (we run on Azure)
• An AI-first operator who reaches for automation before manual effort — ideally already an exceptional Claude Code power user
• Advanced English

Will be a plus:

• ISO 27001 Lead Implementer / Auditor or CISM certification
• Familiarity with GRC tooling such as Drata, Vanta, or similar
• Background in a startup or scale-up where you built processes rather than inherited them

🎁 What we offer

• Full ownership of the security programme — build it from the ground up, with direct CEO access and real autonomy
• Your work directly enables the company to move upmarket and win bigger customers
• High ownership and the freedom to improve systems and processes
• Close collaboration with leadership, engineering, and DevOps
• 100% remote, with minimal meetings and zero bureaucracy
• Coverage for professional courses, gym memberships, or therapy sessions
• AI-first culture — we actively use advanced AI tools and cover premium software costs
• 15 paid vacation days, 🇺🇦 national holidays, and ~10 days of Christmas vacation
• Unlimited sick leave
• Access to internal training, literature, and knowledge sessions

If you're excited about building a security programme from scratch, turning risk into clear decisions, and doing it AI-first — we'd love to hear from you!

Position Name: SOC Engineer 

Reports to: Team Lead, SOC

Location: Remote, Ukraine

Role Overview

Atlas Technica's mission is to shoulder IT management, user support, and cybersecurity for our clients, who are hedge funds and other investment firms. Founded in 2016, we have grown year over year through our uncompromising focus on service.

We value ownership, execution, growth, intelligence, and camaraderie. We are looking for people who share our Core Values, thrive, and contribute to this environment while putting the customer first. At Atlas Technica, we offer a competitive salary, comprehensive benefits, and great perks to our global Team. We strive to maintain a professional yet friendly environment while promoting professional and career development for our Team Members. Join Atlas Technica now!

We are seeking a SOC Engineer to support the design, operation, and continuous improvement of Atlas Technica’s Security Operations Center.

Responsibilities

• Design, implement, and maintain SIEM, EDR, and security monitoring platforms
• Develop and tune detection logic to reduce false positives
• Lead investigation and response for complex incidents
• Build automation, playbooks, and workflows
• Partner with IT and engineering teams on remediation
• Conduct root cause analysis and post-incident reviews
• Maintain documentation and runbooks
• Support audit and compliance requests

Requirements

• Experience in security operations or incident response
• Hands-on experience with SIEM and EDR tools
• Strong understanding of networking and operating systems
• Ability to analyze logs and telemetry
• Strong communication skills

Desirable Qualities

• Experience in regulated environments
• Scripting or automation experience
• Familiarity with SOC 2 or ISO 27001

Atlas Technica is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, gender identity, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Who we are:
Adaptiq is a technology hub focused on building, scaling, and supporting R&D teams for fast-growing product companies across different industries.
 

About the Product
We are working on a unified AI-powered cybersecurity platform that enables companies to detect, prevent, investigate, and respond to cyber threats more efficiently. The solution brings together endpoint, network, cloud, email, and identity protection within one platform, enhanced by automation and 24/7 Managed Detection and Response services.

One of the key components of the platform is its Windows endpoint protection technology, which is currently deployed on nearly one million devices globally.
 

About the Role
As a Windows Kernel Developer, you will be responsible for developing and supporting kernel-mode drivers and low-level system components that are essential to the endpoint protection product.

You will collaborate closely with Product and Research teams to build new security capabilities, improve stability and performance, and contribute to a large-scale cybersecurity solution used by customers worldwide.
 

Key Responsibilities:

• Design and develop protection modules for the XDR platform.
• Implement, test, and maintain kernel-mode drivers and user-mode infrastructure using modern C++.
• Build and improve security features for the Windows endpoint protection product.
• Work closely with Product and Research teams to deliver new threat detection and prevention capabilities.
• Investigate, debug, and resolve complex low-level system issues.
• Contribute to technical design documentation, development guidelines, and best practices.
   

Required Competence and Skills:

• 2–3 years of experience in system programming and low-level development in Windows environments using C++17 or newer.
• At least 1 year of commercial experience with Windows kernel driver development.
• Solid understanding of Windows internals and kernel architecture.
• Experience with Windows debugging tools, including WinDbg.
• Hands-on experience with at least one of the following: KMDF, File System Minifilters, Registry Callbacks, or WFP Callouts.
• Strong analytical, troubleshooting, and problem-solving skills.
• Good communication skills and ability to collaborate effectively within a team.
• Good written and spoken English.
   

Nice to Have:

• Experience developing security, endpoint protection, or threat detection products.
   

Why Us:

• 20 vacation days per calendar year, plus official national holidays in the country where you are based.
• Full accounting and legal support in all countries where we operate.
• Fully remote work model, with a powerful workstation and access to co-working space if needed.
• Competitive compensation package with annual performance and salary reviews.

Swarmer develops software that makes drones autonomous and allows them to operate together, in large, coordinated teams — no pilots needed. Our technology has been battle-tested in Ukraine— the world’s most intense proving ground for drone warfare.

In March 2026, we became the first Ukrainian defense startup to go public on NASDAQ, following a $15M Series A — the largest investment in a Ukrainian defense tech company since the start of the war.

Working at Swarmer means operating at the intersection of engineering rigor and frontline reality. The problems and environments are complex, and the stakes are very real. We built this software to enable democratic nations to defend themselves.

If you are motivated by building resilient systems that matter and by seeing the direct impact of your work, you’ll find purpose here.

What we’re looking for:

We are looking for an experienced Cybersecurity Engineer to join our team. This is primarily an infrastructure-focused engineering role with a strong specialization in security. You will build, harden, and operate the technical foundation that keeps our environment secure across endpoints, servers, network, and cloud.

What you’ll do:

• Maintain hardening and configuration baselines for endpoints and servers (encryption, security policies, benchmarks).
• Deploy and manage endpoint and server protection across the fleet, including security policy enforcement and compliance configuration.
• Administer network security controls (firewalls, VPN, network segmentation, access controls) and monitor traffic for suspicious activity.
• Review infrastructure projects and architecture from a security perspective to ensure secure-by-default configurations.
• Run regular vulnerability scans across endpoints, servers, and cloud, with risk-based prioritization and remediation tracking.
• Enforce identity and access best practices and run periodic access reviews.
• Monitor and analyze security events and logs to detect anomalies and potential threats.
• Detect, investigate, contain, and remediate security incidents, including documenting timelines, root causes, and lessons learned.
• Monitor cloud and SaaS security posture, remediate misconfigurations, and review third-party integrations and access scopes.
• Implement and document technical security controls (runbooks, hardening guides) and support internal and external audits.

What we need:

• 5+ years of hands-on experience in IT infrastructure or cybersecurity engineering with a clear security specialization.
• Hands-on experience administering and hardening Linux, Windows, and macOS systems.
• Experience with endpoint protection and device management platforms.
• Solid understanding of networking fundamentals (TCP/IP, DNS, DHCP, VPN) and practical experience with firewalls and network security controls.
• Hands-on experience with identity and access management/SSO platforms with a security-first approach.
• Experience with vulnerability management tools and security monitoring and incident-response workflows.
• Understanding of common attack types and detection/prevention methods.
• Practical familiarity with recognized security frameworks and standards.
• Analytical mindset with the ability to assess risk and prioritize pragmatically.
• Clear communicator able to explain technical issues to non-technical colleagues.
• English proficiency (documentation, vendors, and external partners).

Would be an advantage:

• Ability to automate security and infrastructure tasks with scripting (Python, Bash, or PowerShell).
• Working knowledge of cloud security controls.
• Security certifications.
• Experience in enterprise or critical-infrastructure environments.

What you’ll get:

• Professional growth through working with cutting-edge defense technologies and exposure to international security best practices.
• A fast-paced environment with minimal bureaucracy and no “process for the sake of process”.
• Competitive salary and a comprehensive benefits package (insurance, paid sick leave, 20 paid days off per year).
• Benefits of the defense sector (e.g., reservation, etc.).
• Flexible remote work options where possible.

How’s the hiring process going:

✔️ Recruiter Screen → ✔️ Technical Interview → ✔️ Skip-Level Interview → ✔️ Security check → ✔️ Offer

Position Name: Information Security Analyst
Reports to: Chief Information Security Officer
Location/Type: Remote (UA Candidates only)

Atlas Technica's mission is to shoulder IT management, user support, and cybersecurity for our clients, who are hedge funds and other investment firms. Founded in 2016, we have grown year over year through our uncompromising focus on service.

We value ownership, execution, growth, intelligence, and camaraderie. We are looking for people who share our Core Values, thrive, and contribute to this environment while putting the customer first. At Atlas Technica, we offer a competitive salary, comprehensive benefits, and great perks to our global Team. We strive to maintain a professional yet friendly environment while promoting professional and career development for our Team Members. Join Atlas Technica now!

We seek a skilled Information Security Analyst to join our rapidly growing organization. This is a highly technical role providing excellent career development opportunities for the successful candidate. You will be work closely with the Chief Information Security Officer (CISO) and various teams to maintain and improve the security posture of Atlas and its clients. As a new position, this role will evolve, providing opportunities for growth and adaptation.

Responsibilities:

Vulnerability Management:

• Review vulnerability reports.
• Research scalable solutions for vulnerability remediation.
• Collaborate with Support/NOC to ensure remediations have minimal impact on clients and facilitate maintenance windows.
• Work with CS/Engineering to script and automate remediations.
• Track progress in ticketing system, including master tickets for multi-client initiatives and sub tickets for individual clients.
• Address vulnerabilities for clients' third-party vulnerability management, including overlap with Cavelo, and apply remedies to other clients.

Risk Management and Due Diligence:

• Provide accurate and timely responses to Due Diligence Questionnaires (DDQs).
• Review and analyze findings from risk assessments and penetration tests for Atlas and clients.
• Address identified vulnerabilities and recommend remediation strategies.
• Participate in Business Impact Analyses and tabletop exercises to enhance organizational resilience.

Industry Benchmark Alignment and Standards Updating:

• Start measuring alignment with Microsoft benchmarks in Intune and work on increasing the score.
• Address vulnerabilities and issues identified in workstation builds, cloud infrastructure configurations, and security configurations.
• Harden systems to enhance security across workstations, cloud infrastructure, and security configurations.

SOC 2 Maintenance and Additional Security Tasks:

• Perform test restores.
• Conduct reviews of our KnowBe4 phishing tests and training.
• Review SIEM logs.
• Assist in addressing cybersecurity incidents.
• Work with NOC and outsourced SOC on remediation runbooks.
• Perform additional tasks as assigned to support the security team and organization

Requirements:

• Strong understanding of cybersecurity principles and practices.
• Experience with vulnerability management and remediation.
• Familiarity with Microsoft Intune and security benchmarks.
• Excellent analytical and problem-solving skills.
• Ability to work collaboratively with cross-functional teams.
• Strong communication skills, both written and verbal.
• Strong ability to work independently
• Experience with security tools (SIEM, IDS/IPS, vulnerability scanners)
• Experience with RMM/SOAR and other automation platforms.
• Experience scripting
• Experience writing runbooks.

Desirable Qualities:

• Experience working in an MSP environment (preferred, but not required)
• Relevant certifications (AZ-500, SC-900, SC-300, CompTIA Security+, etc.)

Overview:

SOFTSWISS continues to expand the team and is looking for a Cyber Security Engineer. We need a true, experienced and accomplished professional who shares our culture and values.
 

Key responsibilities:

• Deploy, configure, and maintain(as L3) endpoint security solutions
• Own the end-to-end vulnerability management process for endpoints
• Develop and enforce endpoint hardening standards
• Collaborate with the SOC and other security teams to correlate endpoint telemetry with network and cloud events for threat detection and response
• Participate in the resolution of endpoint-related security incidents
   

Required Experience:

• 3+ years of hands-on experience in endpoint security engineering, with a focus on Windows and macOS environments
• Deep expertise with modern EDR/XDR – deployment, policy configuration, agent management, and L3-level troubleshooting
• Proven experience with vulnerability management processes end-to-end: asset discovery, prioritization, remediation tracking, and reporting
• Hands-on experience with MDM solutions (Jamf, Intune, or equivalent) – including defining and enforcing security configuration requirements, compliance baselines, and policy rollout
• Strong knowledge of endpoint hardening standards for Windows (CIS Benchmarks, STIG) and macOS (CIS macOS Benchmark, NIST guidelines)
• Experience developing and maintaining hardening baselines, including scripted or policy-driven enforcement at scale
• Ability to formalise security requirements into policies, standards, and control frameworks
• Hands-on participation in incident response for endpoint-related security events: containment, investigation, root cause analysis
• Solid understanding of attacker TTPs (MITRE ATT&CK framework) as applied to endpoint threat scenarios
• Experience in development and automation (Python/Go)
• Structured written and oral communication to ensure clarity
• Upper Intermediate or higher English level
   

Nice to have:

• Experience with threat hunting on endpoint telemetry – proactively identifying anomalies beyond alert-driven workflows
• Familiarity with compliance frameworks relevant to endpoint controls: PCI DSS, ISO 27001, or SOC 2 – particularly mapping hardening standards to control requirements
• Understanding of PKI and certificate management as applied to endpoints (device certificates, mTLS, MDM enrollment)
• Experience with privileged access controls on endpoints – local admin management, PAM integration, or application allowlisting
• Familiarity with DLP solutions and data protection policies at the endpoint level
   

Our Benefits:

• Full-time remote work opportunities and flexible working hours
• Private insurance
• Additional 1 Day Off per calendar year
• Sports program compensation
• Comprehensive Mental Health Programme
• Free online English lessons with a native speaker
• Generous referral program
• Training, internal workshops, and participation in international professional conferences and corporate events.

Our client is an international product-based IT company specializing in the iGaming industry. Born in 2014, they rocked the CIS region and are now taking their success worldwide.

We are currently looking for a Traffic Quality Manager.

📋 Key responsibilities and your contribution:

• Monitor and analyze marketing traffic quality across all acquisition channels.
• Detect, investigate, and prevent fraudulent activities related to affiliate programs, paid traffic, bonus abuse, multi-accounting, incentivized traffic, and other marketing fraud schemes.
• Conduct regular reviews of affiliates, traffic sources, campaigns, and user segments to identify suspicious patterns and anomalies.
• Develop, maintain, and improve anti-fraud rules, segments, and monitoring processes for marketing traffic.
• Collaborate with Marketing, Product, Analytics and Payments teams on fraud prevention initiatives.
• Prepare analytical reports, dashboards, and presentations on traffic quality, fraud trends, and anti-fraud performance.
• Participate in incident investigations and provide recommendations on sanctions, traffic restrictions, and process improvements.
• Define requirements for automation of anti-fraud controls and support the implementation of new anti-fraud solutions.
• Monitor key marketing and anti-fraud KPIs and proactively identify emerging risks.
• Support onboarding and audits of new affiliates, traffic sources, and acquisition channels from an anti-fraud perspective.
• Participate in testing and validation of new fraud detection tools, integrations, and analytical solutions.
• Maintain documentation, procedures, and knowledge base related to marketing anti-fraud processes.

📚 Your qualifications:

• Understanding of key fraud schemes in digital marketing and affiliate marketing.
• Experience analyzing marketing traffic quality and identifying anomalies at the level of campaigns, partners, sources, and individual users.
• Confident use of anti-fraud and analytical tools: SEON, Tableau, BI systems, and other internal services.
• Ability to work with large data sets, build samples, identify patterns, and prepare data-based conclusions.
• Experience participating in investigations of abuse related to marketing mechanics and affiliate programs.
• Ability to prepare requirements for anti-fraud automation and participate in testing new rules, segments, and suspicious activity triggers.
• Skills in preparing regular analytical reports, monitoring key traffic quality metrics, and evaluating the effectiveness of implemented anti-fraud measures.
• Understanding of affiliate marketing principles, CPA/CPL/CPS models, and key marketing metrics.
• Confident user of Microsoft Excel / Google Sheets.

➕ Nice to have:

• Experience with SQL, Tableau, Power BI, or other BI tools.

   

Benefits:

⭐ Time Off & Recovery: 20 working days of fully paid annual leave, fully paid sick leave, and public holidays off according to company policy.

⭐ Health & Wellness: A flexible Benefits cafeteria that allows you to choose the perks that fit you best, with options including medical support, regular check-ups, mental health services, or gym access.

⭐ Education & Development: Internal and external training, industry events, language courses, and professional service subscriptions.

⭐ Workspace & Tech: All necessary corporate equipment provided, the flexibility to work fully remotely, and premium digital tools to enhance performance (e.g., AI tools, ChatGPT Plus).

⭐ Work Environment & Perks: Holiday bonuses, gifts for special occasions, paid business trips, and team events.

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a talented and motivated Junior Pentester who will join our security team to work on penetration testing and vulnerability/cloud security assessment projects.

We expect a short motivation letter where you can explain your skills, achievements and motivation.

Required skills

- Solid non-commercial cybersecurity experience, such as HTB/THM

- Junior-level cybersecurity certifications would be a plus.

- Comfortable with basic application security testing and common vulnerabilities (like OWASP Top 10, CWE Top 25) and cybersecurity fundamentals

- Strong basic IT skills: Linux, networking (TCP/IP, DNS, HTTP etc.)

- Some experience in scripting/coding languages, such as Java, JS, Python, Shell, etc.

- Strong drive to learn and develop cybersecurity skills

- Technical English (Intermediate)

We offer

- Good salary + bonus system

- Rewarding environment: brilliant team ready to share knowledge and collaborate

- Support in obtaining professional certifications, such as BSCP, OSCP, eWPTX, cloud certifications, etc.

- Courses and conferences which are relevant to the position are sponsored by the company.

- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Execute penetration tests and security assessments as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more

- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps

- Conduct security research

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a Middle/Senior Security Consultant / Penetration tester to work on and lead penetration testing and vulnerability/cloud security assessment projects.

In this role, you will work on technically challenging projects and also spend some time leading/mentoring our junior pentesting colleagues.

Required skills

- 1.5+ years of intensive commercial experience

- OSCP, eWPTx2 or similar would be a plus

- Scripting/coding skills and being comfortable with advanced pentesting tooling

- Strong knowledge of mobile/web security

- Comfortable with cloud and container security

- Basic RE skills

- Ability to mentor/lead colleagues

- Strong ability and drive to learn and develop cybersecurity skills

- Technical English (Intermediate+)

We offer

- Good salary + bonus system

- Diverse project portfolio and technologies to work with

- Rewarding environment: brilliant team ready to share knowledge and collaborate

- Courses and conferences which are relevant to the position are sponsored by the company.

- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Participate in various pentesting projects

- Lead junior colleagues

- Perform threat modeling in pentesting and security assessment projects

- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps

- Consult clients on efficient issues remediation

- Conduct security researches

- Develop tools and scripts to automate and improve current pentesting processes

About the Client

Our client is a neocloud building purpose-built GPU infrastructure for AI workloads. We operate large-scale clusters powering training and inference for some of the most demanding AI customers in the market, and we’re rapidly expanding. Our infrastructure runs on NVIDIA and AMD accelerators, InfiniBand and high-speed Ethernet fabrics, and a production stack spanning bare-metal provisioning, Kubernetes, and OpenStack.

We’re small, senior, and moving fast. The people who do well here own problems end-to-end and make decisions with incomplete information.
 

The role

Security is a core part of who we are and how we operate. We’re hiring a Senior Production Security Engineer to help strengthen and scale our security capabilities.

This is not a compliance-focused role, and it is not purely advisory. We are looking for a hands-on senior engineer who can identify high-risk gaps and opportunities, partner with engineering and leadership teams to design effective solutions, and implement those solutions through code, automation, and tooling. In addition to security-focused initiatives, this person will contribute meaningfully to broader infrastructure, platform, and production engineering efforts.
Beyond the technical responsibilities, this role plays a key part in fostering a security-first engineering culture. You will advocate for best practices, educate teams, and help raise the security bar across the organization. This is an opportunity to shape the future of our security function and become a foundational leader as it continues to grow.
 

What this role is, and is not

This role is:

• A senior engineer who drives the core of a security focus.
• A self-directed practitioner who identifies security weaknesses, opportunities to level up, prioritizes them, and builds a credible roadmap.
• A cross-functional partner who works with infrastructure, platform, cloud, and leadership to recommend action and architect solutions.
• A builder who implements solutions in software, tooling, and infrastructure, not just slides and policies.
• A reviewer and advisor who partners with developers and teams on proposed projects from a security perspective.
• A versatile contributor who still gets meaningful work done in other engineering domains.

This role is not:

• A regulatory or legal compliance role. Compliance evidence will be a byproduct of good engineering, not the job itself.
• An audit-and-recommend-only role. We need someone who builds what they recommend.
   

What you’ll work on

The scope below outlines where this role will harden, automate, and validate Client’s security posture across our infrastructure, platform and customer facing surfaces.  We expect the person in this role to refine priorities based on what they learn in their first weeks.
 

Internal tools, services, and applications that harden our security posture

• Proper network segmentation best practices across tenants, management, and customer planes.
• SSH and system access management architecture
• Multi-tier secret storage for both internal users and customers.
• User account management and lifecycle policy for core systems (joiners, movers, leavers done right).
• Secret rotation pathways for core internal systems, automated, auditable, and not reliant on tribal memory.
• x509 certificate issuing architecture, an internal PKI we can actually operate and rotate.
   

Security-focused monitoring, alerting, and auditing

• Multi-redundancy Vault admin logging.
• GCP access and action logging with real retention and alerting.
• Automatic alerting and reporting from log aggregation pipelines.
• Network traffic analysis and reporting, feeding off our existing fabric telemetry.
• Security-focused dashboards that are actually used, not just built.
   

Customer-facing secret and identity management

As our cloud offering matures, this role helps define the customer-side story:

• KMS architecture and options.
• Encryption strategy, at rest, in transit, and tenant-scoped.
• Security reporting surfaces for customers.
• Customer login, identity, and account management for the cloud platform.
   

Review of what we already have

• Own and drive third-party penetration tests and red team engagements.
• Lead a full design and architecture review of our current stack and document the risk landscape.
• Translate findings into a prioritized, resourced remediation plan.
   

Clear policies and partnerships around third-party code

• Own the liability model, or make the deliberate decision to pay someone else to.
• Processes and tooling for third-party software review, and dependency risk.
• A “happy path” for engineers, the easy, supported way to pull in third-party code safely.
   

What we’re looking for

Required

• 7+ years of hands-on engineering experience, with a substantial portion focused on security in production environments.
• Demonstrated experience designing and operating in multi-tenant, tenant-isolated environments, cloud, neocloud, hosting, or regulated enterprise.
• Deep, practical familiarity with secrets management (HashiCorp Vault or equivalent), PKI, and identity systems (Okta, Google Workspace, or similar).
• Strong Linux and OS fundamentals, you understand what is actually happening on the box, not just what the tool reports.
• Working fluency in networking and network security: firewalls, segmentation, VPN, BGP at a conceptual level, and modern L3/L4 controls.
• Experience with at least one of: Kubernetes security (admission control, network policy, workload identity), cloud IAM at depth (GCP, AWS, or Azure), or infrastructure-as-code security review.
• CI/CD automation design and implementation experience, enough to build the paved road yourself when needed.
• Experience driving or responding to a third-party audit, penetration test, or customer-led security review.

• Clear, direct written communication, much of our team and work is async.

   

Strongly preferred

• Experience being the first or one of the first dedicated security hires at a company, and building a function from there.
• Experience in GPU cluster, HPC, or AI infrastructure environments.
• Familiarity with InfiniBand, RoCE, or other high-performance fabrics from a security and segmentation perspective.
• Experience with SOC 2, ISO 27001, HIPAA, or similar frameworks, enough to know what auditors actually care about, without being a compliance specialist.
• Experience supporting sensitive customer workloads (regulated industries, government, frontier AI labs).

How we work

• We’re remote-first across US, LATAM, and EU time zones.
• We write things down, decisions, architecture, runbooks, post-mortems, threat models.
• We use AI tooling heavily in day-to-day operations and expect everyone on the team to be fluent with it and to help us get more leverage from it.
• We ship, we debug, we iterate. We don’t process-engineer our way around problems that need to be solved.

AI as a force multiplier

We’re making a deliberate bet that AI changes the shape of infrastructure and security teams. Our plan is to scale Client's platform faster than we scale headcount, using coding agents to write and refactor automation, AI-assisted testing and validation to harden our changes, and LLM-driven tooling to compress the work of investigation, documentation, and operational review. We’re already doing this in production: Claude Code for SRE operations, MCP servers exposing Jira, NetBox, and Checkmk, and an active effort to turn tribal infrastructure knowledge into AI-consumable formats.

For security specifically, we want someone who is excited about this, not someone who tolerates AI tooling because it’s in the JD. That means:

• Using AI-assisted workflows as the default for tasks like log review, config audit, threat modeling support, and policy drafting.
• Identifying where agents can own meaningful slices of security work, triaging alerts, drafting RCAs, generating and validating hardening configurations, reviewing pull requests for security-relevant changes.
• Building the substrate the team needs to make AI actually useful, good documentation, clear schemas, MCP integrations, and structured knowledge about our environment.
• Being honest about where AI is adding value and where it isn’t, with the team and with leadership.

If your reaction to this is “finally, a team that’s serious about this,” we should talk.

What success looks like

First 30 days: You’ve built working relationships with the infrastructure, platform, network, and cloud teams, shadowed enough of our production environment to understand where real risk sits, and produced a draft of our top security issues ranked by impact and effort.

First 90 days: You own a credible, prioritized security risk register that leadership and engineering actually use in planning. You’ve made at least one meaningful architectural call, on access, secrets, or identity, that the team agrees was the right one. Shared admin-scoped SSH keys and shared or weak passwords on critical systems have a concrete plan and timeline to be eliminated.

First 12 months: A functioning internal PKI and secret rotation story is in place for core systems. Security-relevant logging, alerting, and dashboards cover our highest-value systems with an on-call path that works. A third-party penetration test has been executed and findings have a remediation plan with owners and dates. Engineering teams have a clear, low-friction path for third-party code and for new service design reviews. You and leadership have a shared point of view on what the next hire into the security function looks like, and whether this becomes a team, a CSO search, or both.

Benefits:

• Unlimited Paid Time Off (PTO)
• Zero-cost employer-covered health insurance
• Company-funded 401k contributions
• Transparent, candid culture with 1:1 coaching, performance reviews, and a consistent feedback loop
• Diverse, respectful, high-performing coworkers you’ll want to achieve greatness with!  

We’re seeking motivated, sharp-minded professionals to join our team as a Cyber Security Analyst/Researcher. In this role, you’ll collaborate directly with clients, examine traffic patterns, and play a key part in identifying and neutralizing harmful bots and online threats.

Why join us? If you’re passionate about cybersecurity and eager to make the internet a safer place, this is your chance to make a meaningful contribution.

Customer

Our customer is a global provider of comprehensive security solutions, protecting individuals, organizations, and communities from a wide range of risks, particularly in the digital space. Their enterprise-focused products specialize in bot defense and invalid traffic detection, helping clients safeguard critical systems and maintain operational integrity.

Project

The project focuses on real-time threat detection and bot mitigation for enterprise-scale clients. Cyber Security Analyst collaborates directly with customers, leveraging advanced analytics platforms to identify malicious traffic patterns and neutralize online threats. This dynamic environment requires both technical expertise and strong communication skills.

Requirements

• At least 4 years of experience in data analysis in cybersecurity or fraud detection domains, including experience with logs and dashboards
• Strong SQL skills: complex queries, aggregations, GROUP BY, ORDER BY, filters, window functions (e.g., RANK()), CTEs, and subqueries
• Technical understanding of web technologies and client–server architecture (APIs, HTTP, basic HTML/JavaScript)
• Experience with SIEM systems (experience with the Elastic Stack would be an advantage)
• Strong troubleshooting and problem-solving skills
• Experience in customer support, including direct communication with clients; professionalism and politeness are essential
• Strong English communication skills

Would be a plus 

• Experience in a Cybersecurity Analyst/Researcher role, ideally supporting external customers in threat detection and response
• Experience in web security and security research: web application security, bot management, fraud detection
• Experience with research methodologies (hypothesis testing, verification and research plan)
• Python and JavaScript knowledge
• Experience with BigQuery/Snowflake
• Proficiency in building dashboards using BI tools (Snowflake, Looker, Kibana, JSM)

Personal Profile

• High level of responsibility and ownership
• Ability to work independently with minimal supervision
• Analytical mindset with a data-driven approach to decision-making
• Genuine interest in data, cybersecurity, and delivering high-quality customer service

• Proactive communicator who keeps stakeholders informed without being prompted

   

  Responsibilities

• Investigate advanced and persistent attacks using data analysis and data science tools
• Analyze customers’ web traffic to detect unidentified threats and reduce false positives using Elasticsearch and BigQuery
• Research, design, and continuously enhance detection mechanisms to stay ahead of evolving threats
• Provide real-time technical support to global customers, delivering professional and timely incident responses
• Produce clear, insightful incident reports
• Collaborate cross-functionally with R&D and Research teams to optimize the company’s detection and mitigation capabilities
• Design, plan, and implement internal automation projects to improve team efficiency
• Work in a shift-based schedule, including weekends

We’re seeking motivated, sharp-minded professionals to join our team as a Cyber Security Analyst/Researcher. In this role, you’ll collaborate directly with clients, examine traffic patterns, and play a key part in identifying and neutralizing harmful bots and online threats.

Customer

Our customer is a global provider of comprehensive security solutions, protecting individuals, organizations, and communities from a wide range of risks, particularly in the digital space. Their enterprise-focused products specialize in bot defense and invalid traffic detection, helping clients safeguard critical systems and maintain operational integrity.

Project

The project focuses on real-time threat detection and bot mitigation for enterprise-scale clients. Cyber Security Analystes collaborate directly with customers, leveraging advanced analytics platforms to identify malicious traffic patterns and neutralize online threats. This dynamic environment requires both technical expertise and strong communication skills.

Requirements

• At least 4 years of experience in data analysis in cybersecurity or fraud detection domains, including experience with logs and dashboards
• Strong SQL skills: complex queries, aggregations, GROUP BY, ORDER BY, filters, window functions (e.g., RANK()), CTEs, and subqueries
• Technical understanding of web technologies and client–server architecture (APIs, HTTP, basic HTML/JavaScript)
• Experience with SIEM systems (experience with the Elastic Stack would be an advantage)
• Strong troubleshooting and problem-solving skills
• Experience in customer support, including direct communication with clients; professionalism and politeness are essential
• Strong English communication skills

Would be a plus

• Experience in a Cybersecurity Analyst/Researcher role, ideally supporting external customers in threat detection and response
• Experience in web security and security research: web application security, bot management, fraud detection
• Experience with research methodologies (hypothesis testing, verification and research plan)
• Python and JavaScript knowledge
• Experience with BigQuery/Snowflake
• Proficiency in building dashboards using BI tools (Snowflake, Looker, Kibana, JSM)

Personal Profile

• High level of responsibility and ownership
• Ability to work independently with minimal supervision
• Analytical mindset with a data-driven approach to decision-making
• Genuine interest in data, cybersecurity, and delivering high-quality customer service
• Proactive communicator who keeps stakeholders informed without being prompted

Responsibilities

• Investigate advanced and persistent attacks using data analysis and data science tools
• Analyze customers’ web traffic to detect unidentified threats and reduce false positives using Elasticsearch and BigQuery
• Research, design, and continuously enhance detection mechanisms to stay ahead of evolving threats
• Provide real-time technical support to global customers, delivering professional and timely incident responses
• Produce clear, insightful incident reports
• Collaborate cross-functionally with R&D and Research teams to optimize the company’s detection and mitigation capabilities
• Design, plan, and implement internal automation projects to improve team efficiency
• Work in a shift-based schedule, including weekends

As this position is for a US-based client, please pay close attention to the working schedule: If you are located in Ukraine (GMT+3), the possible working hours are 7:00 PM – 4:00 AM or 1:00 AM – 10:00 AM. 

Hiring process: 

• Stage 0: Recruitment pre-screen (30 minutes)
• Stage 1: Technical interview (1.5 hours)
• Stage 2: Test task
• Stage 3: Technical client interview (1 hour)
• Stage 4: Second technical client interview (1 hour)
• Stage 5: Soft skills interview on the client side (30 minutes)
• Stage 6: Final interview (optional)

We are looking for an endpoint/workstation support engineer to support multiple mixed MacOS/Windows/Lin remote working environments. You should maintain a high level of user satisfaction, as well as properly document your work.

Your primary tasks will include:

* Enduser remote support for agents installation

* AV alerts investigation

* Ensuring security compliance policies are in place (e.g. full disk encryption, firewall)

* Implementing updates on agent installation packages whenever new version arrives

* Testing of Windows/Win/Lin endpoint agent updates

The candidate should have a proof records of successful projects in the following areas:

* support of AV/EDR/VPN and other security agents on multiple platforms

* Intune MDM

* Apple Business Manager

* Windows, MacOS and Linux endpoint support

* Basic Unix shell and Powershell scripting

* MS Graph API and other REST API basic experience

* Windows and MacOS troubleshooting with the aid of Sysinternals tools and different set of MacOS tools (netstat, lsof, vmstat, top, dtruss, etc.)

* Fluent English

* Teamwork and problem solving mind

* Compliance framework basic awareness (ISO27001/PCI-DSS/HIPAA etc.)

* ITIL and IT service basic awareness and ability to write end-user documentation/procedures/instructions

A big plus if have all or any of the following:

* Microsoft Intune certification or other Microsoft Security/Endpoint certificationi

* Any AV vendor certification

* Any security related certification (e.g. ISO27001LA, CISSP, CISA)

RedCore is an international business group that creates technological solutions for digital markets. Our products and services cover fintech, marketing, e-commerce, customer service, communications, and regulatory technologies.

We are looking for an Access Manager to join our team!

 Requirements:

- Basic understanding of access control principles (RBAC, least privilege).
- Understanding of user access lifecycle (onboarding, role changes, offboarding).
- Ability to process and review access requests under supervision.
- Attention to detail and accuracy in documentation.
- Basic knowledge of IAM tools or readiness to learn them quickly.
- Understanding of security and compliance basics.
- Good communication skills and teamwork.governance, audit processes, and least privilege principles.

Responsibilities:
- Management of employee accounts in corporate systems: creation, management of access levels, blocking;
- Processing requests for end users related to accounts;
- Creation of roles and granting access;
- Keeping track of issued access.

Our benefits to you:
☘️An exciting and challenging job in a fast-growing business group, the opportunity to be part of a multicultural team of top professionals in Development, Architecture, Management, Operations, Marketing, Legal, Finance and more

🤝🏻Great working atmosphere with passionate experts and leaders, sharing a friendly culture and a success-driven mindset is guaranteed

🧑🏻‍💻Modern corporate equipment based on macOS or Windows and additional equipment are provided

🏖Paid vacations, sick leave, personal events days, days off

💵Referral program — enjoy cooperation with your colleagues and get the bonus

📚Educational programs: regular internal training sessions, compensation for external education, attendance of specialized global conferences

🎯Rewards program for mentoring and coaching colleagues

🗣Free internal English courses

✈️In-house Travel Service

🦄Multiple internal activities: online platform for employees with quests, gamification, presents and news, clubs for movie / book / pets lovers and more

🎳Other benefits could be added based on your location