Jobs

We’re looking for a sharp, business-oriented expert to lead Information Security, IT Systems, and Automation initiatives across the company — someone who balances strategic thinking with hands-on execution and turns complexity into secure, scalable, and streamlined solutions that truly serve business goals.

You don’t just manage systems — you align systems with business needs.

You don’t just run security — you see and mitigate risks before they become problems..

You don’t just automate — you transform.

If you thrive in complexity, love solving meaningful problems, and think like an expert partner (not just a task executor) — this role is for you.

Requirements:
 

- Ability to analyze complex security issues and deliver effective, practical solutions.

- Deep knowledge of information security principles, standards, network protection, encryption, and secure coding practices.

- Proficiency in conducting risk assessments, vulnerability assessments, and penetration testing.

- Experience managing or working with Ops, DevOps, Jira, Helpdesk, and Development teams.

- Competence in managing IT audits, performance evaluations, and cost-efficient planning.

- Solid background in IT architecture design, systems integration (ERP, CRM, HRM, project management tools), and optimization.

- Ability to lead complex IT projects and large-scale system migrations.

- Track record of engaging external experts to enhance delivery where required.
- English - Upper-Intermediate level.

Personal qualities:
 

- Strong project and team management skills, with the ability to lead cross-functional teams and delegate effectively while staying hands-on when needed.

- Accountable and self-driven — you follow through without reminders.

- Solution-oriented - you bring problems with proposed solutions.

- Open to feedback, adaptable to change, and persistent when you believe in the idea.

- Fast and responsive - you act quickly, avoid overcomplicating, while thinking long-term.

- Data- and result-driven — you base decisions on facts and aim for real outcomes. 

- Customer-focused – with a strong understanding of service mindset and what it means to create value for clients.

- Strong communicator — you align, clarify, and solve across all levels.

- High standards — you raise the bar, not settle for “good enough.”

- Able to prioritize what truly creates value for the business.

Responsibilities:

Information Security & Risk Management:

- Develop and implement security policies, standards, and procedures.

- Manage access control and protect internal systems.

- Conduct risk assessments and monitor security threats.

- Respond to incidents and mitigate vulnerabilities.

- Educate employees on security best practices.
 

IT Systems & Infrastructure

- Maintain an optimized, scalable, and secure architecture, aligned with business priorities.

- Ensure system integration, data integrity, and interoperability across core platforms (CRM, ERP, HRM, etc.).

- Oversee technical operations teams to ensure efficient and secure operations.

- Drive automation and process improvements.
 

Automation & AI Initiatives

- Identify and implement high-impact automation and AI opportunities.

- Ensure effective integration of AI tools into business processes.

- Measure effectiveness and business impact of implemented solutions.

- Coordinate cross-functional automation initiatives and promote knowledge-sharing.

- Involve external expertise to strengthen outcomes where needed.

What we offer:

- Flexible schedule. You can work remotely or from our comfortable offices. The workday starts from 8:00 to 11:00;

- Time Offs Loyalty System - 28 Business Days of Paid Time Off per year (after 3 months of cooperation);

- We care about your health. We guarantee that we will cover your medical insurance once your probation period is over. And once a year, we organize a flu shot;

- Mental Health webinars where we discuss psychological topics.

- Professional Growth and Development Personal Development Plan, internal educational activities, reimbursement of external educational activities, including the ones abroad.

- English Courses and Speaking Clubs;

- Corporate currency - Boosta coins and spend them on extra day-offs or our branded products (from T-shirts to AirPods).

What stages do we have:

• 1st stage: pre-screen with recruiter;

• 2nd stage: interview with hiring manager;

• 3nd stage: test task 

• 4nd stage: bar-raising
• 5th stage: referrals and offer.

Apply now and become a Head of IT Operations & Security!

Company: Developer of a B2C trading platform

Company size: 150+ employees and growing

Work format: remote

Reporting to: CEO, close collaboration with CTO

Why is this role exciting?

This is a unique opportunity to build the security function from the ground up in a fast-growing tech company. You’ll be working in a young and friendly team, tackling real security challenges rather than focusing on compliance and certification. The company values practical and efficient security that brings real benefits to the business.

The role offers plenty of interesting challenges, room for professional growth, and the opportunity to set up the security function as needed. If you’re passionate about hands-on security, solving real-world security problems, and making an impact, this role is for you!

Responsibilities:

• Building a corporate information and cybersecurity system from scratch, aligning with business strategy and leadership expectations
• Identify security risks in business processes, evaluate, and prioritise mitigation controls
• Executethe cybersecurity roadmap with alignment to the emerging threats
• Implementing and managing access control (SSO, MFA, RBAC)
• Developing and enforcing information security policies for personal data protection (PII), information, and access management procedures
• Establishing vulnerability management processes
• Control network and application security resilience against attacks (DDoS, takeovers, injections, etc.),
• Developing and implementing workstation security with Mobile Device Management (MDM) policies and XDR tools
• Collaborating with IT and development teams on the platform’s security architecture, customer security aspects in products, and enabling DevSecOps
• Lead the security incident management process, orchestration, and control execution

• Conducting security training and fostering a strong security culture

   

Requirements:

• 5+ years of experience in information security
• Strong knowledge in security frameworks such as ISO27000, NIST, SOC, CSI or similar
• Practical understanding of IAM, PII protection built into the operational process of the company
• Experience in setting up vulnerability and patch management processes
• Familiarity with security threats and mitigation practices for DDoS, brute forces, injections, etc.
• Experience in mobile security, anti-virus tools, and BYOD policies
• Understanding of DevSecOps and the secure software development concept
• Ability to design security processes from scratch and their adoption
• Practical knowledge of cryptocurrencies and the risks associated with crypto
• Excellent communication and reporting skills
• Agility in risk management

Nice to have:

• Experience in fintech companies or trading platforms
• Experience in implementing SOC, DLP, and SIEM
• Knowledge of compliance frameworks (GDPR, PCI DSS)

We offer flexibility in discussing terms, building a team, and providing the necessary resources to create a strong, practical security system that truly benefits the business.

Join our team as an Information Security Manager, where you will play a crucial role in ensuring the safety and integrity of our clients’ digital assets.

Responsibilities:

• Implement security measures in alignment with industry frameworks.
• Conduct security assessments for client projects using established methodologies and provide actionable recommendations.
• Collaborate with development teams to identify risks and implement the most efficient security solutions.
• Promote security services by engaging with clients and presenting solutions.

Requirements:

• 3+ years of experience with security frameworks such as ISO 27001, SOC 2, or NIST CSF.
• Knowledge of cloud security, with practical experience, is a plus.
• Understanding of Secure SDLC and software security architecture is a plus.
• Ability to engage clients and provide expert security consulting.
• A structured approach to work and clear documentation skills.
• Ability to automate tasks using any programming language and AI tools.
• Upper-Intermediate English or higher.

Our benefits:

GROWTH & EDUCATION

• Individual development plan.
• Mentoring program.
• Evaluation process.
• Professional education.
• Covering the cost of professional certifications.
• Corporate library.
• English classes.

COMMUNITY

• Technological community.
• Volunteering & Charity.
• Yalantis events.
• Yalantis Education.
• Project team building activities.

WELLBEING

• Medical insurance, health check-ups, and compensation for sports activities are up to you.
• Vacation & Days Off.
• Mental health support program.
• Public holidays.
• Financial and legal support for private entrepreneurs.

WORK ENVIRONMENT

• Cozy offices (Dnipro, Kyiv, Warsaw).
• Corporate Top-notch equipment and quality tools.
• Flexible format of work.
• Eco & Pet-friendly space.
• Fun activities in offices.
• Y-bucks & Yalantis store.

Please note that feedback with the results of the CV review will be provided only in the event of a decision to consider your candidacy further.
Otherwise, your data will be retained in the company’s CV database, and we will gladly contact you if a suitable vacancy becomes available. The consideration period is 7 working days.

Ajax Systems — це міжнародна технологічна компанія, найбільший в Європі розробник і виробник систем безпеки Ajax із можливостями розумного дому. Це ціла екосистема зі 180 пристроїв, мобільних і десктопних застосунків, серверної інфраструктури. Кожного року ми демонструємо кратне зростання як у чисельності команди, так і в кількості користувачів у всьому світі. Наразі в компанії більше 4 100 працівників. А датчики Ajax охороняють 3,5 млн користувачів у більш ніж 187 країнах світу.

Ajax Systems має виробництво повного циклу: від генерації ідей та створення прототипів до масового виробництва та продажу по всьому світу. Кожен департамент закриває певну операційну потребу бізнесу в повній мірі. Фахівці компанії залучені на всіх етапах: від виробничої лінії в Україні до логістичного центру в Польщі, звідки продукцію відправляють дистрибʼюторам по всьому світу.

Ми наразі шукаємо досвідченого лідера в сфері кібербезпеки, який буде управляти командою фахівців, допоможе нам будувати та вдосконалювати захист наших систем, даних і користувачів. Якщо ви маєте стратегічне бачення безпеки, розумієте актуальні загрози та готові впроваджувати найкращі практики кіберзахисту — будемо раді бачити вас у нашій команді!

Вимоги: 

Досвід роботи у сфері кібербезпеки від 5 років, з яких щонайменше 2 роки на керівних або лідерських позиціях.

Досвід управління командою спеціалістів з інформаційної безпеки.

Глибоке розуміння концепцій управління ризиками інформаційної безпеки.

Практичний досвід у впровадженні заходів з кібербезпеки, зокрема у великих підприємствах.

Знання та впровадження міжнародних стандартів інформаційної безпеки (ISO 27001, NIST, SOC 2, GDPR, PCI DSS).

Досвід участі в аудитах інформаційної безпеки, включаючи підготовку до сертифікації.

Впровадження та управління інцидентами безпеки (SIEM, SOAR, EDR, SOC).

Досвід роботи з хмарними платформами (AWS, Azure, Google Cloud) та їхніми засобами безпеки.

Очікування щодо технічних навичок: 

Глибоке розуміння роботи мережевих протоколів, криптографії, архітектури інформаційної безпеки.
Знання та досвід роботи з (щонайменше 1 інструмент із будь-якої категорії):

Firewall: Cisco ASA, Palo Alto Networks, Check Point, Fortinet.

MDM: Microsoft Intune, Jamf Pro, Kandji, VMware Workspace ONE, ManageEngine Endpoint Central.

SIEM: Splunk, IBM QRadar, ArcSight.

IDS/IPS: Snort, Suricata, Cisco Firepower.

DLP: Symantec DLP, McAfee DLP, Digital Guardian.

XDR/EDR: Crowdstrike Falcon, Carbon Black, SentinelOne.

PUM/PAM: CyberArk, BeyondTrust, Thycotic.

Досвід впровадження засобів захисту кінцевих пристроїв, контролю доступу, шифрування даних.
Навички проведення тестувань на проникнення та аналізу вразливостей

Завдання: 

Розробка та впровадження стратегії кібербезпеки відповідно до бізнес-цілей компанії.

Управління командою безпеки, розподіл завдань та контроль їх виконання.

Визначення та впровадження політик і процедур інформаційної безпеки.

Оцінка ризиків кібербезпеки та розробка заходів щодо їх мінімізації.

Контроль за впровадженням та оновленням систем кібербезпеки.

Організація та керування інцидентами безпеки, реагування на загрози та усунення наслідків атак.

Проведення навчання та підвищення обізнаності персоналу щодо кібербезпеки.

Співпраця з внутрішніми та зовнішніми аудиторами, підготовка до сертифікацій та перевірок.

Впровадження SIEM, SOC, інтеграція систем моніторингу загроз.

Участь у форензік розслідуваннях та аналіз інцидентів безпеки.

Ми пропонуємо: 

Роботу в комфортабельному офісі UNIT.City (Київ) або Варшава. Офіс облаштований генератором та бомбосховищем.

Офіційне працевлаштування зі стабільною оплатою та всіма гарантіями Дія.City резидента.

Гнучкий графік без прив’язки до робочих годин.

Заняття англійською.

Медичне страхування.

Драйвову команду та zero bullshit culture.

• Responsibilities:
  Establish and lead the anti-fraud department, including recruiting, training, and managing a team of fraud analysts.
• Develop and implement robust processes for reviewing player activity before payouts, ensuring compliance with established rules and policies.
• Set up and optimize tools and systems to detect, analyze, and prevent fraudulent activity.
• Collaborate with payment, compliance, and support teams to handle escalated cases and improve overall operational security.
• Monitor player behavior and trends to identify potential fraud patterns and adjust preventive measures accordingly.
• Define and track key performance indicators (KPIs) for the department to ensure efficiency and effectiveness.
• Conduct regular audits and reviews of processes to identify areas for improvement and implement best practices.
• Stay updated on industry trends, fraud tactics, and technological advancements to continuously enhance the department’s capabilities.
• Provide regular reports on department performance, fraud incidents, and implemented solutions to stakeholders.
• Establish and enforce clear rules and guidelines for payout approvals to minimize fraud risks.
   

Required Skills:

• Proven experience in building and managing anti-fraud teams, preferably in the iGaming.
• Deep understanding of fraud prevention tools, systems, and best practices.
• Analytical mindset with expertise in data analysis and pattern recognition to identify fraudulent activities.
• Experience in implementing anti-fraud measures tailored to payouts and player activity reviews.
• Knowledge of U.S. regulations and compliance requirements is an advantage.
  
  What We Offer:
• The opportunity to build a department from the ground up and shape its future.
• A collaborative and innovative work environment focused on growth and success.
• Competitive salary.

• The chance to make a significant impact on a high-profile project in a key market.

  
  
  
   

Samsung R&D Institute Ukraine is looking for a passionate and collaborative WEB Security Assessment engineer to join our team.

You will be involved in preventive security review and penetration testing of our online solutions in use by hundreds of millions of users worldwide.

If you love working directly on consumer-facing products we are glad to meet you at our team of professionals in Samsung R&D Institute Ukraine.

More specifically you will:

- perform vulnerability assessments of Samsung online services

- make blackbox penetration testing of production WEB services and server infrastructure

- make blackbox/greybox security validation of cloud infrastructure

- make blackbox penetration testing of enterprise IT infrastructure

- engage in emerging threats research: new attack methods, threat modelling, security bug hunting

Major Requirements:

- BlackBox and WhiteBox WEB pen.testing and vulnerability assessment experience

- BlackBox pen.test experience of cloud infrastructures and services

- OWASP Top-10: understanding of common Web Application vulnerabilities

- DB: understanding of database operation (pref. PostgreSQL, MongoDB, MySQL, SQLite, MS SQL)

- technical English (strong reporting skills, ability to communicate with colleagues worldwide)

Optional Requirements:

- security background (relevant University education, relevant prior employment, community activities, CTF participation)

- cryptography: understanding of crypto primitives and protocols (SSL/TLS, authentication & authorization protocols, crypto algs.)

- strong understanding of REST, SOAP operation

- pen.test experience of solutions hosted on popular cloud platforms (Alibaba, GCP, Azure, AWS)

- toolset: hands-on experience with Burp, scripting (Python), assessment automation tools (fuzz, scan)

- network security: understanding of WAF, CDN, IPS/IDS operation and weaknesses

- understanding of Devices-to-Cloud Services assessment principles

- understanding of OSINT tools and techniques

Working Conditions:

- official employment - GIG contract

- remote work is possible as well as work in Kyiv office

Benefits:

- competitive salary, annual salary review, annual bonuses

- paid 28 work days of annual vacations and sick leaves

- opportunity to become an inventor of international patents with paid bonuses

- medical & life insurance for employees and their children

- paid lunches

- discounts to Samsung products, services

- regular education and self-development on internal courses and seminars

- hybrid work format, working in office is required for some tasks

Vulnerability assessment and penetration testing of various Linux OS security components and mechanisms:

- vulnerability assessment of Samsung mobile security software: security source code review (white box) and binary analysis (black box)

- secure SDLC process support (including requirements, design security review)

- emerging threats research: new attack methods, (un)known security issues risks

Major Requirements:

- 2+ years of hands-on experience with white and black box software penetration testing and vulnerability assessment

- understanding of typical software security issues (memory corruptions, various injections, arithmetic overflows, etc.) and how to protect against them

- good experience with C/C++, scripting languages, assembly (Arm preferred)

- ability to document and describe discovered security issues

Optional Requirements:

- exploitation experience

- understanding of Linux security architecture and design flaws exploitation (privilege escalation, MAC/DAC Passover oth.).

- Rust language knowledge

- tools: experience with fuzzers, disassemblers, debuggers, assessment automation tools

- cryptography: exploitation experience (weak keys, bruteforce, weak crypto, etc.)

- experience with assessing protected solutions (obfuscated / packed code)

Working Conditions:

- official employment - GIG contract

- remote work is possible as well as work in Kyiv office

Benefits:

- competitive salary, annual salary review, annual bonuses

- paid 28 work days of annual vacations and sick leaves

- opportunity to become an inventor of international patents with paid bonuses

- medical & life insurance for employees and their children

- paid lunches

- discounts to Samsung products, services

- regular education and self-development on internal courses and seminars

- hybrid work format, working in office is required for some tasks

Вимоги до кандидатів:

• Вища технічна освіта або закінчення спеціалізованих курсів у сфері ІБ
• Досвід роботи від 3 років в галузі забезпечення інформаційної безпеки
• Практичний досвід (проектування/впровадження) Industrial Cyber Security Solutions
• Знання інструментів і технологій IT-безпеки, включаючи SIEM, VPN, Firewall та протоколи шифрування
• Глибоке розуміння фреймворків та стандартів безпеки (ISO 27001, NIST, COBIT, CIT)
• Навички роботи з антивірусами, DLP, IDM, FIM та PAM, IPS/IDS рішеннями
• Досвід управління ресурсами СУІБ (asset management) та MDM системами

Сертифікації (будуть перевагою): CISSP, CISA, CISM, CEH, CHFI.

Ключові завдання посади:

• Створення і впровадження стандартів безпеки для захисту конфіденційних даних компанії та клієнтів
• Впровадження та адміністрування систем інформаційної безпеки (SIEM, IDS/IPS, DLP, MDM, аналітика логів напр - Wazuh, Surikata)
• Управління кіберризиками. Пошук, виявлення та обробка вразливостей інформаційних ресурсів
• Впровадження сучасних криптографічних рішень і протоколів шифрування для захисту даних 
• Організація регулярних Pentest периметра
• Створення політики IT-безпеки
• Навчання персоналу основам інформаційної безпеки

Requirements:

• Bachelor's or Master's degree in Computer Science, Electrical Engineering, Information Systems, or a related field.
• 8+ years of development experience focused on identity and access management systems.
• Hands-on experience with programming languages and automation tools (C#, .NET, Ansible, Python, Java, Go, Node.js, Terraform, Docker, etc.).
• Experience with Active Directory or similar systems.
• Experience integrating with Microsoft Active Directory or comparable third-party systems.
• Development experience in hybrid cloud environments.
• Strong cross-functional communication skills for technical and non-technical audiences.
• Experience working with multiple vendors in the identity and access management ecosystem.

Nice-to-Have:

• Familiarity with cloud security best practices and certificate infrastructure.
• Experience with container orchestration and microservices architectures.
• Knowledge of Single Sign-On (SSO), multi-factor authentication, and identity federation.
• Experience with continuous integration/continuous deployment (CI/CD) pipelines.
• Exposure to agile development methodologies and DevOps practices.

Key Responsibilities:

• Integrate identity data from corporate systems and enforce roles and policies to control access to critical resources.
• Implement features such as JIT, JML, PIM, PAM, and RBAC.
• Collaborate with security, compliance, and engineering teams to ensure proper logging and auditing of access activities.
• Design, develop, and operate identity management systems across infrastructure in both private and public clouds.
• Monitor industry trends and adopt new tools and features as needed.
• Mentor junior engineers and participate in on-call rotations.

About the Project:

We are seeking an experienced Active Directory Engineer specializing in Identity and Access Management to enhance product infrastructure security. The role involves managing user identities, governing access to production systems, and automating security processes to ensure seamless and secure access management for engineers and operations personnel. The team collaborates cross-functionally to build scalable solutions that integrate with compliance and security requirements.

This vacancy is only for Ukrainian residents within Ukraine.

We invite an experienced Information Security Consultant / Auditor to join our team. This position might be a good fit if you want to analyse and improve information security processes in modern technological companies.

As a company specialising in data security solutions, our products are well-known amongst security-aware teams worldwide and are popular for easily solving complicated security challenges. Apart from building “off-the-shelf” solutions, we design custom security controls for novel problems and handle mission-critical, multi-app, multi-platform distributed systems, addressing serious issues in the world around us.

We work in the B2B space with customers such as power grid operators, payment processors, legal companies, and million-user customer applications.

Responsibilities:

• Understand the cybersecurity posture of technological organisations and guide them towards improvements.
• Conduct risk assessment and gap analysis for us and our clients: analyse risk posture, define sensitive assets, describe top risks & threats, identify gaps in security controls coverage, suggest missing controls and policies. Think NIST RMF, NIST SP 800-53.
• Outline organisation-wide and product-wide security roadmaps and plans.
• Lead cybersecurity programme (improving security posture) for our clients.
• Select and insist on security controls that would mitigate high-priority risks (NIST SP 800-53).
• Design and draft security policies, procedures, standards and controls in line with regulations and/or relevant standards. Think ISO27K, NIST CSF, SOC 2.
• Maintain and review ISMS documentation, suggest improvements.
• Maintain control documentation for relevant risk areas and business/technology processes.

Requirements:

• 5+ years of experience working as a risk & compliance auditor, information security officer, cybersecurity consultant, or in a similar role.
• Sound understanding of industry standards in cybersecurity (NIST, ISO, ITIL, ISF).
• Strong understanding of security and information security controls: which ones solve which problems.
• Good understanding of industry standards in privacy (GDPR, ISO 27018).
• Advanced knowledge of IT general controls (security, change management, disaster backup recovery, data centre, infrastructure, etc.) and IT governance processes (ITIL).
• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, IT Auditing, Information Systems.
• Upper-intermediate English, written and spoken.
• Ability to work independently and as part of a team in a fast-paced environment.

Nice to have:

• In-depth technical understanding of information security, IoT and hardware, systems engineering, infrastructure, etc.
• Understanding of how large distributed systems are built or how they work. Think power plant control systems at country-scale.
• Desire to work on extremely innovative projects.
• Experience working in a multicultural context.

Hiring Process:

• Test task
• Introduction call
• Technical interview
• Offer

What’s in it for you?

• Competitive compensation with bonuses
• Hybrid work model: this position allows for a combination of in-office and remote work as needed
• Paid vacation — 21 business days per year
• Paid sick leave
• Work at the intersection of cryptography, software engineering, and information security
• Opportunity to contribute to mission-critical projects
• Reimbursement for courses, certifications, and books

Join our team as an Information Security Manager, where you will play a crucial role in ensuring the safety and integrity of our clients’ digital assets.

Responsibilities:

• Implement security measures in alignment with industry frameworks.
• Conduct security assessments for client projects using established methodologies and provide actionable recommendations.
• Collaborate with development teams to identify risks and implement the most efficient security solutions.
• Promote security services by engaging with clients and presenting solutions.

Requirements:

• 3+ years of experience with security frameworks such as ISO 27001, SOC 2, or NIST CSF.
• Knowledge of cloud security, with practical experience, is a plus.
• Understanding of Secure SDLC and software security architecture is a plus.
• Ability to engage clients and provide expert security consulting.
• A structured approach to work and clear documentation skills.
• Ability to automate tasks using any programming language and AI tools.
• Upper-Intermediate English or higher.

Our benefits:

GROWTH & EDUCATION

• Individual development plan.
• Mentoring program.
• Evaluation process.
• Professional education.
• Covering the cost of professional certifications.
• Corporate library.
• English classes.

COMMUNITY

• Technological community.
• Volunteering & Charity.
• Yalantis events.
• Yalantis Education.
• Project team building activities.

WELLBEING

• Medical insurance, health check-ups, and compensation for sports activities are up to you.
• Vacation & Days Off.
• Mental health support program.
• Public holidays.
• Financial and legal support for private entrepreneurs.

WORK ENVIRONMENT

• Cozy offices (Dnipro, Kyiv, Warsaw).
• Corporate Top-notch equipment and quality tools.
• Flexible format of work.
• Eco & Pet-friendly space.
• Fun activities in offices.
• Y-bucks & Yalantis store.

Samsung R&D Institute Ukraine is looking for a passionate and collaborative Linux Kernel Developer to join our team in Kyiv.

You will work with security and system development engineers tackling real-world tasks with Samsung flagships, introduce patches to the Kernel of not-yet-released Android versions,

be involved in operating system development, learn about security model of Android and improve it on Samsung smartphones in use by hundreds of millions of users worldwide.

If you love working directly on consumer-facing products we are glad to meet you at Samsung team of professionals in Samsung R&D Institute Ukraine. 

More specifically you will

• Design, develop, build, debug, test, profile Linux Kernel modules for Android devices
• Develop Kernel-level security solutions
• Participate in research activities and strategic prototyping for future Samsung products

Major Requirements

• Bachelor degree in computer science or similar
• Knowledge of C, Kernel-level development
• Building and testing Linux Kernel modules
• Knowledge of Linux Kernel architecture and operation

Optional Requirements

• Knowledge of ARM technologies: TrustZone, GIC, MMU, NEON, VFP, Thumb
• Knowledge of Linux Security architecture: MAC/DAC, SE, LSM, Android/Tizen security models
• Experience with device drivers development
• Knowledge of POSIX API
• Applied cryptography: authentication & authorization protocols, crypto algorithms
• Experience with bootloaders development / debugging
• Experience with virtualization: XeN/KVM/QEMU
• Ability to work collaboratively within teams on a set of innovative projects
• Good technical English

Benefits:

• competitive salary, annual salary review, annual bonuses
• paid 28 work days of annual vacations and sick leaves
• opportunity to become an inventor of international patents with paid bonuses
• medical & life insurance for employees and their children
• paid lunches
• discounts to Samsung products, services
• regular education and self-development on internal courses and seminars
• remote work is possible as well as work in Kyiv office

Our client is seeking a Principal AWS Cloud Security and Compliance Engineer with extensive hands-on experience in securing cloud environments at scale. This role is ideal for a seasoned security expert who thrives on designing, implementing, and managing cloud security controls, ensuring compliance with industry standards, and mitigating security risks across AWS infrastructure. The ideal candidate will bring a deep understanding of AWS security services, regulatory compliance frameworks, and cloud-native security best practices.

Main tasks and responsibilities:

• Security Architecture & Design: Lead the design and implementation of secure AWS architectures, ensuring compliance with security frameworks and industry best practices
• Governance & Compliance: Develop, enforce, and monitor compliance with SOC 2, ISO 27001, NIST, CIS, FedRAMP, PCI-DSS, HIPAA, and other security standards
• Cloud Security Operations: Implement and manage AWS security services such as AWS IAM, AWS KMS, AWS GuardDuty, AWS Security Hub, AWS Macie, AWS Config, AWS WAF, and AWS Shield
• Threat Detection & Incident Response: Develop SIEM integrations, monitor security logs, investigate incidents, and lead incident response efforts to mitigate threats
• Automation & Infrastructure Security: Implement Infrastructure as Code (IaC) security policies using Terraform, AWS CloudFormation, or AWS CDK. Automate security monitoring and compliance reporting
• Identity & Access Management (IAM): Define and enforce least privilege access controls, manage AWS Organizations and Service Control Policies (SCPs)
• DevSecOps & CI/CD Security: Embed security into the CI/CD pipeline, ensuring secure deployment practices across cloud workloads
• Security Risk Assessments: Perform cloud security risk assessments, threat modeling, and penetration testing to identify and mitigate vulnerabilities
• Security Awareness & Training: Mentor engineering teams on secure coding, cloud security best practices, and AWS security controls

• Stakeholder Collaboration: Work with engineering, compliance, and business teams to align security strategies with organizational goals

   

Education, skills and experience:

Must have:

• 10+ years of hands-on experience in cybersecurity, cloud security, and compliance, with at least 5 years in AWS security
• Expert-level knowledge of AWS security services, architecture, and best practices. Deep understanding of compliance frameworks (e.g., SOC 2, ISO 27001, NIST, FedRAMP, PCI-DSS, HIPAA)
• Experience with AWS IAM, VPC security, AWS WAF, KMS, CloudTrail, Config, Security Hub, Macie, and GuardDuty
• Proficiency in SIEM solutions, security automation, and cloud-native security tools
• Hands-on experience with IaC security (Terraform, CloudFormation), container security (EKS, ECS), and serverless security
• Strong background in DevSecOps, securing CI/CD pipelines, and integrating security into cloud-native development
• Expertise in identity & access management (IAM), RBAC, MFA, and Zero Trust security models
• Experience with incident response, threat detection, and forensic analysis in AWS
• Proficient in scripting and automation (Python, Bash, or PowerShell)
• Strong communication skills with the ability to influence technical and non-technical stakeholders

Would be a plus:

• AWS Certified Security – Specialty or AWS Certified Solutions Architect – Professional certification
• Experience in multi-cloud security (AWS, Azure, GCP)
• Familiarity with security risk management frameworks (e.g., MITRE ATT&CK, OWASP, CIS Benchmarks)
• Knowledge of AI/ML security, API security, and data protection strategies

We are bill_line – a fintech company with global focus. Born in Ukraine, we’re steamrolling the world of payments all over the world.

Our main product is a payment solution for any online business, and we’re polishing it to perfection every single day. Any business that needs to accept payments is a bill_line partner: from a small online store to banks, insurance companies or charities.

Why us?

bill_line is a “swiss army knife” in the world of fintech for any client. This means our bizdev, support, legal and finance departments are always with our merchant – from a connection request to integration and transaction support.

We’re proud of our approach and its results. But every success is a puzzle, and only the best team in the world can put all its pieces together. Do you want to be a part of it and change the Ukrainian and international fintech market? Then send us your CV, and we will consider it and definitely write back to you!

Key Responsibilities:

• Ensure compliance with legal requirements, including the Information Security and Cybersecurity Law.
• Oversee cybersecurity and information security measures throughout the lifecycle of protected systems (design, implementation, operation, decommissioning).
• Develop and implement information security policies, standards, and related documentation.
• Monitor and investigate cybersecurity incidents and security breaches, particularly those impacting payment services.
• Manage and maintain the functionality of information protection tools, ensuring timely recovery in case of failures.
• Control the integrity and composition of hardware and software in information systems, preventing unauthorized or unapproved use.
• Review and approve changes to IT systems, ensuring compliance with Ukrainian laws and security requirements of payment systems.
• Organize training and upskilling for employees involved in cybersecurity and information security processes.
• Conduct regular cybersecurity awareness training and workshops for all employees.

What We’re Looking For:

• Education: A degree in Information Security, Cybersecurity, IT, or related fields.
• Experience: 2–3+ years in cybersecurity or information security roles.
• Knowledge: Strong understanding of Ukrainian cybersecurity regulations and international standards (e.g., ISO/IEC 27001, NIST).
• Technical Skills: Experience with cybersecurity tools, incident investigation, and security monitoring systems.
• Policy Development: Proven ability to create and implement security policies and protocols.
• Training: Skilled in organizing and delivering training sessions for employees.
• Certifications (Preferred): CISSP, CISM, CEH, or similar are a plus.
• Personal Qualities: Analytical mindset, responsibility, and ability to multitask in a dynamic environment.

💡What we offer

🌐Our HQ is in invincible Kyiv, near the Zvirynetska metro station. We also have a cool EU office if you’re relocated.

👨‍💻You will instantly have everything you need to work (the best equipment, necessary subscription services and everything that will make you effective)

⚡Remote work

🏖️We have 24 days of paid vacation. If you are a workaholic and have not used it, we’ll compensate you with money;

💊We pay sick leave in full.

🥗 Corporate lunches.

👩‍🔬Mandatory health insurance

🧘‍♀️Sessions with psychologists - we support mental health

💡 How we have fun

The best team is our main asset and a reason for pride. Your future colleagues love active recreations, sharing impressions of a movie or listening to their favorite music together. We often end the working week with fun Friday mini-parties with colleagues.

💡 People care

Our  internal corporate culture is based on caring: we support each other, and the company helps colleagues to grow professionally.

We care about the health of our colleagues and hold Health Days.

💡 Training and development

We regularly participate in top international fintech, e-commerce, crypto conferences, meetings.

We pay for training (courses, trainings, seminars) for professional growth and team development.

We support you in learning English or other languages, especially for expansion into new markets!