Jobs Security

Start: asap
Duration: long-term (with further extensions)
Workload: full-time, remote
Location: EU only
The candidate should have a permanent EU residence, but EU citizenship is preferable !!!
English: B2-C1

About the job
As a DevSecOps Developer, you will play a key role in developing, automating, and optimizing our Cloud Development tools and environments. You’ll contribute to building reliable, scalable, and secure developer platforms used across the organization.
Projects will be related mainly to the financial domain.

What you’ll do
Develop efficient, reusable, and maintainable code in Python, TypeScript, and Git-based environments
Perform code reviews, implement best practices, and ensure quality via SonarQube
Automate deployment, configuration, and monitoring tasks using GitLab CI/CD and scripting
Collaborate with architects, system admins, and developers to ensure seamless integration and interoperability
Participate in Agile ceremonies: sprint planning, daily stand-ups, and sprint reviews
Document code, scripts, and configurations to ensure knowledge transfer and maintainability
Contribute to AI solution delivery and tooling for developers, including agentic AI pipelines

Technical Skills

• Strong hands-on experience with AWS (core services and cloud automation)
• Infrastructure as Code: Terraform, AWS CDK
• CI/CD pipelines: GitLab (automation and deployment)
• Advanced software development: Git, Python, TypeScript
• Experience with AI tools for developers: Amazon Q, Kiro, Claude, coding assistants, AI agents
• Practical experience with IDEs: VS Code, IntelliJ
• Knowledge of IT security principles and service management (ITIL or similar)

Experience
Minimum of 5 years as a Developer
Proven track record in collaborative, agile development environments
Experience delivering AI solutions at scale is a plus

Soft Skills
Excellent communication skills – able to explain technical concepts to technical and non-technical stakeholders
Proactive, committed to continuous learning and improvement
Strong team player
Experience in community management, support, or communication handling

Education & Requirements

• Bachelor’s degree in Computer Science, IT, or related field
• EU citizenship required
• Fluency in English; an additional European language is a plus

Why join us
Work on state-of-the-art cloud and AI development tools
Contribute to automation, DevSecOps, and AI pipelines at scale
Collaborate with a highly skilled, cross-functional team
Flexible EU-based remote/near-site work with occasional onsite presence

We are embarking on a critical initiative to achieve ISO 81001 compliance for our esteemed client. ISO 81001 is a pivotal standard for health informatics, specifically focusing on the management and security of health information systems. This project aims to ensure Client's digital infrastructure aligns with the stringent requirements set forth by ISO 81001, safeguarding sensitive healthcare data and bolstering cyber resilience.

Responsibilities

Conduct a thorough assessment of Client's existing IT infrastructure, policies, and procedures against ISO 81001 requirements.

Identify gaps and vulnerabilities that need to be addressed to achieve compliance.

Collaborate with cross-functional teams to design and implement robust security controls aligned with ISO 81001 standards.

Deploy necessary security measures to protect Client's health information systems and data assets.

Draft and enhance security policies, procedures, and guidelines tailored to ISO 81001 specifications.

Ensure policies are communicated effectively and integrated into Client's operational framework.

Perform risk assessments and develop risk management strategies to mitigate cyber threats and vulnerabilities.

Implement proactive measures to enhance Client's cyber resilience in alignment with ISO 81001.

Conduct training sessions and workshops to enhance cyber security awareness among Client staff.

Foster a culture of security consciousness and best practices across the organization.

Establish monitoring mechanisms to track ongoing compliance with ISO 81001 requirements.

Conduct regular audits and assessments to ensure sustained adherence to security standards.

Develop incident response protocols and procedures to swiftly address and mitigate security incidents.

Continuously assess and refine security strategies based on emerging threats and industry developments.

Skills

Must have

Bachelor's degree in Cyber Security, Information Technology, or a related field.

Proven experience in cyber security, particularly in compliance initiatives (ISO standards preferred).

Strong understanding of health informatics and data security within healthcare environments.

Excellent analytical skills with the ability to assess complex systems and processes.

Effective communication skills to engage stakeholders and drive security initiatives forward.

Nice to have

Agile

Come build something true with us.

We’re True Sea Moss, a fast-growing wellness brand built on the healing powers of one of nature’s oldest superfoods, sea moss.

No powdered promises. No pretty lies. Our products move through a complex global supply chain — and behind that flow sits structure, discipline, and crystal-clear organization.

As we scale across marketplaces, systems, marketing platforms, data warehouses, and internal tools, security is no longer optional — it’s foundational.

We’re looking for a Cybersecurity Specialist — someone exceptionally structured, risk-aware, and confident owning company-wide security, access control, and infrastructure protection end-to-end.

Now — who are we looking for?

You’re the person who sees vulnerabilities before others even notice them.

You think in permissions, identity management, audit logs, and prevention frameworks. You don’t just react to incidents — you design systems that minimize the chance of them happening.

You’re calm under pressure, precise in execution, and serious about protecting company data, systems, and people.

What You’ll Be Doing

• Own company-wide access management (Google Workspace, Slack, AWS, Shopify, BI tools, internal systems, etc.)
• Create, modify, and revoke user access based on role and security policies
• Implement role-based access control (RBAC) and least-privilege principles
• Maintain secure credential and password management systems
• Implement and enforce multi-factor authentication (MFA) across all platforms
• Secure cloud environments and monitor infrastructure permissions
• Monitor logs, detect suspicious activity, and define response protocols
• Build and maintain internal security policies and documentation
• Conduct periodic security audits and vulnerability assessments
• Develop backup and disaster recovery strategies
• Lead incident response processes when needed
• Educate the team on security awareness and best practices

What You Bring

• Proven experience in cybersecurity or information security
• Strong understanding of identity & access management (IAM) principles
• Experience securing cloud environments (AWS preferred)
• Knowledge of endpoint protection and monitoring tools
• Understanding of encryption, authentication, and network security fundamentals
• Experience implementing MFA and access governance frameworks
• Ability to create clear security policies and enforce standards
• Strong sense of ownership and discretion when handling sensitive data
• English level B2+
• Comfortable working remotely

Nice-to-Haves

• Experience working with fast-growing e-commerce or digital-first companies
• Experience preparing companies for compliance audits
• Background in cloud infrastructure security automation

Why Work With Us

• A role with real responsibility and ownership from day one
• Direct impact on how safely and confidently we scale
• High trust and autonomy
• Opportunity to build security systems from the ground up
• A team that values structure, clarity, and calm execution

Here’s How We Back Our Words with Care

• Welcome Pack and custom TrueSeaMoss merch to make sure you arrive like you were always meant to be here
• Sports reimbursement to support your physical and mental health
• Additional vacation days beyond standard holidays
• Coaching & career consultations to support your personal and professional growth
• Access to corporate English lessons to sharpen your communication skills
• WHOOP membership to help you track your health, sleep, and recovery
• Coworking membership if you prefer a hybrid work lifestyle
• Sabbatical options after long-term contributions
• Travel grants to support work-related or wanderlust trips — we believe in leaving to come back better
• Project grants for side ideas, personal initiatives, or creative experiments

So — does this sound like you?

If you’re serious about protecting systems, building secure foundations, and owning cybersecurity end-to-end — we’d love to meet you.

Are you passionate about making the internet a safer place? We are looking for a Middle Security Operations Researcher to join our team and help protect enterprise clients from harmful bots and online threats. This is a remote, full-time role that offers the opportunity to work directly with global customers, analyzing traffic patterns and neutralizing malicious activity.

At Sigma Software, we value expertise, ownership, and proactive communication. You will collaborate with a diverse international team while enjoying the flexibility of working from anywhere.

Why join us? You will work on impactful cybersecurity projects, gain exposure to cutting-edge analytics tools, and contribute to safeguarding digital ecosystems worldwide.

CUSTOMER
Our customer is a global provider of comprehensive security solutions, protecting individuals, organizations, and communities from a wide range of risks, particularly in the digital space. Their enterprise-focused products specialize in bot defense and invalid traffic detection, helping clients safeguard critical systems and maintain operational integrity.

PROJECT
The project focuses on real-time threat detection and bot mitigation for enterprise-scale clients. Security Operations Researchers collaborate directly with customers, leveraging advanced analytics platforms to identify malicious traffic patterns and neutralize online threats. This dynamic environment requires both technical expertise and strong communication skills.

JOB DESCRIPTION:

• Provide Tier 2 technical support to customers in real time, delivering clear and professional responses
• Analyze logs, graphs, and dashboards, isolating and investigating data using tools like Kibana
• Manage and organize cases, tickets, and requests in Salesforce
• Perform back-office tasks, including writing and maintaining suspicious field expressions
• Write and optimize SQL queries for data retrieval, analysis, and manipulation in BigQuery
• Communicate with global customers, ensuring timely responses and effective issue resolution
• Work in a shift-based schedule, including weekend shifts

QUALIFICATION:

• 2+ years of experience in data analysis, including working with logs and dashboards
• Experience working with web traffic data, including HTTP traffic, logs, request analysis, and traffic pattern investigation
• Strong SQL skills: Common Table Expressions (CTE), aggregations, GROUP BY, ORDER BY, filters, window functions (e.g., RANK()), and subqueries
• Experience with SIEM systems. Nice to have: experience with the Elastic Stack
• Technical understanding of web technologies and client–server architecture (APIs, HTTP, basic HTML/JavaScript)
• Strong troubleshooting and problem-solving skills
• Experience in customer support, including direct communication with clients; professionalism and politeness are essential

• Strong English communication skills

   

WILL BE A PLUS:

• Experience in a Cybersecurity Analyst/Researcher role, ideally supporting external customers in threat detection and response
• Experience in web security and security research: web application security, bot management, fraud detection
• Basic Python skills
• Experience with Kibana

PERSONAL PROFILE:

• High level of responsibility and ownership
• Ability to work independently with minimal supervision
• Planning and decision-making skills with considerations for multiple integrated systems
• Proactive communicator who keeps stakeholders informed without being prompted

Work schedule: 40 hours per week, 5 days per week. Workdays can be adjusted to start earlier or later, including weekends if necessary.

(3 month Project, with potential ongoing advisory support)

We are looking for a DevSecOps Engineer with 3+ years of experience to help audit, strengthen, and improve the security posture of a small but growing SaaS platform serving nonprofit and corporate clients.

OVERLAP 14:00–16:00 Mountain Time (MT)

This role is security-first, with DevOps responsibilities as a secondary layer. The main goal is to assess the current infrastructure, identify security and compliance gaps, and implement a practical roadmap to improve the platform’s overall resilience, compliance readiness, and long-term sustainability.

Project scope:

— Initial security and infrastructure audit

— Identify risks, vulnerabilities, and operational gaps

— Build and prioritize a remediation roadmap

— Implement key improvements over a 2–3 month engagement

— Potential for ongoing periodic security reviews and advisory support afterward

Current stack / environment:

— Git

— GitHub Actions

— Docker

— AWS

— Render

What you will do:

— Audit the current cloud and application setup from a security and DevSecOps perspective

— Review infrastructure, deployment processes, DNS configuration, access controls, and backup/disaster recovery practices

— Identify gaps related to SOC 2 readiness and help prepare for stronger enterprise security expectations

— Assess security controls around CI/CD, secrets management, container images, user access, and production environments

— Review existing vulnerability scanning practices and recommend improvements, including dynamic scanning where needed

— Help define and implement practical controls such as firewalling, hardening, monitoring, least-privilege access, and security hygiene improvements

— Investigate risks related to DNS, exposed services, stale records, misconfigurations, and other overlooked infrastructure issues

— Support the team in creating a sustainable, right-sized security approach for a small organization without overengineering

— Translate findings into an actionable roadmap with clear priorities, balancing risk, cost, and implementation effort

— Help improve confidence in responding to enterprise security questionnaires from large corporate clients

What we are looking for:

— 3+ years of hands-on experience in DevSecOps, DevOps with a strong security focus, or cloud/infrastructure security

— Strong experience with AWS and cloud security best practices

— Experience with GitHub Actions, CI/CD security, Docker, and container/image scanning

— Experience reviewing and securing hosted platforms, including PaaS environments such as Render or similar

— Solid understanding of IAM/access control, secrets management, DNS security, backups, disaster recovery, and infrastructure hardening

— Experience identifying and remediating security gaps in small or mid-sized SaaS environments

— Familiarity with SOC 2 controls and general compliance-oriented security practices

— Ability to recommend pragmatic, cost-conscious solutions for a small team

— Strong communication skills and ability to explain risks, tradeoffs, and priorities clearly to non-security stakeholders

— English level: B2 minimum

We are seeking a detail-oriented Security Engineer to join the Security Compliance team and support application security initiatives across a modern cloud-based platform. This role focuses on secure code analysis, vulnerability assessment, remediation tracking, and embedding security throughout the Software Development Lifecycle (SDLC).

You will collaborate closely with Engineering and Site Reliability teams to strengthen application security posture, automate security processes, and ensure vulnerabilities are effectively prioritized and remediated.

Details

Location: Remote in EU

Employment Type: Full-time

Start Date: ASAP

Work Model: Fully remote

Key Responsibilities

Contribute as a core member of the Security Compliance team.

Perform secure code analysis and assist in identifying security weaknesses.

Analyze application vulnerabilities to determine severity, business impact, and remediation strategies.

Partner with Site Reliability and Application Development teams to track vulnerabilities through resolution.

Support the integration of security practices into the Software Development Lifecycle.

Assist in automating security controls and remediation tracking processes.

Maintain thorough documentation and ensure detailed security reporting.

Continuously improve application security standards and processes.

Requirements

Experience in application development and security vulnerability management (academic or professional).

Working knowledge of Windows and Linux environments.

Understanding of secure coding principles and common vulnerability frameworks.

Familiarity with public cloud providers such as AWS, GCP, or Azure.

Software development experience in one or more of:

Python

Java

C#

C++

Go

JavaScript

Experience developing script-based automation solutions.

Strong written, verbal, and interpersonal communication skills.

Associate’s, Bachelor’s degree, or equivalent practical experience in a related field.

Detail-oriented mindset with curiosity and willingness to learn.

We are looking for a  DevSecOps Engineer to join our team and help maintain and improve a secure cloud infrastructure on AWS. Our applications run on Kubernetes (EKS), Cloudflare is used for edge protection, and Wazuh serves as our SIEM / HIDS platform.
 

This role is suited for an engineer with hands-on experience who will work within an existing architecture and established best practices, rather than owning the full system design.

Requirements:
AWS / Cloud

• 2+ years of commercial experience with AWS;
• Hands-on experience with EKS or other managed Kubernetes platforms;
• Basic understanding of IAM, VPC, Security Groups, and CloudWatch.

Kubernetes / Containers

• Experience with Kubernetes (deployments, services, ingress);
• Understanding of Kubernetes RBAC (ability to apply and maintain existing policies);
• Experience with Docker (building and running containers).

Security / Monitoring

• Experience with Wazuh or other SIEM / security monitoring solutions;
• Understanding of logging, alerting, and basic HIDS principles;
• Hands-on experience with Cloudflare (DNS, basic WAF configuration).

DevOps / Automation

• Experience with CI/CD tools (GitLab CI, GitHub Actions);
• Infrastructure as Code: Terraform;
• Bash or Python for basic automation tasks.

Networking

• Understanding of HTTP/S, DNS, and TLS;
• Basic knowledge of cloud networking concepts.

Responsibilities:

• Maintain and enhance CI/CD pipelines with integrated security checks;
• Support and operate Kubernetes clusters (AWS EKS);
• Configure and maintain Wazuh (agents, basic rules, alerts, dashboards);
• Support and optimize Cloudflare services (DNS, basic WAF rules, rate limiting);
• Deploy and update infrastructure using IaC (Terraform / CloudFormation);
• Manage access controls (AWS IAM, Kubernetes RBAC);
• Monitor logs and security alerts and participate in incident response;
• Apply basic hardening practices for containers and EKS nodes;
• Collaborate with development teams to ensure secure application deployments;
• Configure infrastructure according to CIS benchmarks.

Nice to Have:

• Experience with security scanning tools (Burp, Snyk, kube-bench);
• Familiarity with AWS Security Hub or GuardDuty;
• Basic understanding of Zero Trust principles;
• Experience with multi-account AWS environments;
• Exposure to security policies or compliance controls;
• Experience with ELK Stack.
   

What We Offer:

• Work in a team with established processes and mentoring;
• Clear growth path toward a Senior DevSecOps Engineer role;
• Modern cloud-native technology stack (AWS, Kubernetes, Terraform);
• Flexible work format (remote / hybrid);
• Competitive compensation based on experience

About the Role

We are looking for a highly skilled and strategic Senior DevSecOps Engineer to lead our security operations and infrastructure automation initiatives. In this role, you will bridge the gap between development, security, and operations, ensuring our on-premise environment remains secure, resilient, and efficient.
You will act as a subject matter expert, leveraging cutting-edge tools like CrowdStrike to automate threat detection and response, while maintaining robust perimeter security via Cloudflare.

Key Responsibilities
Implementation and automation of security tools in the CI/CD process (SAST, DAST, SCA).
Analysis of vulnerabilities in code, infrastructure and containers.
Development and configuration of security monitoring systems, incident response.
Monitoring and improving the security level of on-prem infrastructures.
Interaction with developers, DevOps and security teams to implement secure practices.
Active participation in the processes of IAM configuration, management of certificates, secrets and access policies.
Conducting internal security audits, participation in external (e.g. penetration) tests.

Requirements

Must-have:
Experience: 5+ years of experience in DevSecOps, Security Engineering, or a related field, with at least 2 years in a Senior role.
Tooling Expertise: Deep hands-on experience with the following specific tools:
Baremetal/on-premise infrastructure
Docker (Docker Swarm is a strong plus)
Gitlab CI 
CrowdStrike
Cloudflare
ELK.
SIEM Proficiency: Proven experience deploying and tuning SIEM solutions (e.g., Splunk, Elastic Security, Datadog, or similar).
Infrastructure: Strong background in managing on-premise infrastructure (physical servers, data centers, virtualization, networking).
Scripting: Proficiency in Python, Go, or Bash for automation and tooling.

Nice-to-have:
Experience with Kubernetes and such tools as Wiz.io and Torq.
Previous involvement in high-load, regulated, or 24/7 production environments (e.g., iGaming, FinTech, telecom or similar).

We offer
Fully remote work opportunity
Enhanced leave benefits:
20 days of paid vacation
5 paid days off
14 paid sick leaves
Company clubs & communities
Celebration gifts for personal milestones
Corporate online events, raffles & challenges
Corporate English program
Corporate yoga classes
Team-building activities
Coworking compensation
Training and development programs (internal & external).

Senior Site Reliability Engineering position 
Location: Remote
Industry: Computer and Network Security
Employment type: Full time / Contractor B2B

Summary

We are hiring a Senior SRE Specialist to manage deployments and keep our platform running smoothly across Azure and on‑premise environments. You will work directly with customers during live troubleshooting, own operational stability, and deliver targeted improvements.

Primary Responsibilities:

• Manage deployments across Azure and on‑premise infrastructure.
• Operate and maintain production systems at scale to ensure availability and performance.
• Respond to and resolve customer support tickets and join live troubleshooting sessions.
• Implement and improve CI/CD pipelines, container workflows, and automation.
• Collaborate with engineering teams to deliver ad hoc fixes and infrastructure improvements.
• Document operational procedures and contribute to runbooks and incident postmortems.

Requirements and Nice‑to‑Have

Required

• Senior level: 5+ years of relevant experience (ideally 7–8 years).
• Strong C# programming skills and solid software architecture fundamentals.
• Experience with production systems at scale.
• Direct customer‑facing experience for high‑level troubleshooting.
• Azure experience (must have some Azure exposure).
• Container knowledge: Docker and Kubernetes experience.
• CI/CD experience and familiarity with pipeline automation.
• Excellent communication skills and ability to work remotely.
   

Preferred / Nice‑to‑have

• Strong AWS background acceptable if accompanied by Azure experience.
• PowerShell scripting experience.
• Hands‑on experience with multiple pipeline technologies and infrastructure as code.

What We Offer

• Work on a mission‑critical product used by thousands of enterprises.
• Remote and flexible work arrangements.
• Direct customer engagement with visible impact on product stability.
• Competitive contractor terms for B2B engagements.

Company and Project Mission:

We are a global exposure management company protecting more than 40 000 customers with an AI‑powered platform that unifies visibility, insight, and action across the attack surface. The team’s mission is to keep the product in optimal operational condition by managing support tickets, ensuring system stability, and delivering targeted improvements to meet customer needs.

Summary

• Senior Security Engineer - penetration testing, threat modelling, 7+ years commercial experience.
• Python. Hands-on offensive and defensive security for web applications.
• Remote/Hybrid, UK, Chechia, Spain - employment contract, Poland, Romania, Slovakia, Bulgaria, Ukraine - B2B contract.

The role

This is a senior security engineering position with a strong emphasis on penetration testing and threat modeling. You'll work across the full security lifecycle: designing secure architectures, modeling threats, researching emerging attack vectors, and validating defenses through hands-on testing.

The focus is on long-term security improvements — identifying and addressing risks before they become incidents. You'll need both the attacker's mindset to find vulnerabilities and the engineering skills to help fix them properly.

What you'll work on

• Penetration testing and security assessments against web applications and internal systems
• Leading security design reviews and threat modeling for new products and infrastructure changes
• Researching emerging threats and attack techniques, then translating findings into practical defense strategies
• Building security automations and tools, and prototypes to support testing and detection
• Collaborating with engineering teams to remediate vulnerabilities and improve secure development practices
• Contributing to security architecture decisions and standards

What we're looking for

• 7+ years in security engineering with substantial experience in both offensive and defensive work
• Proven, hands-on web applications penetration testing experience
• Strong programming skills, preferably Python, with experience building security tools or automation
• Deep expertise in at least one core security domain: cryptography, authentication/authorisation, secure architecture, or network security
• Clear understanding of attack vectors and methods, and how to anticipate them
• Good communication skills in English

Useful additions

• Experience securing serverless architectures or AI/ML platforms
• Background in cloud-native security (AWS, GCP, Kubernetes)
• DevSecOps experience- integrating security into CI/CD pipelines
• Relevant certifications (OSCP, OSCE, CISSP, or similar)

Would you be open to leading the Platform & Cloud Security direction in a top-tier iGaming product? We’re looking for a DevSecOps Engineer to work on a high-load system. You’ll collaborate closely with the CTO, have full ownership of decisions, remote, and top-of-the-market terms.

Main Responsibilities

– Establish the DevSecOps function, defining best practices and security standards across the Platform Tribe

– Integrate security into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning)

– Harden infrastructure and runtime environments (Linux, Docker, Kubernetes/EKS, RBAC)

– Design and enforce cloud security controls in AWS (IAM least-privilege, GuardDuty, Security Hub, encryption at rest/in transit)

– Define and maintain IaC security policies (Terraform/Terragrunt, drift detection, policy-as-code)

– Implement and manage secrets management solutions (Vault, AWS Secrets Manager)

– Build centralized security monitoring & alerting (Datadog, ELK, CloudWatch, SIEM/SOAR)

– Lead vulnerability management and threat modeling practices

– Automate workflows through scripting (Python, Bash)

– Partner with backend, infrastructure, and platform engineers to embed security in design & delivery

– Contribute to compliance readiness (ISO 27001, GDPR, PCI-DSS)

– Act as a security subject-matter expert, mentoring engineers and raising awareness

– Continuously evaluate and implement new security tools and approaches

Mandatory Requirements

– 5+ years in Security Engineering / DevSecOps roles , with proven success delivering secure infrastructure and applications

– Strong skills in Python and Bash for building and automating security workflows

– Cloud Security (AWS focus) — Deep knowledge of IAM least-privilege design, encryption at rest/in transit, GuardDuty, Security Hub, and best practices for securing multi-account environments

– Implementation of security controls in pipelines (SAST, DAST, dependency scanning, container image scanning, policy-as-code)

– Hardening of Linux systems, Docker, Kubernetes/EKS; strong experience with RBAC, PodSecurity/OPA/Gatekeeper/Kyverno policies

– Terraform/Terragrunt, including policy-as-code, drift detection, and compliance enforcement

– Expertise with HashiCorp Vault, AWS Secrets Manager, or equivalent

– Hands-on with centralized logging, SIEM/SOAR tools (Datadog Security, ELK, CloudWatch, etc.) and incident response workflows

– In-depth understanding of secure network design, segmentation, and monitoring

– Experience with tools enabling temporary, approval-based access (Teleport, AWS IAM Identity Center, Okta, etc.)

– Ability to design and enforce zero trust principles (continuous verification, microsegmentation, contextual access)

– Familiarity with SBOM generation (CycloneDX, Syft), artifact signing (Cosign, Sigstore), and applying SLSA/in-toto frameworks

– Understanding of ISO 27001, GDPR, PCI-DSS (iGaming relevance), plus experience automating compliance checks with IaC and policy engines

Nice to have

– Exposure to Kafka or ClickHouse in security-sensitive environments

– Familiarity with GitOps tooling (FluxCD/ArgoCD)

– Broader knowledge of SOC 2, HIPAA, or other regulatory frameworks

We offer

– Compensation at top industry standards + quarterly bonuses based on transparent evaluation

– Remote-first flexibility and adaptable working hours

– Unlimited paid vacation & sick leave

– Comprehensive medical insurance (for you and your partner)

– Financial support for major life events

– Professional growth budget for courses, training, and certifications

Description

We are looking for a Senior DevSecOps who will help make our cloud infrastructure safe, stable, and automated. You will work together with the development, platform, and security teams to add security at every step of product creation.

This is a great chance to grow in security automation, improve processes, and bring modern DevSecOps practices into the company.

Requirements
Must-Have Skills

5+ years of hands-on experience in DevOps / DevSecOps / Cloud Engineering roles;

Deep expertise with AWS services (IAM, VPC, CloudTrail, GuardDuty, KMS, WAF);

Proven experience with Kubernetes security — RBAC, network segmentation, image scanning, Falco or similar runtime security tools;

Strong proficiency in Infrastructure-as-Code tools, particularly Terraform (modules, state management, policy as code);

Experience managing CI/CD pipelines on GitHub Actions with integrated vulnerability scanning and secret protection;

Solid knowledge of Cloudflare security suite (Zero Trust, WAF, DNS, Access, API Gateway rules);

Familiarity with SSO and MFA solutions (DUO SSO, OIDC flows, federation via SAML);

Scripting and automation using Python, Bash, or Go;

Strong understanding of network security, TLS management, logging, and monitoring pipelines;

Excellent collaboration and communication skills, with the ability to work effectively with cross-functional engineering and compliance teams.

Nice-to-Have

Experience with policy-as-code frameworks (OPA, Conftest, Terraform Cloud Policies);

Hands-on knowledge of container security scanners (Trivy, Aqua, Anchore, Grype);

Exposure to SIEM / SOC integrations;

Familiarity with compliance frameworks (ISO 27001, NIST CSF, CIS Benchmarks);

Relevant certifications (AWS Security Specialty, Terraform Associate, CISSP, or DevSecOps certifications).

Responsibilities
Integrate security practices (SAST, DAST, SCA, secret management, compliance checks, etc) directly into CI pipelines on GitHub;

Build and manage infrastructure using Terraform (IaC) with a strong focus on least privilege, encryption, and auditing;

Strengthen security across Kubernetes clusters (RBAC, network policies, Falco runtime threat detection);

Implement security automation and continuous monitoring for vulnerabilities, misconfigurations, and drift in AWS + Kubernetes environments;

Collaborate closely with Development, Platform, SRE, Cloud Delivery Engineers, and Security teams to embed “security-by-design” principles throughout SDLC;

Conduct threat modeling, risk assessments, and incident response for cloud and container workloads;

Drive adoption of DevSecOps best practices, mentor team members, and promote a proactive security culture;

Continuously research and implement new security tools, policies, and automation opportunities to improve visibility and resilience.

Benefits

Why Join Us?

🎰 Be part of the international iGaming industry – Work with a top European solution provider and shape the future of online gaming;

💕 A Collaborative Culture – Join a supportive and understanding team;

💰 Competitive salary and bonus system – Enjoy additional rewards on top of your base salary;

📆 Unlimited vacation & sick leave – Because we prioritize your well-being;

📈 Professional Development – Access a dedicated budget for self-development and learning;

🏥 Healthcare coverage – Available for employees in Ukraine and compensation across the EU;

🫂 Mental health support – Free consultations with a corporate psychologist;

🇬🇧 Language learning support – We cover the cost of foreign language courses;

🎁 Celebrating Your Milestones – Special gifts for life’s important moments;

⏳ Flexible working hours – Start your day anytime between 9:00-11:00 AM;

🏢 Flexible Work Arrangements – Choose between remote, office, or hybrid work;

🖥 Modern Tech Setup – Get the tools you need to perform at your best;

🚚 Relocation support – Assistance provided if you move to one of our hubs.

LITSLINK is looking for a Senior DevSecOps / Infrastructure Engineer to join a long-term client project focused on building a privacy-first, zero-knowledge secure product.

This is a highly security-driven role where you will work on tamper-resistant infrastructure, data minimization, and security-by-design architecture.

Location & Format

• Remote
• Full-time
• Long-term
• Contract (gross)

Responsibilities

• Design and maintain secure cloud and/or bare-metal infrastructure
• Work with Kubernetes (network policies, cluster security, isolation)
• Implement Infrastructure as Code (Terraform / Ansible)
• Manage secrets and encryption systems (Vault, KMS, HSM)
• Build and support immutable infrastructure
• Develop secure CI/CD pipelines (reproducible builds)
• Set up monitoring with minimal logging (Prometheus, Grafana)
• Work with privacy-preserving networking / obfuscation techniques
• Participate in security reviews and architectural decisions

Requirements

• 6+ years of experience in DevSecOps / Infrastructure
• Strong Linux expertise (including system hardening)
• Hands-on experience with Kubernetes in production (security focus)
• Solid experience with Docker
• Experience with Terraform and/or Ansible
• AWS or GCP experience
• CI/CD pipelines setup and maintenance
• Experience with secrets management systems
• Monitoring experience (Prometheus, Grafana)
• Strong security mindset (threat modeling, risk mitigation)

Nice to Have

• Experience with immutable infrastructure
• Verifiable / reproducible builds
• Vault / HSM experience
• Experience with privacy-first products
• Bare-metal infrastructure (e.g., Hetzner)
• Zero-log or minimal logging approaches

Hiring Process

• Screening interview
• Technical interview
• Fast decision

We are global advocacy platform powering creator communities for the world's leading beauty and personal care brands. Founded in 2019, we help brands like L'Oréal, Estée Lauder, Coty, and Unilever build authentic relationships with millions of creators, driving user-generated content at scale.

What We Do:

• Connect brands with 350M+ creators globally through our proprietary database
• Power advocacy programs across 40+ markets (US, UK, EU, LATAM, Middle East, Asia)
• Process millions of creator interactions, content submissions, and campaign data points monthly
• Handle sensitive personal data (PII), financial transactions, and brand-creator relationships

Our Scale:

• Trusted by Fortune 500 beauty & personal care brands
• Processing 100k+ creator content submissions monthly
• Operating in 40+ countries with localized compliance requirements

Why Join Us:

• High-growth SaaS scale-up at the intersection of social, beauty, and enterprise tech
• Build security & compliance infrastructure from the ground up - you'll own it
• Work directly with Fortune 500 clients (L'Oréal, Unilever, Estée Lauder)
• Remote-first culture with global team
• Meaningful equity stake in a fast-growing company

The Role: Information Security & Compliance Manager

As our first Manager of InfoSec & Compliance, you'll be the guardian of trust - ensuring we meet the highest standards of data protection, security, and regulatory compliance as we scale globally. You'll build our compliance framework from the ground up, own enterprise client security reviews, and future-proof our platform for SOC 2, ISO 27001, and global data privacy regulations.

This is a foundational role. You'll have the autonomy to shape our security posture, define policies, and build the systems that enterprise clients demand.

What You'll Do

Compliance & Regulatory (40%)

• Own GDPR, CCPA, LGPD, and emerging data privacy regulations across 40+ markets
• Maintain SOC 2 Type II certification (or lead first certification if not yet achieved)
• Prepare for ISO 27001 certification roadmap
• Manage DPIAs (Data Protection Impact Assessments) for new features/markets
• Be the go-to expert for client compliance questionnaires, security reviews, and audits
• Ensure vendor compliance (AWS, payment processors, third-party APIs)

Client Security & Enterprise Sales Enablement (30%)

• Own enterprise client security reviews (infosec questionnaires, pen test reports, architecture reviews)
• Support sales team with security documentation, certifications, and client security calls
• Build & maintain security collateral (security white papers, data flow diagrams, compliance matrices)
• Act as security liaison for enterprise clients (L'Oréal, Unilever, Estée Lauder)
• Negotiate data processing agreements (DPAs) and BAAs

InfoSec Infrastructure & Risk Management (30%)

• Design and implement security policies, procedures, and controls
• Conduct regular risk assessments and threat modeling
• Manage vulnerability management program (pen tests, bug bounties, security scanning)
• Oversee incident response planning and execution
• Drive security awareness training for engineering and ops teams
• Monitor security tools (SIEM, CASB, endpoint protection) and respond to alerts

Join Innoneers – Shaping the Future of Software Engineering!
 

At Innoneers, we don’t just build software; we engineer innovation. We are a dynamic software development company dedicated to transforming complex business challenges into seamless digital experiences. Specializing in Web, Mobile, and Cloud solutions, we pride ourselves on our technical agility and "Engineering Excellence" mindset.
 

As we scale our operations, we are looking for a passionate SoC Verification Engineer to join our team. If you thrive in an environment where clean code meets cutting-edge technology (Node.js, React, AWS, Python) and want to make a tangible impact on global projects in E-commerce, Fintech, and Logistics, Innoneers is the place for you.

We will trust you with:

• Develop and maintain SystemVerilog/UVM-based verification environments at both module and SoC level;
• Write test sequences, define functional coverage models, and ensure coverage closure;
• Debug simulation results using waveform tools and collaborate with design teams to resolve issues;
• Drive constrained-random stimulus generation and continuous improvements in our verification methodology;
• Apply modern EDA tools and automate verification flows to maximize speed and quality;
• Contribute to quality assurance, release-readiness, and design-test alignment for every chip.
   

What you’ll need to succeed:

• 8+ years of digital verification, including 4+ years of constrained-random verification with UVM.
• 2+ years of embedded C development for SoC verification.
• Experience designing verification architecture from design specifications and creating test plans.
• Ability to translate functional requirements into functional coverage models.
• Skilled in constrained-random stimulus generation and coverage analysis/closure.
• Strong expertise in root-cause analysis and debugging SystemVerilog RTL.
• Proficiency in scripting with Python or similar languages.
• Solid experience with Linux, bash, or equivalent environments.
• Proficient with commercial EDA tools.
• Experience collaborating effectively with cross-functional teams.
• Hands-on experience with UVM verification architecture and vertical reuse of lower-level UVCs/environments.
• Skilled in mixed-language simulation and system modeling.
• Experience with effort estimation, project planning, scheduling, and tracking.

• Proven ability to lead and mentor a small team.

   

Nice-to-haves:

• Experience with SystemC for modeling and simulation.
• Knowledge of UPF and low-power verification methodologies.
• Exposure to formal verification techniques.
• Hands-on experience with FPGA validation and bring-up.
• Experience with full-chip emulation and bring-up.
• Familiarity with OpenOCD/GDB for software-driven verification.
• Experience in SystemVerilog RTL design.

If you're ready to shape the future of technology with us, apply and let's talk!