Jobs Security

📍 Kyiv | Office-only format
     Schedule: Monday–Friday
          10:00–19:00

We are looking for a Cybersecurity Specialist who will be responsible for protecting the company’s infrastructure, web applications, and data, implementing modern security standards, and ensuring compliance with security requirements.

Key Responsibilities

• Build and maintain access security models (IAM, RBAC)
• Implement Zero Trust principles across the infrastructure
• Configure and monitor encryption (TLS, HTTPS, database encryption)
• Identify and mitigate vulnerabilities according to OWASP Top 10
• Protect systems from XSS, CSRF, SQL Injection, and other web attacks
• Set up security logging and monitoring
• Conduct or coordinate penetration testing (pentests)
• Work with SIEM systems for threat detection and analysis

• Ensure compliance with personal data protection policies (GDPR)

   

Requirements

Must have:

• Experience with access management systems (IAM, RBAC)
• Understanding of Zero Trust architecture
• Hands-on experience configuring TLS / HTTPS
• Knowledge of database encryption principles
• Strong understanding of OWASP Top 10
• Experience detecting and preventing XSS, CSRF, and SQL Injection
• Experience organizing security logging and incident analysis

• Understanding of GDPR basics and data retention policies

   

What we offer

•  Competitive compensation
• Work in a modern office in Kyiv
• Opportunity to work with advanced security infrastructure
• A strong team of specialists and professional growth opportunities

• Stable monthly payments

   

📩 Join our team today!

Requirements:

• Experience as a System Administrator ( 2 years +) 
• Knowledge of MacOS at the administrator level
• Network Technologies
• Basic knowledge of remote desktops and the principles of the thin clients
• Knowledge of the basics of information security
• Knowledge of ISO27001, ISO27002 and similar documents and experience with ISO/IEC 27001 certification audits in information security
• Understanding the basic aspects of information security and network components (firewalls, switches, routers, VPNs)
• English: Intermediate (B1-В2). Fluent level is welcome

Would be a plus:

• Experience in supporting or taking part in corporate inventory checks

Responsibilities:

• Implementing and enforcing security policies
• Monitoring security events and incidents
• Conducting risk assessments and security audits
• Managing cybersecurity tools and protection systems
• Delivering information security awareness training for employees
• Ensuring compliance with standards and requirements (ISO 27001)
• Creating, reviewing, and regularly updating ISO 27001 documentation (Confluence)
• Collaborating with German colleagues on ISMS-related tasks (document preparation, reporting, participation in meetings)

This role is new to our company, and the specialist will be the first to establish and develop this area.

What you will get working with us:

- Full technical equipment (MacBook, 2K additional monitors, and a comfortable workplace)

- Remote working equipment provided if needed

- Work exclusively with cutting-edge technologies

- Friendly and professional team atmosphere

- 8-hour workday with no overtime

- Full tax compensation

- 18–24 days of paid vacation

- Paid sick leave:

10 days with a medical certificate

5 days without a certificate

Recruitment Process:

1. Online Call — detailed discussion of the vacancy with a Recruiter (up to 30 minutes)
2. Online Call — English level check (up to 10 minutes)
3. Technical Interview - (up to 60 minutes)

The order of the stages may vary during the process, but always with the goal of moving forward together.

Before sending your CV, please carefully review the vacancy details to save both your time and ours.
If your experience matches the requirements — you will definitely receive feedback.

About Us…

In 2005, brothers Dimitri and Steve Osler set out to reimagine how businesses communicate, and that vision became Wildix. Today, from our headquarters in Tallinn, Estonia, Wildix is one of the world’s fastest-growing UCaaS companies, with 300+ team members from 15+ nationalities, working across Europe, the UK, the Americas and beyond. We serve businesses in 135+ countries through a partner-first ecosystem, delivering secure, intuitive solutions that keep companies connected, productive and ready for what’s next.

At Wildix, we don’t just build technology, we live it. As a remote-first company, we rely on our own platform every day to collaborate globally and innovate fast. With steady growth and a strong foundation, we offer real opportunities to advance your career as we scale, making an impact in a global team that’s shaping the future of work.

At Wildix, our mission is clear: Empower companies worldwide with seamless communication solutions that drive productivity, efficiency, and growth.

About The Role…

We are looking for an experienced Infrastructure Security Engineer to strengthen and harden our AWS-based infrastructure. This role will focus on designing, implementing, and continuously improving our security posture, ensuring compliance with best practices, and proactively identifying and mitigating risks across our cloud environment.

What You Will Do…

• Drive continuous security improvements in AWS based on SIP findings.
• Maintain “100% Green” status in AWS Trusted Advisor and Security Hub.
• Own IAM security, enforcing MFA, auditing admin access, rotating keys, and implementing least-privilege roles.
• Manage temporary privileged access workflows to ensure secure, time-bound access.
• Lead the lifecycle of infrastructure security findings, from triage to remediation and verification.
• Build and operate centralized logging and SIEM for full visibility and threat response.
• Collaborate with DevOps/SRE teams to embed security into provisioning and deployments.
• Coordinate AWS security assessments and penetration testing, driving remediation.
• Provide security guidance for architecture and new services, ensuring best-practice implementation.
• Be available during working hours: 10:00–19:00 UA Time (09:00–18:00 CET).
  
   

What You Will Bring…

• 7+ years in Infrastructure Security, Cloud Security, or Cloud Engineering roles.
• Deep expertise in AWS security services (IAM, VPC, Control Tower, Security Groups, GuardDuty, Config, KMS, WAF).
• Hands-on with Infrastructure-as-Code security (Terraform, CloudFormation) and CI/CD pipeline hardening.
• Solid understanding of AWS network architecture and secure networking practices.
• Skilled in monitoring, logging, and incident response in cloud environments.
• Knowledge of cloud compliance frameworks (ISO 27001, SOC 2, CIS Benchmarks).
• Experienced in threat modeling, vulnerability management, and remediation.
• Practical implementation of zero-trust and least-privilege principles.
• Conduct security reviews of architecture and configurations.

Why You’ll Love It Here

👫 Work with a Supportive, High-Performing Team – We believe in trust, autonomy, and working with bright, passionate individuals who drive real impact.

🌍 A Truly International Workplace – Our diverse and inclusive team ensures you’ll always feel connected and supported, no matter where you are.

🚀 Shape the Future of Global Communication – Be part of a team transforming how businesses operate in an era of remote work and AI-powered collaboration.

💼 Join a Profitable & Stable Company – We’re not a startup experiment, we’re a two decade old success story with sustained profitability, meaning we can back your boldest ideas.

What We Offer

🏖️ Generous Time Off – Take the breaks you need to relax, recharge, and come back inspired.

💻 Top-Tier Tech – Love Mac? So do we! We equip our team with the best tools for success.

🚀 Career Growth & Development – We cover certifications and IT conferences to keep you at the top of your game.

🌱 Well-being Support – We offer access to psychology sessions to support your mental and emotional health

Happy with them? Our Benefits are country-specific. You can ask your recruiter for more information

Interview Process

🤝 Step 1: Initial Screening – A chat with our Talent Team to understand your background, experience, and motivations (30 mins).

🛠️ Step 2: Technical Interview – A deep dive with your potential manager to assess your skills and fit for the role (60 mins).

We Are Wildix

Wildix is an equal-opportunity employer. We value diversity and welcome all applicants regardless of race, gender, age, religion, or any other characteristic. Everyone is encouraged to apply and is welcome to join our Blue Ecosystem. 

Ready to join us? Apply Now!

We are looking for Security Infrastructure Specialist

Description:
This is a short-term, hands-on implementation project - up to 2 months. 
We're looking for a security engineer who can take our existing platforms and configure them into a coherent, modern security posture. 
You'll work across identity, access control, endpoint verification, credential management, and centralized logging. 
The goal is a properly secured environment with clear documentation that our team can operate independently after handoff.

What You'll Do:
- Configure and harden Google Workspace as our central identity provider, enforcing MFA, tightening admin roles, setting up SSO for supported apps, and establishing a clean offboarding process.

- Replace our current VPN-style access model with Cloudflare Zero Trust, putting identity-aware, device-checked access policies in front of internal resources like our staff portal, Grafana, and admin endpoints. Direct exposure of protected services should be eliminated.

- Deploy lightweight endpoint protection (Microsoft Defender for Business) with a BYOD-friendly approach, verifying device security posture (encryption, screen lock, updates) without fully managing personal machines. Integrate device checks into access policies.

- Set up 1Password (or equivalent), migrate shared credentials into properly structured vaults, and provide usage guidance for the team.

- Stand up centralized log ingestion in Axiom, pulling from Cloudflare, Google Workspace, DigitalOcean, Kubernetes, and other available sources. Configure retention and provide a sample investigation walkthrough so we understand how to use it.

- Deliver configuration documentation, an operational runbook, and admin maintenance instructions at project close.

Requirements:

- Demonstrated experience configuring Google Workspace security controls, SSO, and identity management
- Hands-on proficiency with Cloudflare Zero Trust (Access, Tunnel, Gateway)
- Familiarity with endpoint protection deployment in BYOD environments
- Experience with credential management tooling (1Password or similar)
- Practical knowledge of log aggregation and centralized logging platforms
- Comfort working with DigitalOcean, Kubernetes, and Linux-based infrastructure
- Strong documentation habits, you leave things cleaner and clearer than you found them

Preferred Qualifications:

- Direct experience with Axiom for log ingestion and analysis
- Experience securing environments for small, fully remote teams
- Familiarity with Microsoft Defender for Business deployment and device compliance policies
- Background in OSINT, cybersecurity, or investigative technology platforms
- Powered by Workable

Description

We are looking for a Senior DevSecOps who will help make our cloud infrastructure safe, stable, and automated. You will work together with the development, platform, and security teams to add security at every step of product creation.

This is a great chance to grow in security automation, improve processes, and bring modern DevSecOps practices into the company.

Requirements
Must-Have Skills

5+ years of hands-on experience in DevOps / DevSecOps / Cloud Engineering roles;

Deep expertise with AWS services (IAM, VPC, CloudTrail, GuardDuty, KMS, WAF);

Proven experience with Kubernetes security — RBAC, network segmentation, image scanning, Falco or similar runtime security tools;

Strong proficiency in Infrastructure-as-Code tools, particularly Terraform (modules, state management, policy as code);

Experience managing CI/CD pipelines on GitHub Actions with integrated vulnerability scanning and secret protection;

Solid knowledge of Cloudflare security suite (Zero Trust, WAF, DNS, Access, API Gateway rules);

Familiarity with SSO and MFA solutions (DUO SSO, OIDC flows, federation via SAML);

Scripting and automation using Python, Bash, or Go;

Strong understanding of network security, TLS management, logging, and monitoring pipelines;

Excellent collaboration and communication skills, with the ability to work effectively with cross-functional engineering and compliance teams.

Nice-to-Have

Experience with policy-as-code frameworks (OPA, Conftest, Terraform Cloud Policies);

Hands-on knowledge of container security scanners (Trivy, Aqua, Anchore, Grype);

Exposure to SIEM / SOC integrations;

Familiarity with compliance frameworks (ISO 27001, NIST CSF, CIS Benchmarks);

Relevant certifications (AWS Security Specialty, Terraform Associate, CISSP, or DevSecOps certifications).

Responsibilities
Integrate security practices (SAST, DAST, SCA, secret management, compliance checks, etc) directly into CI pipelines on GitHub;

Build and manage infrastructure using Terraform (IaC) with a strong focus on least privilege, encryption, and auditing;

Strengthen security across Kubernetes clusters (RBAC, network policies, Falco runtime threat detection);

Implement security automation and continuous monitoring for vulnerabilities, misconfigurations, and drift in AWS + Kubernetes environments;

Collaborate closely with Development, Platform, SRE, Cloud Delivery Engineers, and Security teams to embed “security-by-design” principles throughout SDLC;

Conduct threat modeling, risk assessments, and incident response for cloud and container workloads;

Drive adoption of DevSecOps best practices, mentor team members, and promote a proactive security culture;

Continuously research and implement new security tools, policies, and automation opportunities to improve visibility and resilience.

Benefits

Why Join Us?

🎰 Be part of the international iGaming industry – Work with a top European solution provider and shape the future of online gaming;

💕 A Collaborative Culture – Join a supportive and understanding team;

💰 Competitive salary and bonus system – Enjoy additional rewards on top of your base salary;

📆 Unlimited vacation & sick leave – Because we prioritize your well-being;

📈 Professional Development – Access a dedicated budget for self-development and learning;

🏥 Healthcare coverage – Available for employees in Ukraine and compensation across the EU;

🫂 Mental health support – Free consultations with a corporate psychologist;

🇬🇧 Language learning support – We cover the cost of foreign language courses;

🎁 Celebrating Your Milestones – Special gifts for life’s important moments;

⏳ Flexible working hours – Start your day anytime between 9:00-11:00 AM;

🏢 Flexible Work Arrangements – Choose between remote, office, or hybrid work;

🖥 Modern Tech Setup – Get the tools you need to perform at your best;

🚚 Relocation support – Assistance provided if you move to one of our hubs.

• Project Description:

  We are embarking on a critical initiative to achieve ISO 81001 compliance for our esteemed client. ISO 81001 is a pivotal standard for health informatics, specifically focusing on the management and security of health information systems. This project aims to ensure Client's digital infrastructure aligns with the stringent requirements set forth by ISO 81001, safeguarding sensitive healthcare data and bolstering cyber resilience.

   

• Responsibilities:

  Conduct a thorough assessment of Client's existing IT infrastructure, policies, and procedures against ISO 81001 requirements.
  Identify gaps and vulnerabilities that need to be addressed to achieve compliance.
  Collaborate with cross-functional teams to design and implement robust security controls aligned with ISO 81001 standards.
  Deploy necessary security measures to protect Client's health information systems and data assets.
  Draft and enhance security policies, procedures, and guidelines tailored to ISO 81001 specifications.
  Ensure policies are communicated effectively and integrated into Client's operational framework.
  Perform risk assessments and develop risk management strategies to mitigate cyber threats and vulnerabilities.
  Implement proactive measures to enhance Client's cyber resilience in alignment with ISO 81001.
  Conduct training sessions and workshops to enhance cyber security awareness among Client staff.
  Foster a culture of security consciousness and best practices across the organization.
  Establish monitoring mechanisms to track ongoing compliance with ISO 81001 requirements.
  Conduct regular audits and assessments to ensure sustained adherence to security standards.
  Develop incident response protocols and procedures to swiftly address and mitigate security incidents.
  Continuously assess and refine security strategies based on emerging threats and industry developments.

   

• Mandatory Skills Description:

  Bachelor's degree in Cyber Security, Information Technology, or a related field.
  Proven experience in cyber security, particularly in compliance initiatives (ISO standards preferred).
  Strong understanding of health informatics and data security within healthcare environments.
  Excellent analytical skills with the ability to assess complex systems and processes.
  Effective communication skills to engage stakeholders and drive security initiatives forward.

We are looking for an endpoint/workstation support engineer to support multiple mixed MacOS/Windows/Lin remote working environments. You should maintain a high level of user satisfaction, as well as properly document your work.

Your primary tasks will include:

* Enduser remote support for agents installation

* AV alerts investigation

* Ensuring security compliance policies are in place (e.g. full disk encryption, firewall)

* Implementing updates on agent installation packages whenever new version arrives

* Testing of Windows/Win/Lin endpoint agent updates

The candidate should have a proof records of successful projects in the following areas:

* support of AV/EDR/VPN and other security agents on multiple platforms

* Intune MDM

* Apple Business Manager

* Windows, MacOS and Linux endpoint support

* Basic Unix shell and Powershell scripting

* MS Graph API and other REST API basic experience

* Windows and MacOS troubleshooting with the aid of Sysinternals tools and different set of MacOS tools (netstat, lsof, vmstat, top, dtruss, etc.)

* Fluent English

* Teamwork and problem solving mind

* Compliance framework basic awareness (ISO27001/PCI-DSS/HIPAA etc.)

* ITIL and IT service basic awareness and ability to write end-user documentation/procedures/instructions

A big plus if have all or any of the following:

* Microsoft Intune certification or other Microsoft Security/Endpoint certificationi

* Any AV vendor certification

* Any security related certification (e.g. ISO27001LA, CISSP, CISA)

Come build something true with us.

We’re True Sea Moss, a fast-growing wellness brand built on the healing powers of one of nature’s oldest superfoods, sea moss.

No powdered promises. No pretty lies. Our products move through a complex global supply chain — and behind that flow sits structure, discipline, and crystal-clear organization.

As we scale across marketplaces, systems, marketing platforms, data warehouses, and internal tools, security is no longer optional — it’s foundational.

We’re looking for a Cybersecurity Specialist — someone exceptionally structured, risk-aware, and confident owning company-wide security, access control, and infrastructure protection end-to-end.

Now — who are we looking for?

You’re the person who sees vulnerabilities before others even notice them.

You think in permissions, identity management, audit logs, and prevention frameworks. You don’t just react to incidents — you design systems that minimize the chance of them happening.

You’re calm under pressure, precise in execution, and serious about protecting company data, systems, and people.

What You’ll Be Doing

• Own company-wide access management (Google Workspace, Slack, AWS, Shopify, BI tools, internal systems, etc.)
• Create, modify, and revoke user access based on role and security policies
• Implement role-based access control (RBAC) and least-privilege principles
• Maintain secure credential and password management systems
• Implement and enforce multi-factor authentication (MFA) across all platforms
• Secure cloud environments and monitor infrastructure permissions
• Monitor logs, detect suspicious activity, and define response protocols
• Build and maintain internal security policies and documentation
• Conduct periodic security audits and vulnerability assessments
• Develop backup and disaster recovery strategies
• Lead incident response processes when needed
• Educate the team on security awareness and best practices

What You Bring

• Proven experience in cybersecurity or information security
• Strong understanding of identity & access management (IAM) principles
• Experience securing cloud environments (AWS preferred)
• Knowledge of endpoint protection and monitoring tools
• Understanding of encryption, authentication, and network security fundamentals
• Experience implementing MFA and access governance frameworks
• Ability to create clear security policies and enforce standards
• Strong sense of ownership and discretion when handling sensitive data
• English level B2+
• Comfortable working remotely

Nice-to-Haves

• Experience working with fast-growing e-commerce or digital-first companies
• Experience preparing companies for compliance audits
• Background in cloud infrastructure security automation

Why Work With Us

• A role with real responsibility and ownership from day one
• Direct impact on how safely and confidently we scale
• High trust and autonomy
• Opportunity to build security systems from the ground up
• A team that values structure, clarity, and calm execution

Here’s How We Back Our Words with Care

• Welcome Pack and custom TrueSeaMoss merch to make sure you arrive like you were always meant to be here
• Sports reimbursement to support your physical and mental health
• Additional vacation days beyond standard holidays
• Coaching & career consultations to support your personal and professional growth
• Access to corporate English lessons to sharpen your communication skills
• WHOOP membership to help you track your health, sleep, and recovery
• Coworking membership if you prefer a hybrid work lifestyle
• Sabbatical options after long-term contributions
• Travel grants to support work-related or wanderlust trips — we believe in leaving to come back better
• Project grants for side ideas, personal initiatives, or creative experiments

So — does this sound like you?

If you’re serious about protecting systems, building secure foundations, and owning cybersecurity end-to-end — we’d love to meet you.

Head of Cybersecurity Product Management 

Softprom

Europe / CEE | Hybrid or Remote
Full-time
IT Distributor / VAD (Cybersecurity & Enterprise IT)

About Softprom

Softprom is an international IT distributor and value-added partner operating across Central and Eastern Europe, CIS, and neighboring regions.
We work with leading global vendors in Cybersecurity, Cloud, Infrastructure, and Enterprise IT, helping partners and customers build secure, scalable solutions.

We are now looking for a Head of Cybersecurity Product Management to lead and develop our cybersecurity product portfolio and team.

About the role

This is a senior leadership role for an experienced B2B product professional who understands IT distribution and cybersecurity markets.

You will be responsible for product strategy, portfolio development, vendor management, and people leadership, acting as a key link between vendors, sales, marketing, pre-sales, and top management.

We are looking for a system-oriented leader who builds processes and teams — not someone who tries to do everything alone.

Key responsibilities

• Lead and develop a team of Product Managers (2–3+ people)
   
• Own and manage the cybersecurity product portfolio (multiple vendors and solutions)
   
• Build and optimize product management processes, including:
   
  • onboarding and launch of new vendors
     
  • product lifecycle management
     
  • cross-functional collaboration with Sales, Marketing, and Pre-Sales
     
• Act as the main point of contact for cybersecurity vendors (local and international)
   
• Define product strategy, positioning, and go-to-market approach
   
• Participate in:
   
  • pricing and margin strategy
     
  • sales forecasting and pipeline planning
     
  • product P&L ownership
     
• Set goals and KPIs for product managers, conduct performance reviews and mentoring
   
• Represent the product function in communication with top management
  
   

Requirements (Must-have)

Experience & Expertise

• 5+ years of experience in B2B IT product management
   
• 2+ years of experience managing product managers (team lead / head role)
   
• Hands-on experience working with:
   
  • IT vendors (local and/or international)
     
  • multi-product portfolios
     
• Strong understanding of the cybersecurity market, including:
   
  • solution categories (NGFW, EDR/XDR, IAM, SIEM, DLP, SASE, etc.)
     
  • competitive landscape
     
  • typical customer use cases
    
     

Management & Business Skills

• Ability to:
   
  • set goals and KPIs
     
  • prioritize products and initiatives
     
  • develop people through mentoring and performance management
     
• Proven experience building and improving product processes
   
• Solid business mindset with understanding of:
   
  • product P&L
     
  • go-to-market strategy
     
  • pricing and positioning
     
  • sales forecasting
     
• Confident working with numbers: pipeline, funnel, margins
  
   

Communication

• Strong negotiation and stakeholder management skills
   
• Ability to speak the same language with:
   
  • vendors
     
  • sales teams
     
  • technical experts
     
  • executive management
    
     
• English — Upper-Intermediate or higher (negotiations, presentations, documentation)
  
   

Nice to have

• Experience working in a distributor or VAD
   
• Exposure to regional markets (CEE, CIS, Baltics)
   
• Experience launching new vendors or products from scratch
   
• Understanding of partner ecosystem:
   
  • resellers
     
  • system integrators
     
  • MSPs
     
• Relevant certifications:
   
  • CISSP / CISM
     
  • vendor certifications
    
     

Personal qualities

• High level of ownership and accountability
• Ability to work effectively in ambiguous and changing environments
• Proactive, results-oriented mindset
• Natural authority without micromanagement
• Strong multitasking and prioritization skills
  
   

Why Softprom

• Strategic leadership role with real influence on business results
• Mature B2B environment and international vendor portfolio
• Opportunity to shape and scale cybersecurity business across regions
• Professional, experienced team
• Long-term growth and stability
   

We are looking for a DevOps Engineer to join our team!

Requirements:

- 3–4+ years of hands-on experience in information security, with a strong focus on network and cloud security.
 - Deep understanding of networking fundamentals: TCP/IP stack, routing (BGP/OSPF), VLANs, VPNs (IPsec, WireGuard, OpenVPN), firewalls (NGFW, IPS/IDS).
 - Proven experience with multi-cloud environments: AWS (VPC, Security Groups, NACLs, Network Firewall), GCP (VPC, Cloud Armor), OpenStack (Neutron networking, security groups).
 - Hands-on experience configuring and managing WAF solutions (Cloudflare WAF preferred: rule sets, whitelists/blacklists, rate limiting, bot mitigation, custom rules).
 - Knowledge of zero-trust principles, network micro-segmentation, and common network-level attacks (DDoS, MITM, ARP/DNS spoofing).
 - Strong Linux administration skills + scripting (Bash/Python) for operational tasks.
 - Experience with SIEM/log management tools (ELK Stack, Splunk, QRadar) for traffic/log analysis and event correlation.
Basic experience with Infrastructure as Code (Terraform) for provisioning secure cloud resources.

Will be plus:

- Hands-on experience securing Kubernetes clusters (EKS on AWS, GKE on GCP, or OpenStack-based Kubernetes): network policies, RBAC, secrets management, ingress security.
 - Deep expertise with Cloudflare (WAF, Zero Trust, Access, Workers) or similar (AWS WAF, GCP Cloud Armor, Akamai).
 - Relevant certifications: AWS Certified Security – Specialty, Google Professional Cloud Security Engineer, CCNP Security, CISSP, PCNSE.
 - Experience automating security tasks (Ansible for configuration management, Terraform modules for secure networking).
 - Familiarity with DevSecOps tools (Checkov for Terraform scanning, Trivy for containers, GitLab Security).
 - Prior work with OpenStack security components (Keystone, Barbican, Neutron extensions).

Soft Skills:

- Strong analytical thinking and ability to investigate complex incidents.
- High attention to detail (especially when tuning WAF rules, reviewing Terraform plans, or auditing cluster configs).
- Excellent communication skills — ability to explain technical concepts to non-technical stakeholders (developers, managers).
- Proactive mindset: identify risks in cloud/network setups and propose practical solutions.
- Comfortable with on-call rotations and handling operational incidents outside regular hours.

Responsibilities:
 - Design, implement, and maintain secure network and cloud architecture across AWS, GCP, and OpenStack.
 - Configure, tune, and monitor security tools: firewalls, WAF (especially Cloudflare — managing whitelists, rules, alerts), IPS/IDS.
 - Perform operational security tasks: traffic monitoring, anomaly detection, incident response, and network forensics.
 - Automate security configurations using IaC (Terraform for cloud resources and security policies; Ansible where applicable).
 - Secure and audit Kubernetes clusters (EKS/GKE): implement network policies, harden configurations, manage secrets.
 - Conduct regular audits of configurations (WAF whitelists, open ports, cloud security groups, OpenStack misconfigurations).
 - Review and audit Terraform code/modules for security best practices and compliance.
 - Collaborate with infrastructure, Dev, and platform teams to embed security into operations.
 - Develop and enforce zero-trust policies and network segmentation in multi-cloud environments.

Technical Stack:

 - Clouds: AWS (VPC, EKS, WAF, GuardDuty), GCP (VPC, GKE, Cloud Armor), OpenStack (Neutron, Magnum for Kubernetes).
 - Network/Security Tools: Cloudflare (WAF, Zero Trust), Palo Alto, Fortinet, Suricata, Zeek, Wireshark, tcpdump.
 - WAF & Protection: Cloudflare rule management (whitelists, rate limiting), AWS/GCP native WAF.
 - IaC & Automation: Terraform (AWS/GCP/OpenStack providers), Ansible.
 - Containers/Orchestration: Kubernetes (EKS/GKE), Helm, Cilium/Calico for advanced networking.
 - Monitoring & Logging: ELK Stack, Splunk, Prometheus/Grafana, NetFlow collectors.
 - Scripting: Python, Bash.

Our benefits to you:
☘️An exciting and challenging job in a fast-growing business group, the opportunity to be part of a multicultural team of top professionals in Development, Architecture, Management, Operations, Marketing, Legal, Finance and more

🤝🏻Great working atmosphere with passionate experts and leaders, sharing a friendly culture and a success-driven mindset is guaranteed

🧑🏻‍💻Modern corporate equipment based on macOS or Windows and additional equipment are provided

🏖Paid vacations, sick leave, personal events days, days off

💵Referral program — enjoy cooperation with your colleagues and get the bonus

📚Educational programs: regular internal training sessions, compensation for external education, attendance of specialized global conferences

🎯Rewards program for mentoring and coaching colleagues

🗣Free internal English courses

✈️In-house Travel Service

🦄Multiple internal activities: online platform for employees with quests, gamification, presents and news, clubs for movie / book / pets lovers and more

🎳Other benefits could be added based on your location

We are seeking a highly experienced Senior Cybersecurity Presale Consultant (Part-time) with a strong background as a hands-on Cybersecurity Engineer and proven ability to operate in client-facing, advisory, and pre-sales environments.

This is a part-time hybrid role combining deep technical cybersecurity expertise with strategic consulting and commercial engagement. The ideal candidate understands the full cybersecurity landscape and can confidently design solutions, advise executives, and support the sale of cybersecurity services.

Technical Expertise:

• Design and review enterprise security architectures across cloud, on-prem, and hybrid environments
• Lead security assessments, audits, and risk evaluations
• Implement and advise on security controls (SIEM, EDR/XDR, IAM, PAM, DLP, CSPM, etc.)
• Secure AWS, Azure, and GCP infrastructures
• Support DevSecOps, container security, and modern application environments
• Drive ISMS (ISO 27001), risk management, and compliance initiatives

Consulting and Commercial Engagement:

• Act as a trusted cybersecurity advisor for clients
• Translate technical risks into business-level impact for executives
• Support sales teams in solution design, proposals, and client presentations
• Identify new cybersecurity opportunities and help expand service offerings
• Represent the company as a subject-matter expert in workshops and discovery sessions

Required Qualifications:

• 8-10+ years of cybersecurity experience with a strong engineering foundation
• Essential client-facing experience, preferably in a Sales or close to Sales role
• Broad expertise across cloud, network, application, and identity security
• Experience working with enterprise-scale environments. Proven track record of leading successful regulatory and certification audits
• Strong understanding of ISO 27001, NIST, GDPR, and risk management frameworks. Proven track record of leading organizations through PCI DSS, ISO 27001, GDPR, and multi-jurisdiction regulatory audits
• Hands-on leadership in multi-country compliance programs (EU, UK, US)
• Experience in regulated industries (banking, fintech, crypto, gaming)
• Fluent English and excellent communication skills
• Commercially aware, confident, and consultative mindset

In return, we offer:

• The friendliest community of like-minded IT people
• Open knowledge-sharing environment – exclusive access to a rich pool of colleagues willing to share their endless insights into the broadest variety of modern technologies
• Mobilunity Medical Insurance program is designed to meet our team’s needs
• Paid vacations and sick leaves, including 5 paid days per year that don’t require a sick note
• Perfect office location in the city center (900m from Lukyanivska metro station with a green and spacious neighborhood) or remote mode engagement: you can choose a convenient one for you, with a possibility to fit together both
• No open-spaces setup – separate rooms for every team’s comfort, and multiple lounge and gaming zones
• English classes in 1-to-1 & group modes with elements of gamification
• Neverending fun: sports events, tournaments, music band, multiple affinity groups

 Come on board, and let’s grow together!

Cyber Harbor is a fast-growing Ukraine-based company founded by engineers and researchers who helped defend critical cyber infrastructure during the war. Our work is shaped by real-world experience, and we build AI-powered systems designed for complex, high-stakes environments.

We are currently looking for a Cybersecurity Engineer who will help us design, implement, and maintain the security foundations of our data processing platforms and the infrastructure around them. This role combines practical security engineering with hands-on research and testing. You will help define internal security standards, protect critical infrastructure, and proactively identify weaknesses in our systems before they can be exploited.

We build complex AI systems that operate on large datasets in sensitive environments. Because of that, security is not just a compliance requirement for us - it is a core engineering discipline.

What You Will Do

• Design and implement cybersecurity policies and internal security standards.
• Help maintain visibility and control over company devices, servers, and infrastructure assets.
• Build and improve systems that help prevent data leaks and unauthorized access.
• Perform internal security assessments of our products, infrastructure, and services.
• Conduct regular internal penetration testing and security audits.
• Use tools such as Nmap, Nuclei, Metasploit, and other scanning frameworks to identify vulnerabilities.
• Investigate potential attack surfaces across APIs, web applications, internal services, and infrastructure.
• Work closely with engineering teams to identify and address security issues early in the development process.
• Help implement monitoring, logging, and detection mechanisms for suspicious activity.
• Document findings, propose mitigation strategies, and support teams in implementing fixes.

What You Need to Join Us

• Strong practical understanding of cybersecurity principles and modern attack vectors.
• Hands-on experience with security testing tools such as Nmap, Nuclei, Metasploit, or similar frameworks.
• Strong understanding of network security, web application security, and infrastructure security.
• Experience conducting penetration tests or security research.
• Familiarity with Linux systems and common server environments.
• Ability to analyze systems and identify weaknesses in architecture or implementation.
• Curiosity, persistence, and a strong desire to understand how systems fail.
• Ability to configure and maintain system-level firewalls (for example, iptables, nftables, or ufw) and enforce network-level access policies.
• Experience configuring and operating Web Application Firewalls (WAFs) such as Cloudflare WAF, ModSecurity, or similar solutions to protect APIs and web services.
• Strong practical understanding of how the Internet works, including DNS, TLS, HTTP, and common attack vectors affecting networked systems.
• Solid knowledge of networking fundamentals, including TCP/IP, routing, NAT, VLANs, and the OSI model.
• Ability to analyze traffic flows, understand how packets move through networks, and diagnose connectivity or security issues across different layers of the network stack.

Relevant certifications such as OSCP, CEH, Security+, or similar are welcome, but real-world experience and demonstrated skills matter more.

Who We Are Looking For

Not looking for someone whose experience is centered primarily on managing large security teams or producing compliance documentation.

Instead, we are looking for highly motivated engineers and curious security-minded builders who enjoy exploring systems, testing assumptions, finding weaknesses in creative ways, and building stronger defenses as a result. Unusual backgrounds, unconventional experience, and self-driven experimentation can be a better fit for this role than a traditional career path.

Why Join Us

• Work on real-world systems operating in high-stakes environments.
• Help secure AI platforms and data infrastructure used in complex operational scenarios.
• Military deferment is available for full-time employees.
• Flexible work format in a results-driven environment.

–––––––––––––––––––––––––––––––Рідною–––––––––––––––––––––––––––––––

Cyber Harbor - українська компанія, заснована інженерами та дослідниками, які брали участь у захисті критичної кіберінфраструктури під час війни. Ми спираємося на реальний практичний досвід і створюємо AI-powered системи для складних середовищ, де помилка може мати високу ціну.

Зараз ми шукаємо Cybersecurity Engineer, який допоможе нам будувати, впроваджувати та підтримувати базові елементи безпеки наших платформ для обробки даних і пов’язаної з ними інфраструктури. Ця роль поєднує практичну security engineering роботу з hands-on дослідженням і тестуванням. Ви допомагатимете формувати внутрішні стандарти безпеки, захищати критичну інфраструктуру та проактивно виявляти слабкі місця в наших системах до того, як ними зможуть скористатися.

Ми створюємо складні AI systems, що працюють із великими обсягами даних у чутливих середовищах. Саме тому для нас безпека - це не просто вимога комплаєнсу, а повноцінна інженерна дисципліна.

Що ви будете робити

• Проєктувати та впроваджувати політики кібербезпеки й внутрішні стандарти безпеки.
• Допомагати підтримувати контроль і прозорість щодо корпоративних пристроїв, серверів та інфраструктурних активів.
• Будувати та вдосконалювати рішення, що знижують ризик витоку даних і несанкціонованого доступу.
• Проводити внутрішні security assessments наших продуктів, інфраструктури та сервісів.
• Регулярно проводити внутрішні penetration tests і security audits.
• Використовувати такі інструменти, як Nmap, Nuclei, Metasploit та інші scanning frameworks, для виявлення вразливостей.
• Аналізувати потенційні attack surfaces на рівні APIs, web applications, внутрішніх сервісів та інфраструктури.
• Тісно взаємодіяти з engineering teams, щоб виявляти й закривати security issues ще на ранніх етапах розробки.
• Допомагати впроваджувати механізми моніторингу, логування та виявлення підозрілої активності.
• Документувати результати, пропонувати mitigation strategies і допомагати командам впроваджувати необхідні виправлення.

Що нам важливо

• Сильне практичне розуміння принципів кібербезпеки та сучасних attack vectors.
• Hands-on досвід роботи з інструментами security testing, такими як Nmap, Nuclei, Metasploit або подібними frameworks.
• Сильне розуміння network security, web application security та infrastructure security.
• Досвід проведення penetration tests або security research.
• Знайомство з Linux-системами та типовими серверними середовищами.
• Вміння аналізувати системи та виявляти слабкі місця в архітектурі або реалізації.
• Допитливість, наполегливість і сильна внутрішня мотивація розуміти, як саме системи дають збій.
• Вміння налаштовувати та підтримувати system-level firewalls (наприклад, iptables, nftables або ufw) і забезпечувати мережеві політики доступу.
• Досвід налаштування та експлуатації Web Application Firewalls (WAFs), таких як Cloudflare WAF, ModSecurity або подібних рішень, для захисту APIs і web services.
• Сильне практичне розуміння того, як у реальності працює Інтернет, зокрема DNS, TLS, HTTP та типові attack vectors, що впливають на мережеві системи.
• Ґрунтовні знання мережевих основ, зокрема TCP/IP, routing, NAT, VLANs і моделі OSI.
• Вміння аналізувати traffic flows, розуміти, як пакети проходять через мережу, та діагностувати проблеми зі з’єднанням або безпекою на різних рівнях network stack.

Профільні сертифікації, такі як OSCP, CEH, Security+ або подібні, будуть плюсом, але для нас важливішими є реальний практичний досвід і підтверджені навички.

Кого ми шукаємо

Не шукаємо людину, чий досвід зосереджений переважно на управлінні великими security teams або підготовці compliance documentation.

Натомість ми шукаємо сильних, мотивованих інженерів і допитливих security-minded фахівців, яким цікаво досліджувати системи, перевіряти припущення, нестандартно шукати слабкі місця й на цій основі будувати сильніший захист. Незвичний бекграунд, нетиповий досвід і self-driven експерименти можуть підійти для цієї ролі краще, ніж класичний кар’єрний шлях.

Чому варто приєднатися

• Працювати з реальними системами, що функціонують у середовищах із високою ціною помилки.
• Допомагати захищати AI platforms та data infrastructure, які використовуються в складних операційних сценаріях.
• Бронювання доступне для full-time працівників.
• Гнучкий формат роботи в середовищі з фокусом на результат.

Security isn’t a state — it’s a process. And we’re looking for someone who knows how to drive it.

Softsich is a young and ambitious international product tech company that develops scalable B2B digital platforms. We combine strategic vision with deep tech expertise to build and scale high-performance products. Right now, we’re looking for a Security Engineer to strengthen our internal infrastructure and help automate key security workflows.

Your key responsibilities will include:
 – Monitor and analyze security alerts across multiple security platforms (SIEM, EDR, SOAR)
 – Lead Incident Response -  serve as primary responder to security alerts, perform initial triage, conduct investigations, and coordinate remediation
 – Enhance Detection Capabilities - design, implement, and fine-tune detection rules and alerts across cloud environments
 – Conduct endpoint, network, and application log analysis to identify suspicious activity
 – Collaborate with IT, DevOps, and Compliance teams to enforce security standards and best practices
 – Assist in improving incident response processes, playbooks, and operational practices
 – Stay informed about emerging cybersecurity threats, trends, and industry developments
 – Deploy and manage MDM/UEM solutions (Jamf, Jumpcloud) across all endpoints
 – Advocate for best practices in IT and change management to strengthen security posture
 – Define and enforce security policies for workstations (passwords, encryption, restrictions, app controls)
 – Perform regular audits and compliance checks aligned with corporate standards
 – Monitor device health and security compliance, respond to related alerts
 – Coordinate patching and updates on endpoints through MDM
 – Conduct inventory and asset tracking, including remote wipe and lock management
 – Provide endpoint security reporting and metrics to IT leadership and compliance
 – Collaborate with incident response teams on mobile endpoint incidents

It’s a match if you have:
 – 3+ years in IT Operations, System Administration, or related roles
 – Experience in security threat analysis or incident response, ideally within a SOC
 – Proven experience responding to and managing incidents in cloud environments (AWS, Azure, GCP) and SaaS services (Google Workspace, Atlassian)
 – Proficiency with SIEM platforms, including rule creation, tuning, and maintenance
 – Strong knowledge of cloud security monitoring tools and techniques
 – Understanding of network infrastructure
 – Experience analyzing endpoint, network, and application logs for anomalies
 – Practical understanding of common attack vectors and how to detect them
 – Experience with security automation and scripting for incident response workflows
 – Understanding of IT system architecture, network design, and IT/change management processes
 – Experience with virtualization technologies
 – Familiarity with identity management
 – Proficiency in platforms used for information security investigations and triage

Nice to have:
 – Experience with cloud-native security tools and services
 – Familiarity with scripting or automation (PowerShell, Bash, Python)
 – Experience with endpoint detection solutions and email security technologies
 – Knowledge of IT security audit techniques

What we offer:
 – A competitive salary
 – Remote work format or a modern office in Warsaw and/or Kyiv
 – Flexible working hours
 – An incredibly friendly team where everyone is ready to share knowledge, help, and support
 – 24 working days of paid annual vacation
 – Paid sick leave
 – Health insurance (available for specialists based in Ukraine; other countries — in progress)
 – Zero joules of energy to the aggressor state, its affiliated businesses, or partners
 – Conference and business travel expenses covered (where applicable)
 – Birthday greetings (because you matter!)
 – Online and offline teambuilding events
 – Corporate celebrations

Send over your CV now — we’d love to get to know you better!

About Playson

Founded in 2012, Playson is a leading iGaming supplier recognized worldwide. We provide our partners with a high-end, microservice-based Platform-as-a-Service capable of processing billions of financial transactions daily. Our global infrastructure is designed for cross-regional performance, with a relentless focus on latency reduction and flawless player experience, regardless of bandwidth or connectivity.

We are now building a Platform & Cloud Security function and are looking for the first hire to launch and lead it. This is a rare opportunity to set the standards from scratch and shape how security is embedded into a modern, high-load, cloud-native environment.

Key Responsibilities

• Establish the DevSecOps function at Playson, defining best practices and security standards across the Platform Tribe.
• Integrate security into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning).
• Harden infrastructure and runtime environments (Linux, Docker, Kubernetes/EKS, RBAC).
• Design and enforce cloud security controls in AWS (IAM least-privilege, GuardDuty, Security Hub, encryption at rest/in transit).
• Define and maintain IaC security policies (Terraform/Terragrunt, drift detection, policy-as-code).
• Implement and manage secrets management solutions (Vault, AWS Secrets Manager).
• Build centralized security monitoring & alerting (Datadog, ELK, CloudWatch, SIEM/SOAR).
• Lead vulnerability management and threat modeling practices.
• Automate workflows through scripting (Python, Bash).
• Partner with backend, infrastructure, and platform engineers to embed security in design & delivery.
• Contribute to compliance readiness (ISO 27001, GDPR, PCI-DSS).
• Act as a security subject-matter expert, mentoring engineers and raising awareness.
• Continuously evaluate and implement new security tools and approaches.

Requirements

• 5+ years in Security Engineering / DevSecOps roles, with proven success delivering secure infrastructure and applications.
• Strong skills in Python and Bash for building and automating security workflows.
• Cloud Security (AWS focus) - Deep knowledge of IAM least-privilege design, encryption at rest/in transit, GuardDuty, Security Hub, and best practices for securing multi-account environments.
• Implementation of security controls in pipelines (SAST, DAST, dependency scanning, container image scanning, policy-as-code).
• Hardening of Linux systems, Docker, Kubernetes/EKS; strong experience with RBAC, PodSecurity/OPA/Gatekeeper/Kyverno policies.
• Terraform/Terragrunt, including policy-as-code, drift detection, and compliance enforcement.
• Expertise with HashiCorp Vault, AWS Secrets Manager, or equivalent.
• Hands-on with centralized logging, SIEM/SOAR tools (Datadog Security, ELK, CloudWatch, etc.) and incident response workflows.
• In-depth understanding of secure network design, segmentation, and monitoring.
• Experience with tools enabling temporary, approval-based access (Teleport, AWS IAM Identity Center, Okta, etc.).
• Ability to design and enforce zero trust principles (continuous verification, microsegmentation, contextual access).
• Familiarity with SBOM generation (CycloneDX, Syft), artifact signing (Cosign, Sigstore), and applying SLSA/in-toto frameworks.
• Understanding of ISO 27001, GDPR, PCI-DSS (iGaming relevance), plus experience automating compliance checks with IaC and policy engines.

Nice to have:

• Exposure to Kafka or ClickHouse in security-sensitive environments.
• Familiarity with GitOps tooling (FluxCD/ArgoCD).
• Broader knowledge of SOC 2, HIPAA, or other regulatory frameworks.

What We Offer

• Compensation at top industry standards + quarterly bonuses based on transparent evaluation.
• Remote-first flexibility and adaptable working hours.
• Unlimited paid vacation & sick leave.
• Comprehensive medical insurance (for you and your partner).
• Financial support for major life events.
• Professional growth budget for courses, training, and certifications.

Recruitment Process

1. HR Interview – 45 min
2. Hiring Manager Interview – 60 min
3. Technical Interview – 90 min
4. Final Interview with Head of Platform & CTO – 60 min

Playson is a leading iGaming supplier operating in multiple regulated markets, delivering engaging casino content and advanced technology. We’re a fast-growing, tech-driven company that values innovation, autonomy, and ownership. At Playson, we welcome people who are curious, proactive, and passionate about solving complex challenges at scale.

We are ISO/IEC 27001 certified and committed to maintaining a robust security and compliance posture across all our operations.

About the Role

We are looking for a Security Lead to strengthen Playson’s information security framework and drive continuous improvement of our security culture. This role combines technical expertise, investigative focus, and process leadership - ensuring that our systems, data, and people remain secure, compliant, and resilient.

What will you be doing?

Information Security & Compliance

• Maintain and continuously improve the ISO/IEC 27001:2022 Information Security Management System (ISMS).
• Foster a strong Security-First mindset across the organization.
• Work closely with the CTO, Head of IT, and DevOps to enhance internal security controls.
• Conduct internal audits, risk assessments, and coordinate certification renewals.
• Update security policies and controls in line with ISO 27001, GDPR, and relevant international frameworks (e.g., NIST CSF and NIS2 principles where applicable).
  Manage integrations and alerting within Datadog SIEM, CrowdStrike, Cloudflare, and Google Workspace.
• Support DLP implementation and maintain central tracking of security events.
• Document risks, incidents, and corrective actions to ensure continuous compliance.

Incident Response & Investigation

• Lead investigations into security incidents such as phishing, data leakage, or unauthorized access.
• Collect and analyze digital evidence across systems (CrowdStrike, Cloudflare, Google, Slack).
• Maintain and enhance incident response playbooks and escalation workflows.
• Collaborate with HR, Legal, and IT teams during internal investigations.
• Produce post-incident reports and recommend remediation measures.

Endpoint & Access Security

• Manage MDM systems (Zoho MDM, Endpoint Central) and ensure full compliance for macOS endpoints.
• Maintain CrowdStrike Falcon configurations and endpoint posture enforcement.
• Oversee SSO, MFA, and 2FA enforcement across services (Google SSO, DUO Mobile, 1Password).
• Implement Just-in-Time (JIT) privilege elevation and regular admin access reviews.
• Perform Quarterly RAS Access Management Reviews.

• Maintain a consistent audit trail for access management throughout the year.

   

To succeed in the role, you will have:

• 3+ years of experience in information security, IT audit, or digital investigations.
• Solid understanding of ISO 27001, GDPR, and modern security frameworks (NIST CSF / NIS2).
• Hands-on experience with SIEM / EDR systems
• Proven ability to manage SSO, MFA, DLP, and MDM environments.
• Strong communication skills in English (B2 or higher).
• Analytical mindset, integrity, and attention to detail.

Preferred additional qualifications:

• Certifications: CISSP, CISM, CEH, ISO 27001 Lead Auditor, AWS Security Specialty.
• Experience with Zero Trust, PAM, DLP/CASB, or SOAR platforms.
• Forensics experience.
• Experience in designing awareness programs or running phishing simulations.

What you get in return:

• Competitive Salary: We offer a competitive salary in EUR, subject to annual performance reviews
• Quarterly Bonuses: Benefit from a transparent and systematic quarterly bonus system
• Flexible Schedule: We offer a flexible work schedule to accommodate your needs
• Remote Work Option: Choose to work remotely, providing greater flexibility and comfort
• Medical Insurance: Receive comprehensive medical insurance for both you and a significant other
• Financial Support for Life Events: We provide financial support during special life events
• Unlimited Paid Vacation: Enjoy unlimited paid vacation leave
• Unlimited Paid Sick Leave: Take unlimited paid sick leave whenever necessary
• Professional Development: Get reimbursement for professional development courses and training

The recruitment process includes the following steps:

1. HR Interview (30-45 mins)

2. Technical interview with Service Desk & Security Lead (60 mins)

3. Final Interview with CTO and People Business Partner (60 mins)