Jobs

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a talented and motivated Junior Pentester who will join our security team to work on penetration testing and vulnerability/cloud security assessment projects.

We expect a short motivation letter where you can explain your skills, achievements and motivation.

Required skills

- Solid non-commercial cybersecurity experience, such as HTB/THM

- Junior-level cybersecurity certifications would be a plus.

- Comfortable with basic application security testing and common vulnerabilities (like OWASP Top 10, CWE Top 25) and cybersecurity fundamentals

- Strong basic IT skills: Linux, networking (TCP/IP, DNS, HTTP etc.)

- Some experience in scripting/coding languages, such as Java, JS, Python, Shell, etc.

- Strong drive to learn and develop cybersecurity skills

- Technical English (Intermediate)

We offer

- Good salary + bonus system

- Rewarding environment: brilliant team ready to share knowledge and collaborate

- Support in obtaining professional certifications, such as BSCP, OSCP, eWPTX, cloud certifications, etc.

- Courses and conferences which are relevant to the position are sponsored by the company.

- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Execute penetration tests and security assessments as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more

- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps

- Conduct security research

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern cloud and automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a Middle/Senior Security Consultant / Penetration tester to work on and lead penetration testing and vulnerability/cloud security assessment projects.

In this role, you will work on technically challenging projects and also spend some time leading/mentoring our junior pentesting colleagues.

Required skills

- 1.5+ years of intensive commercial experience

- OSCP, eWPTx2 or similar would be a plus

- Scripting/coding skills and being comfortable with advanced pentesting tooling

- Strong knowledge of mobile/web security

- Comfortable with cloud and container security

- Basic RE skills

- Ability to mentor/lead colleagues

- Strong ability and drive to learn and develop cybersecurity skills

- Technical English (Intermediate+)

We offer

- Good salary + bonus system

- Diverse project portfolio and technologies to work with

- Rewarding environment: brilliant team ready to share knowledge and collaborate

- Courses and conferences which are relevant to the position are sponsored by the company.

- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Participate in various pentesting projects

- Lead junior colleagues

- Perform threat modeling in pentesting and security assessment projects

- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps

- Consult clients on efficient issues remediation

- Conduct security researches

- Develop tools and scripts to automate and improve current pentesting processes

Anti-Fraud & Payments Specialist

Requirements:
 

• Experience in Risk/Anti-fraud or Support for at least 6 months (gambling);
• Understanding the specifics of work;
• Work experience with outgoing payments;
• Understanding of the KYC procedurement;
• Good analytical skills, attention to details;
• High level of responsibility and motivation;

• Willingness to work in shifts.

   

Responsibilities:
 

• Risk analysis, detection of suspicious and fraudulent activities
• Processing users’ withdrawals
• Full account check
• Identifying and countering fraudulent schemes and patterns
• Verification procedure

• Communicating with users via emails

   

What we offer:
 

• Full remote work - an opportunity to work from any part of the world;
• Shift schedule 3/3, options to choose shifts (night);
• Stable salary on the 10th day of the month;
• Unlim days for vacation and sick leaves;
• Career growth perspective;
• Friendly environment.

Samsung R&D Institute Ukraine is looking for a passionate and collaborative Software Penetration Tester to join our team.

More specifically:

Vulnerability assessment and penetration testing of various Linux OS security components and mechanisms:

- vulnerability assessment of Samsung mobile security software: security source code review (white box) and binary analysis (black box)

- secure SDLC process support (including requirements, design security review)

- emerging threats research: new attack methods, (un)known security issues risks

Major Requirements:

- 2+ years of hands-on experience with white and black box software penetration testing and vulnerability assessment

- understanding of typical software security issues (memory corruptions, various injections, arithmetic overflows, etc.) and how to protect against them

- good experience with C/C++, scripting languages, assembly (Arm preferred)

- ability to document and describe discovered security issues

Optional Requirements:

- exploitation experience

- understanding of Linux security architecture and design flaws exploitation (privilege escalation, MAC/DAC Passover oth.).

- Rust language knowledge

- tools: experience with fuzzers, disassemblers, debuggers, assessment automation tools

- cryptography: exploitation experience (weak keys, bruteforce, weak crypto, etc.)

- experience with assessing protected solutions (obfuscated / packed code)

Working Conditions:

- official employment - GIG contract

- remote work is possible as well as work in Kyiv office

Benefits:

- competitive salary, annual salary review, annual bonuses

- paid 28 work days of annual vacations and sick leaves

- opportunity to become an inventor of international patents with paid bonuses

- medical & life insurance for employees and their children

- paid lunches

- discounts to Samsung products, services

- regular education and self-development on internal courses and seminars

- hybrid work format, working in office is required for some tasks

Samsung R&D Institute Ukraine is looking for a passionate and collaborative Mobile Assessment Engineer to join our team in Kyiv.

If you love working directly on consumer-facing products we are glad to meet you at our team in Samsung R&D Institute Ukraine.

 

More specifically, you will provide White & black-box software vulnerability assessment of Android components:

— security review of Android mobile applications and firmware components

— risk analysis and security issues mitigation advisory

— exploitability Proof-of-Concepts development

— emerging threats research: new attack methods, (un)known security issues risks

Security validation is typically executed in 1-2 months iterations.

Major Requirements:

— in-depth understanding of Android security architecture and typical security issuesin-depth understanding of Android security architecture and typical security issues

— practical experience in reverse-engineering (preferably *.apk and ARM binaries), software exploitation, binary and source code audit

— knowledge of Linux Kernel security architecture and Android-specific add-ons (IPC, SE Android, application security framework)

— ability to understand execution logic in C/C++, Java, Assembler; scripting skills

— good technical English, strong reporting and communication skills

Optional Requirements:

— security background (University, relevant prior employment)

— participation in security contests (CTF), own write-ups publications, community activities

— hands-on experience with assessment automation tools (fuzzers, static source code analyzers)

— experience in reversing ( IDA Pro, JEB) reversing protected solutions (obfuscated/ packed code)

— applied crypto: knowledge of existing algorithms and protocols (AES/RSA/ECC/SHA, authentification/key exchange, digital signature, SSL/TLS)

— software exploitation experience

— awareness of security-related standards and best practices

Working Conditions:

— GIG contract

— remote work is possible as well as work in Kyiv office

Benefits:

— competitive salary, annual salary review, annual bonuses

— paid 28 work days of annual vacations and sick leaves

— opportunity to become an inventor of international patents with paid bonuses

— medical & life insurance for employees and their children

paid lunches

— discounts to Samsung products, services

— regular education and self-development on internal courses and seminars

— hybrid work format, working in office is required for some tasks

We are inviting you, a highly motivated and results-oriented Security Engineer to join our team for ensuring and developing solutions, as well as strengthening the product infrastructure.

Our team has unique expertise in research, analysis, and product development. By relying on technical insights and a data-driven approach, we create disruptive future-defining innovations of the fin-tech industry that remain our basis for success.

Responsibilities

• Develop, implement, maintain, upgrade, and test cybersecurity products
• Provide cybersecurity-related support to users and customers
• Integrate cybersecurity solutions into systems and services, ensuring their stability and performance
• Securely configure systems, services, and products
• Maintain and upgrade the security of systems, services, and products
• Implement cybersecurity procedures and controls
• Monitor and ensure the performance of the implemented cybersecurity controls
• Document and report on the security of systems, services, and products
• Work closely with the Engineering teams on cybersecurity-related actions
• Implement, apply, and manage patches to products to address technical vulnerabilities

Requirements

• 3+ years of experience in information security and cybersecurity roles
• Background in development, DevOps, system administration, etc.
• Hands-on experience in developing, integrating, and testing security solutions
• Experience with vulnerability analysis and incident response
• Proficiency in scripting languages such as Python, Bash, PowerShell, etc
• Solid understanding of secure development lifecycle, operating system security, and computer network security
• Experience with both offensive and defensive security practices
• Knowledge of cybersecurity controls, solutions, and technologies
• Ability to collaborate with cross-functional teams and colleagues
• Effective communication and presentation skills to report to stakeholders
• Strong analytical and problem-solving skills
• Reliability, integrity, and responsibility in handling sensitive information and security tasks

• Upper-Intermediate English

   

Will be a plus

• Experience with Ruby, Go, or other programming languages

• Security certifications 

   

We offer

• Compensation for tax expenses of private entrepreneurs in Ukraine
• Qualified assistance and support for Ukrainian private entrepreneurs
• 10 paid sick leave days per year
• 20 paid vacation days per year
• Public holidays according to current Ukrainian legislation
• Medical insurance for employees
• Compensation for professional education and learning English
• Compensation for a sports subscription or sports equipment

LoopMe, the leading outcomes-based platform, closes the loop on digital advertising. By leveraging our patented AI technology to optimize media delivery in real-time, we drive measurable uplift for business outcomes across brand lift, purchase intent, consideration, foot traffic, and sales.

We are looking for a motivated Junior InfoSec Specialist to join our security team. The ideal candidate will have a basic understanding of information security principles and a strong desire to develop practical skills in a dynamic, cloud-driven environment. You will assist with securing LoopMe’s platforms, learning from experienced team members and gaining exposure to modern technologies like Kubernetes, GCP, PostgreSQL, ClickHouse, Envoy, and Kafka.

Responsibilities:

• Support the development and maintenance of information security policies and procedures.
• Assist in performing risk assessments, security audits, and threat monitoring.
• Help monitor and respond to security incidents under supervision.
• Participate in maintaining security tools such as SIEM, DLP, and WAF.
• Learn and assist with integrating security practices into development workflows (Secure SDLC, code reviews).
• Help ensure compliance with security standards (ISO/IEC 27001, NIST, OWASP, CIS Controls).
• Participate in security awareness training for employees.
• Support the secure architecture of platforms including GCP, Kubernetes, ClickHouse, Kafka, PostgreSQL, and Envoy.
• Stay updated with emerging threats and vulnerabilities.

Requirements:

Education & Experience:

• Foundational knowledge of IT, cybersecurity, or system administration, demonstrated through formal education, self-learning, online courses, or hands-on experience.
• Internship, project participation, or up to 1 year of relevant experience is a plus.

Technical Skills:

• Basic understanding of computer networks and common protocols (TCP/IP, DNS, HTTP/S, VPN).
• Familiarity with at least one scripting language (Bash, Python, or PowerShell) and willingness to learn automation.
• Interest in cloud platforms (preferably GCP, AWS, or Azure).
• Basic knowledge of Linux/Unix administration.
• Understanding of information security principles (encryption, authentication, access control) is a plus.
• Willingness to learn and work with tools like SIEM, IAM/SSO/MFA, and modern cloud/data technologies (Kubernetes, Kafka, PostgreSQL, ClickHouse, Envoy).

Nice-to-Have Qualifications:

• Participation in security courses, bootcamps, or open-source security projects.
• Relevant certifications (e.g., CompTIA Security+, AWS/GCP/Azure Fundamentals, or similar) are a plus.
• Good written and verbal communication skills, attention to detail, and strong motivation to grow in information security.

Benefits:

• Competitive compensation package
• Flexible working schedule and the hybrid type of work
• Annual performance bonus
• One month of workation (you can work from any part of the world for one month)

Pine Software Technology Ltd is a software company specializing in trading technology solutions for regulated brokers and trading firms. The company provides Software-as-a-Service (SaaS) products designed to support electronic trading, brokerage operations, risk management, and financial data analysis.

We are seeking an experienced Senior Security Engineer with a strong background in application, infrastructure, and cloud security to help us protect and scale our trading technology platform.

Responsibilities:

• Ensure secure SDLC practices: threat modeling, SAST/DAST/IAST, code reviews, secret management;
• Integrate security into CI/CD pipelines and support DevSecOps implementation;
• Design API security and infrastructure controls, including VPN, WAF, DNS proxy, and DDoS protection;
• Harden cloud environments (GCP) and Kubernetes clusters with policies, scanning, and access control;
• Manage IAM/PAM lifecycles with SSO, MFA, RBAC, OIDC, and LDAP integrations;
• Conduct vulnerability assessments, misconfiguration monitoring, and patch coordination;
• Monitor security events, analyze logs/threat intel, and improve SIEM/EDR coverage;
• Define security policies and procedures, and support internal/external audits;
• Perform penetration testing and red teaming on applications and infrastructure;
• Implement data protection measures: encryption, DLP, secure key storage, and privacy compliance;

Job requirements

• 7+ years of professional experience in cybersecurity, with a strong focus on application, infrastructure, and/or cloud security;
• Strong knowledge of application security principles and secure development practices (e.g., threat modeling, code review, DevSecOps);
• Practical experience with cloud platforms, including identity, networking, and workload security;
• Familiarity with Kubernetes security concepts, tools (e.g., OPA, Falco, Kyverno), and best practices;
• Experience with authentication/authorization protocols and tools: SAML, OIDC, OAuth2, LDAP, MFA, SSO;
• Understanding of common vulnerabilities and experience in vulnerability management and remediation;
• Experience with penetration testing methodologies and tools;
• Solid understanding of network protocols, firewalls, VPN, WAF, and API security mechanisms;
• Hands-on experience with monitoring and detection tools;
• Knowledge of security frameworks and standards;
• Experience participating in or leading internal/external security audits and risk assessments;
• Ability to write clear policies, procedures, and documentation;
• Experience with privacy regulations.

‍

Would be a plus

• High-Frequency Trading or other low-latency systems background;
• Experience in FinTech is a plus;
• Familiarity with Cloudflare services and configuration is a plus.

Company offers

• Care from Day One — medical insurance immediately upon starting work, including dental care, massage and professional psychological support because your well-being matters
• Work-Life Balance — 25 days of paid vacation + 30 days of sick leave, so you can recover without unnecessary stress
• Investment in your energy — partial reimbursement for any sports activities that empowers you.
• Growth — partial coverage for English or Ukrainian language courses + a fixed budget for professional development. Choose what suits you best!
• Knowledge Library — books in the office and access to the Kuka online library to learn, grow, and find inspiration.
• Island Relaxation 14 days a year — enjoy a getaway at the corporate villa in Cyprus.

• Modern Office in Larnaca — a stylish space for inspiration: open areas, cozy lounges, and functional meeting rooms — all for your comfort.

   

Join the Pine Software team, where your talents and aspirations will be recognized! We offer a dynamic work environment, opportunities for professional growth, and support at every step of your career path. Start your journey to success with us—apply today and take the first step towards your bright future!

Pine Software is an equal opportunity employer. We encourage applications from candidates of all backgrounds and experiences. Please note, that only shortlisted candidates will be contacted. Thank you for considering Pine as your next career move!

Who we are:

Adaptiq is a technology hub specializing in building, scaling, and supporting R&D teams for high-end, fast-growing product companies in a wide range of industries. 

About the Product: 

Our client, Coro, over the past few years has received $275M in funding and is one of the fastest growing Cybersecurity companies in the world. The funding is primarily being used to enhance the Coro Cybersecurity SaaS platform and for additional headcount growth, as Coro continues to expand globally. 

Coro started in Tel-Aviv, Israel, and is also headquartered in Chicago, IL, with additional offices in New York, London, and remotely across the globe. As a global organization, Coro gives you the ability to work with people and teammates from around the world. 

Coro’s AI-enabled Modular Cybersecurity Platform is the only one in the industry specifically designed to provide Mid-Market customers with scalable and affordable “enterprise-grade” protection for all of their priority threat vectors.

About the Role: 

At Coro, you’ll own email security research end-to-end: dissecting phishing and malicious email campaigns, pulling apart attacker tradecraft, and building detection logic that scales to protect thousands of customers daily. You’ll have sole responsibility for this domain, which means autonomy, accountability, and the ability to directly influence how Coro stops attackers.

Key Responsibilities: 

 

• Own email threat research and detection: analyze real-world phishing and malicious emails, identify attacker techniques, and translate findings into new or improved detection rules.
• Maintain and extend internal detection tools: debug and develop multi-file Python/Shell scripts used daily by researchers and engineers.
• Collaborate across teams: work with Engineering, Product, and Data to turn research insights into production-grade features and detection logic.
• SIEM/log analysis: Investigate incidents by reviewing logs from customer devices, understanding tool internals, and suggesting improvements to log collection and analysis.
• Stay ahead of attackers: monitor emerging threats and protocols (SMTP, HTTP/HTTPS), apply knowledge of OS internals (especially Windows), and feed new insights into the detection engine.

Required Competence and Skills:

• At least 4 years in security research or closely related fields 
• Previous experience with aspects of security in networks, software, and/or hardware
• Experienced with Python and/or similar language to debug and maintain multi-file research tools
• Solid understanding of Email & network protocols
• Hands-on experience with OS internals
• Ability to interpret logs, understand how SIEM tools work, and apply findings to incident investigation
• Security mindset and autonomy, ability to proactively spot and raise vulnerabilities, work independently, and communicate risks.

Nice to have:

• Perl/Shell experience.
• Reverse engineering skills
• Malware analysis background
• Familiarity with vulnerability assessment tools
• Cloud security (AWS or others).

Why Us?

We provide 20 days of vacation leave per calendar year (plus official national holidays of a country you are based in).

We provide full accounting and legal support in all countries we operate.

We utilize a fully remote work model with a powerful workstation and co-working space in case you need it.

We offer a highly competitive package with yearly performance and compensation reviews.

About the Product:
Our client, Coro, over the past few years has received $275M in funding and is one of the fastest growing cybersecurity companies in the world. The funding is primarily being used to enhance the CoroCybersecurity SaaS platform and for additional headcount growth, as Coro continues to expand globally.

Coro started in Tel-Aviv, Israel, and is also headquartered in Chicago, IL, with additional offices in New York, London, and remotely across the globe. As a global organization, Coro gives you the ability to work with people and teammates from around the world.

Coro’s AI-enabled Modular Cybersecurity Platform is the only one in the industry specifically designed to provide Mid-Market customers with scalable and affordable “enterprise-grade” protection for all of their priority threat vectors.

About the Role:
At Coro, you’ll own email security research end-to-end: dissecting phishing and malicious email campaigns, pulling apart attacker tradecraft, and building detection logic that scales to protect thousands of customers daily. You’ll have sole responsibility for this domain, which means autonomy, accountability, and the ability to directly influence how Coro stops attackers.

Key Responsibilities:
 

• Own email threat research and detection: analyze real-world phishing and malicious emails, identify attacker techniques, and translate findings into new or improved detection rules.
• Maintain and extend internal detection tools: debug and develop multi-file Python/Shell scripts used daily by researchers and engineers.
• Collaborate across teams: work with Engineering, Product, and Data to turn research insights into production-grade features and detection logic.
• SIEM/log analysis: Investigate incidents by reviewing logs from customer devices, understanding tool internals, and suggesting improvements to log collection and analysis.
• Stay ahead of attackers: monitor emerging threats and protocols (SMTP, HTTP/HTTPS), apply knowledge of OS internals (especially Windows), and feed new insights into the detection engine.

Required Competence and Skills:

• At least 4 years in security research or closely related fields 
• Previous experience with aspects of security in networks, software, and/or hardware
• Experienced with Python and/or similar language to debug and maintain multi-file research tools
• Solid understanding of Email & network protocols
• Hands-on experience with OS internals
• Ability to interpret logs, understand how SIEM tools work, and apply findings to incident investigation
• Security mindset and autonomy, ability to proactively spot and raise vulnerabilities, work independently, and communicate risks.

Nice to have:

• Perl/Shell experience.
• Reverse engineering skills
• Malware analysis background
• Familiarity with vulnerability assessment tools
• Cloud security (AWS or others).

Our Mission and Vision
At Solidgate, our mission is clear: to empower outstanding entrepreneurs to build exceptional internet companies. We exist to fuel the builders — the ones shaping the digital economy — with the financial infrastructure they deserve.
 

Key facts:

• Offices in Ukraine, Poland, and Cyprus
• 250+ team members
• 200+ clients went global (Ukraine, US, EU)
• Visa and Mastercard Principal Membership
• EMI license in the EU
   

Solidgate is part of Endeavor — a global community of the world’s most impactful entrepreneurs. We’re proud to be the first payment orchestrator from Europe to join — and to share our expertise within a network of outstanding global companies.
 

We believe the future of payments is shaped by people who think big, take ownership, and bring curiosity and drive to everything they do. That’s exactly the kind of teammates we want on board.
 

Right now, we’re looking for an Information Security Engineer to help us level up our security game. You’ll be building and scaling security processes, automating the boring stuff, and making sure we stay compliant with the big standards (PCI DSS, SOC 2, ISO 27001). A huge part of your mission: driving our Zero Trust strategy — the foundation of our long-term security vision.
 

What you’ll be doing:
— Managing user access (granting, changing, and revoking rights)
— Running internal checks and vulnerability scans to spot risks
— Writing docs, guides, and policies in Confluence
— Preparing audit evidence for PCI DSS and SOC 2
— Partnering with HelpDesk, Infrastructure, and Engineering teams to embed security into daily workflows
— Supporting and monitoring security tools (MDM, SIEM, SSO, MFA, IAM)
— Jumping in on incident response and investigations

What you’ll need
— 6+ months in InfoSec or technical support
— Solid grasp of networking basics and cybersecurity principles
— Understanding of access management models (RBAC, least privilege)
— Hands-on with Linux and Windows
— Fluent English (for writing technical docs and chatting with global teams)
— Analytical mindset and problem-solving skills
— Ownership, attention to detail, and accountability
— Strong teamwork and communication skills

Nice to have
— Experience with AWS, MDM, or IAM systems
— Knowledge of compliance standards (PCI DSS, ISO 27001)
 

Competitive corporate perks:
— 30+ paid days off every year (20 vacation days + national holidays)
— Health insurance and access to a corporate doctor
— Free office breakfasts, lunches, and snacks
— Full coverage for professional training (courses, conferences, certifications)
— Annual performance reviews to fuel your growth
— Sports compensation to keep you moving
— Competitive salary package
— Apple gear to get the job done
 

📩 Ready to become a part of the team? Then cast aside all doubts and click “apply”.

Looking for a security-focused DevOps Engineer to join our CEX.IO team.
We are seeking a DevSecOps professional with a strong security focus to implement security best practices across the SDLC, collaborate with DevOps and IT teams, support audit preparation, and help maintain a balance between security and usability in internal policies.

Requirements

• 2+ years of practical experience in information security as DevSecOps, SecOps, DevOps, or SRE.
• Proven experience in implementing security best practices at every stage of the SDLC.
• Hands-on experience with vulnerability scanning and prevention.
• Strong knowledge of cloud providers: AWS, GCP, Azure.
• Experience with CI/CD tools: GitLab CI, GitHub Actions, Jenkins.
• Knowledge of containerization and orchestration tools: Docker, Kubernetes.
• Knowledge of Infrastructure as Code (IaC) and configuration management Tools, including Terraform and Ansible.
• Participation in projects to prepare infrastructure for compliance with international and industry standards (PCI DSS, ISO 27001, NIST, CIS, SOC2, OWASP, MICA, DORA)

Responsibilities

• Investigate and implement security best practices at every stage of the SDLC (SAST/DAST, image scanning, infrastructure hardening, WAF, secrets management, IAM, data protection, etc.).
• Perform tasks and controls required by compliance standards (PCI DSS, MICA, DORA, etc.).
• Manage vulnerabilities by identifying, assessing, prioritizing, and remediating risks.
• Collaborate with the IT Security department to prepare for and pass audits.
• Monitor CVE reports and security events.
• Work closely with internal teams to achieve a balance between security, flexibility, and cost.
• Participate in information security incident investigations.

Would be a plus

• Higher education in Computer Science
• Experience in fintech or crypto domains
• Hands-on penetration testing experience
• Practical experience administering network infrastructure, databases, and on-prem systems
• Security and relevant certifications

About the Opportunity

The Dayforce Product Security team is responsible for the security of Dayforce products. We enhance product security by finding, fixing, and preventing security flaws across the Dayforce family of products, including Dayforce, Dayforce Wallet, and others.

We build the tooling and run the programs that improve the security of our people-first cloud platform. Beyond simply pointing out issues, we solve problems through close partnership with Product, Development, and CloudOps teams.

As such, we are looking for a Principal Cloud Security Architect with strong technical and leadership skills, a background in public cloud and infrastructure security, and a bias for automation. A passion for solving complex cloud security challenges in a fast-moving, agile environment is essential. The ideal candidate is comfortable working across the company and enjoys finding innovative ways to mitigate risk while protecting the data of more than five million users of Dayforce products.

Responsibilities

Strategic Leadership

• Provide strategic leadership and vision for the cloud security architecture, ensuring alignment with business and technology strategy.
• Lead the development and execution of a comprehensive multi-cloud (Azure primary; AWS in scope) security strategy.

Cloud Security Blueprint

• Own the definition and implementation of the cloud security blueprint—standardized landing zones, identity and access patterns, network segmentation, encryption standards, logging/monitoring baselines, and guardrails.
• Maintain an architecture framework that addresses current and emerging threats.

Governance and Compliance

• Oversee cloud governance and technical compliance design and enforcement (Azure and AWS).
• Ensure services comply with industry standards, regulations, and best practices by implementing policy-as-code (e.g., Azure Policy, AWS Organizations/SCPs) and continuous monitoring and auditing.

Security SME

• Act as the security subject matter expert for cloud and SaaS environments, owning the identification and remediation of security deficiencies.
• Drive maturity beyond compliance by leading threat modeling, control selection, and risk decisions for cloud workloads.

Automation and Tooling

• Design, build, and maintain automated guardrails and template configurations using Terraform and Bicep.
• Implement drift detection and auto-remediation pipelines; integrate controls into CI/CD to consistently enforce secure defaults.

Best Practices and Guidance

• Create and deliver best-practice recommendations, reference architectures, guidance, sample code, and technical presentations.
• Publish high-quality security documentation and enablement materials for engineering and operations teams.

Collaboration and Partnership

• Partner closely with Product, Development, SRE, and CloudOps to refine cloud security capabilities through collaborative roadmaps, design reviews, and reusable templates/modules.
• Build strong relationships with stakeholders to drive adoption.

Security Specifications

• Define high-level and detailed security specifications for identity, secrets and key management, data protection, network security, logging/telemetry, and incident response in the cloud.
• Ensure security is integrated into the design of all cloud solutions.

DevSecOps Enablement

• “Shift left” common security tasks by integrating scanning, testing, and policy checks into developer workflows and pipelines (containers, IaC, secrets, dependencies).
• Promote image signing/provenance and SBOM practices for cloud workloads.

Service Catalog Contribution

• Contribute secure, compliant cloud-native modules and patterns to the internal service catalog (e.g., hardened Terraform/Bicep modules, reference repos).
• Ensure services are reviewed regularly and updated for new threats and controls.

Security Controls Implementation

• Collaborate with engineering and operations to implement and automate cloud security controls and processes (e.g., CSPM/CNAPP, CIEM, KMS/Key Vault, WAF, endpoint and container protections, SIEM integration).
• Develop and maintain cloud-native monitoring and reporting solutions.

Culture and Training

• Foster a security-first culture by partnering with engineering teams to balance performance, reliability, cost, and security.
• Develop and deliver training to raise awareness of cloud security best practices and paved-road adoption.

Qualifications

• Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, or equivalent experience.
• 10+ years of experience in software development, DevOps, or technical cybersecurity roles, with a strong emphasis on cloud security.
• 5+ years in a senior Security Engineering or cloud DevOps role.
• Extensive experience in Azure and AWS, including security of cloud-native applications and services.
• Deep expertise in infrastructure-as-code security, including Terraform and Bicep (ARM experience a plus).
• Proven track record of partnering with software engineering organizations to influence design and drive secure adoption.
• Experience working in a diverse global organization.
• Proficiency in programming/scripting such as Python, PowerShell, and Bash (Go a plus).
• Expertise in Kubernetes and container security (admission controls, image scanning, secrets management).
• Comprehensive knowledge of microservices architectures and cloud networking.
• Strong knowledge of enterprise architecture concepts and tools.
• In-depth understanding of cloud architecture and how applications/data are managed and secured in the cloud, including hybrid integration patterns.
• Expertise with Azure & AWS security services, Docker, and Kubernetes.
• Minimum of 3 years operating in compliant environments such as PCI DSS (v4.0), ISO/IEC 27001:2022, SOC 2, HITRUST, FedRAMP, or similarly regulated industries.

Preferred Qualifications

• Advanced security certifications such as CISSP, GSEC, Azure Solutions Architect, Azure Security Engineer/Technologies, and/or AWS Security Specialty.
• Significant DevOps experience with infrastructure, cloud, and application pipelines (GitHub/GitLab/Azure DevOps).
• Experience running operational teams and managing large-scale security programs/projects.
• Strong leadership and team management skills with the ability to inspire and motivate others.
• Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to both technical and non-technical audiences.

We’re hiring a Security Engineer who thrives in fast-moving environments, understands
technical depth, and can independently own security across multiple areas — from architecture and infrastructure to monitoring and investigations.
You’ll be joining a lean team with serious responsibilities — context switching and high autonomy are part of the job. The role is ideal for someone who prefers deep thinking over surface-level “best practices”.
You’ll play a key role in securing our systems and eventually take ownership of technical implementation and decision-making.
We are building a range of products — from an advanced crypto payment solution evolving into a full blockchain ecosystem with real-world impact, to a comprehensive platform featuring its own blockchain, non-custodial wallet, and stablecoin protocol designed for diverse use cases.

Requirements

• Solid understanding of DevSecOps, infrastructure and Zero Trust models
• Experience securing cloud-based or hybrid environments
• Comfortable with CI/CD systems, internal APIs, identity/access flows
• Capable of performing independent audits, assessments, and investigations
• Experience with analyzing logs, traffic, or reverse-engineering APIs is a plus
• Strong problem-solving mindset and self-direction
• Experience with Blockchain Security infrastructure
• Experience with Hash Keys & Cryptography

Would be a plus

• Previous experience in outsourcing or multi-project environments
• Product background also welcome — if you’re ready to swim across multiple streams, adapt priorities, and handle shifting scopes confidently
• Experience with bare-metal infrastructure

Responsibilities

• Build and maintain secure development and delivery pipelines
• Define and enforce access boundaries, response processes, and security policies
• Detect and prevent data leaks, monitor logs, and investigate anomalies
• Contribute to architecture and infrastructure decisions with a security-first mindset
• Analyze incidents, model threats, and assess risks end-to-end
• Context-switch rapidly while maintaining focus and ownership

We offer

• Competitive compensation
• Social package (24 working days of annual leave, 5 paid sick days)
• Flexible working hours
• Challenging projects in diverse business domains and a variety of tech stacks
• Personal development and professional growth opportunities
• Work with talented, ambitious and family-feel teams
• Educational possibilities: corporate courses, knowledge hubs, and in-house English classes
• Compensation for your professional certification & support for your learning activities
• Opportunity to choose IT equipment you like
• Corporate social responsibility

Security isn’t a state — it’s a process. And we’re looking for someone who knows how to drive it.

Softsich is a young and ambitious company making big waves in the world of digital entertainment. We combine strategic vision with deep tech expertise to build and scale high-performance products. Right now, we’re looking for a Security Engineer to strengthen our internal infrastructure and help automate key security workflows.

Your key responsibilities will include:

– Monitor and analyze security alerts across multiple security platforms (SIEM, EDR, SOAR)
– Lead Incident Response: serve as primary responder to security alerts, perform initial triage, conduct investigations, and coordinate remediation
– Enhance Detection Capabilities: design, implement, and fine-tune detection rules and alerts across cloud environments
– Conduct endpoint, network, and application log analysis to identify suspicious activity
– Collaborate with IT, DevOps, and Compliance teams to enforce security standards and best practices
– Assist in improving incident response processes, playbooks, and operational practices
– Stay informed about emerging cybersecurity threats, trends, and industry developments
– Deploy and manage MDM/UEM solutions (Jamf, Jumpcloud) across all endpoints
– Advocate for best practices in IT and change management to strengthen security posture
– Define and enforce security policies for workstations (passwords, encryption, restrictions, app controls)
– Perform regular audits and compliance checks aligned with corporate standards
– Monitor device health and security compliance, respond to related alerts
– Coordinate patching and updates on endpoints through MDM
– Conduct inventory and asset tracking, including remote wipe and lock management
– Provide endpoint security reporting and metrics to IT leadership and compliance
– Collaborate with incident response teams on mobile endpoint incidents

It’s a match if you have:

– 3+ years in IT Operations, System Administration, or related roles
– Experience in security threat analysis or incident response, ideally within a SOC
– Proven experience responding to and managing incidents in cloud environments (AWS, Azure, GCP) and SaaS services (Google Workspace, Atlassian)
– Proficiency with SIEM platforms, including rule creation, tuning, and maintenance
– Strong knowledge of cloud security monitoring tools and techniques
– Understanding of network infrastructure
– Experience analyzing endpoint, network, and application logs for anomalies
– Practical understanding of common attack vectors and how to detect them
– Experience with security automation and scripting for incident response workflows
– Understanding of IT system architecture, network design, and IT/change management processes
– Experience with virtualization technologies
– Familiarity with identity management
– Proficiency in platforms used for information security investigations and triage
– Fluency in Ukrainian at C1 level or native

Nice to have:

– Experience with cloud-native security tools and services
– Familiarity with scripting or automation (PowerShell, Bash, Python)
– Experience with endpoint detection solutions and email security technologies
– Knowledge of IT security audit techniques

What we offer:

– A competitive salary
– Remote work format or a modern office in Warsaw and/or Kyiv
– Flexible working hours
– An incredibly friendly team where everyone is ready to share knowledge, help, and support
– 24 working days of paid annual vacation
– Paid sick leave
– Health insurance (available for specialists based in Ukraine; other countries — in progress)
– Zero joules of energy to the aggressor state, its affiliated businesses, or partners
– Conference and business travel expenses covered (where applicable)
– Birthday greetings (because you matter!)
– Online and offline teambuilding events
– Corporate celebrations

👉 Send over your CV now — we’d love to get to know you better!