Jobs Security

We are looking for a Lead Information Security Specialist to join our team

Job Responsibilities:
 

• Ensuring compliance with the PCI DSS standard;
• Maintaining compliance with ISO 27001;
• Maintaining compliance with ISO 27701 (GDPR);
• Monitoring the operation and measuring the effectiveness of the Information Security Management System (ISMS);
• Providing employees with the required amount of information security training materials and organizing relevant training sessions;
• Conducting personnel background checks;
• Preparing information security status reports;
• Developing internal policies and documentation related to the implementation and operation of the Information Security Management System.
   

Required Knowledge and Skills:
 

• Strong knowledge and understanding of networking principles;
• Understanding of monitoring systems (SIEM);
• Hands-on experience with Active Directory—based domains;
• Knowledge of virtualization systems;
• Server administration knowledge, including Linux (Ubuntu-based) environments;
• In-depth knowledge of PCI DSS, ISO 27001, and GDPR requirements;
• Experience in developing regulatory and methodological documentation (concepts, policies, procedures, regulations, guidelines, instructions, etc.);
• Knowledge of risk assessment methodologies, organizational and technical information security controls, as well as information security technologies and software/hardware protection solutions.

Our client is a cybersecurity services company expanding its audit capabilities. They are building a trusted pool of experienced Cybersecurity Auditors to collaborate with on a long-term basis across multiple client projects.

Work is organized into predefined “audit packs” with a clear scope and estimated effort, so expectations are consistent and workloads can be planned fairly in advance.

What You’ll Do

Depending on your expertise, you may work on:

• Technical security audits (infrastructure, cloud, hybrid environments)
• Vulnerability assessments and risk analysis
• Compliance & regulatory audits aligned with frameworks such as ISO 27001, ENS, NIST, CIS
• Security posture reviews and gap analysis
• Evidence collection and validation (documentation + technical proof)
• Audit reporting with clear, actionable recommendations

Projects will vary in size and complexity; workload and scope are agreed upfront.

How the “Audit Packs” Work

Each pack typically includes:

• Defined scope (technical, compliance, or mixed)
• Review of documentation and/or technical evidence
• Identification of risks and gaps
• Actionable findings and recommendations
• A structured report aligned to the applicable framework

Each pack comes with an estimated number of hours based on repeat delivery. You’ll be asked to:

• Confirm whether the scope fits the estimate
• Highlight where estimates may be risky or unclear
• Suggest ways to improve quality and efficiency

The goal is a balanced model that scales over time not unrealistic timelines.

What We’re Looking For

• Proven experience as a Cybersecurity Auditor or Security Consultant
• Strong understanding of security controls, risks, and best practices
• Ability to write clear, professional audit reports (English required; Spanish is a plus)
• Hands-on experience with one or more frameworks: ISO / NIST / ENS / CIS (or similar)
• Reliable, detail-oriented, comfortable working with minimal supervision

Nice to Have

• Security certifications (e.g., Offensive Security, Altered Security, or similar)
• Experience auditing both SMEs and enterprise environments
• Familiarity with cloud platforms (AWS, Azure, GCP)

We are looking for a Security Architect to join our teams!

Requirements:

- 7+ years of experience in Application Security, Security Architecture, or Product / Platform Security roles.
- Hands-on experience designing security architectures for complex, distributed systems.
- Strong understanding of secure SDLC, security-by-design principles, and architectural security patterns.
- Proven experience leading threat modeling and architectural security reviews for critical systems.

Deep expertise in:
- Application & API Security
- Cloud Security (AWS preferred)
- Identity & Access Management (IAM)
- Solid understanding of modern architectures: microservices, event-driven systems, Kubernetes.
- Ability to make sound security architecture decisions under uncertainty and business constraints.
- Experience collaborating with senior engineers, architects, and engineering leadership.

Will be plus:

- Experience working in regulated or security-sensitive industries.
- Practical experience implementing Zero Trust and Defense-in-Depth models.
- Experience with security governance across multiple products and teams.
- Experience building reusable security patterns and reference architectures.

Responsibilities:

- Define, own, and evolve the target-state security architecture for applications, APIs, and cloud platforms.
- Embed security-by-design principles into product development lifecycles and architectural standards.
- Lead threat modeling activities for key products and platforms.
- Act as a company-wide authority on application and cloud security architecture.
- Develop and maintain security architecture standards, guidelines, reference architectures, and patterns.
- Advise engineering leadership, product owners, and management on security risks and trade-offs.
- Collaborate with Legal, Compliance, and Risk teams to align security decisions with business priorities.

Our benefits to you:

☘️An exciting and challenging job in a fast-growing holding, the opportunity to be part of a multicultural team of top professionals in Development, Architecture, Management, Operations, Marketing, Legal, Finance and more
🤝🏻Great working atmosphere with passionate experts and leaders, sharing a friendly culture and a success-driven mindset is guaranteed
🧑🏻‍💻Modern corporate equipment based on macOS or Windows and additional equipment are provided
🏖Paid vacations, sick leave, personal events days, days off
💵Referral program — enjoy cooperation with your colleagues and get the bonus
📚Educational programs: regular internal training sessions, compensation for external education, attendance of specialized global conferences
🎯Rewards program for mentoring and coaching colleagues
🗣Free internal English courses
✈️In-house Travel Service 
🦄Multiple internal activities: online platform for employees with quests, gamification, presents and news, PIN-UP clubs for movie / book / pets lovers and more
🎳Other benefits could be added based on your location

We are looking for an Internal Auditor to strengthen financial transparency, risk management, and internal controls across a group of companies.

This is a hands-on role with broad exposure to operational, financial, and analytical aspects of the business. You will work closely with finance teams and C-level stakeholders of portfolio companies, owning audit processes end-to-end and driving real improvements, not just reporting issues.
 

Responsibilities

• Plan, perform, and manage internal audits across a portfolio of small, medium, and large companies
• Maintain a holistic view of audits, covering operational, financial, and risk-related areas
• Review and assess internal controls and business processes to identify gaps, risks, and inefficiencies
• Prepare and review financial statements in accordance with IFRS (when required)
• Work closely with finance and accounting teams of portfolio companies
• Communicate audit findings and recommendations to management and C-level executives
• Develop clear, actionable recommendations to improve processes and mitigate risks
• Participate in the development and improvement of internal audit methodologies
• Lead, mentor, and support junior team members
• Handle additional financial and analytical tasks as needed
   

Requirements

• 4+ years of experience in internal audit or external audit
• Experience in IT and/or iGaming will be a strong advantage
• ACA or ACCA qualification (fully or partially qualified)
• Solid knowledge of IFRS and auditing standards (ISAs)
• Strong analytical mindset and attention to detail
• Proficiency in Microsoft Office (Tableau experience is a plus)
• English — B1+ (written and spoken)
• Fluent Ukrainian and Russian
• Strong communication and stakeholder management skills
• Ability to work under pressure and meet deadlines
   

First 90 Days Goals

• Complete onboarding and gain a clear understanding of portfolio companies and their structures
• Perform audits of selected entities and identify key risk areas
• Build strong working relationships with finance teams and management
• Deliver clear, practical recommendations with measurable impact
   

What We Offer

• Competitive compensation with performance-based incentives
• Health insurance compensation
• 21 paid vacation days per year
• 25 paid sick days (no doctor’s note required)
• 3 additional paid personal days annually
• Partial reimbursement for psychological support sessions
• $600 annual education budget
• Paid business trips to Cyprus HQ
• Transparent processes, autonomy, and trust — no micromanagement

About Playson

Founded in 2012, Playson is a leading iGaming supplier recognized worldwide. We provide our partners with a high-end, microservice-based Platform-as-a-Service capable of processing billions of financial transactions daily. Our global infrastructure is designed for cross-regional performance, with a relentless focus on latency reduction and flawless player experience, regardless of bandwidth or connectivity.

We are now building a Platform & Cloud Security function and are looking for the first hire to launch and lead it. This is a rare opportunity to set the standards from scratch and shape how security is embedded into a modern, high-load, cloud-native environment.

Key Responsibilities

• Establish the DevSecOps function at Playson, defining best practices and security standards across the Platform Tribe.
• Integrate security into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning).
• Harden infrastructure and runtime environments (Linux, Docker, Kubernetes/EKS, RBAC).
• Design and enforce cloud security controls in AWS (IAM least-privilege, GuardDuty, Security Hub, encryption at rest/in transit).
• Define and maintain IaC security policies (Terraform/Terragrunt, drift detection, policy-as-code).
• Implement and manage secrets management solutions (Vault, AWS Secrets Manager).
• Build centralized security monitoring & alerting (Datadog, ELK, CloudWatch, SIEM/SOAR).
• Lead vulnerability management and threat modeling practices.
• Automate workflows through scripting (Python, Bash).
• Partner with backend, infrastructure, and platform engineers to embed security in design & delivery.
• Contribute to compliance readiness (ISO 27001, GDPR, PCI-DSS).
• Act as a security subject-matter expert, mentoring engineers and raising awareness.
• Continuously evaluate and implement new security tools and approaches.

Requirements

• 5+ years in Security Engineering / DevSecOps roles, with proven success delivering secure infrastructure and applications.
• Strong skills in Python and Bash for building and automating security workflows.
• Cloud Security (AWS focus) - Deep knowledge of IAM least-privilege design, encryption at rest/in transit, GuardDuty, Security Hub, and best practices for securing multi-account environments.
• Implementation of security controls in pipelines (SAST, DAST, dependency scanning, container image scanning, policy-as-code).
• Hardening of Linux systems, Docker, Kubernetes/EKS; strong experience with RBAC, PodSecurity/OPA/Gatekeeper/Kyverno policies.
• Terraform/Terragrunt, including policy-as-code, drift detection, and compliance enforcement.
• Expertise with HashiCorp Vault, AWS Secrets Manager, or equivalent.
• Hands-on with centralized logging, SIEM/SOAR tools (Datadog Security, ELK, CloudWatch, etc.) and incident response workflows.
• In-depth understanding of secure network design, segmentation, and monitoring.
• Experience with tools enabling temporary, approval-based access (Teleport, AWS IAM Identity Center, Okta, etc.).
• Ability to design and enforce zero trust principles (continuous verification, microsegmentation, contextual access).
• Familiarity with SBOM generation (CycloneDX, Syft), artifact signing (Cosign, Sigstore), and applying SLSA/in-toto frameworks.
• Understanding of ISO 27001, GDPR, PCI-DSS (iGaming relevance), plus experience automating compliance checks with IaC and policy engines.

Nice to have:

• Exposure to Kafka or ClickHouse in security-sensitive environments.
• Familiarity with GitOps tooling (FluxCD/ArgoCD).
• Broader knowledge of SOC 2, HIPAA, or other regulatory frameworks.

What We Offer

• Compensation at top industry standards + quarterly bonuses based on transparent evaluation.
• Remote-first flexibility and adaptable working hours.
• Unlimited paid vacation & sick leave.
• Comprehensive medical insurance (for you and your partner).
• Financial support for major life events.
• Professional growth budget for courses, training, and certifications.

Recruitment Process

1. HR Interview – 45 min
2. Hiring Manager Interview – 60 min
3. Technical Interview – 90 min
4. Final Interview with Head of Platform & CTO – 60 min

Softsich is a young and ambitious international product IT company that builds scalable digital B2B platforms. We are looking for an experienced Internal Auditor who will strengthen our internal audit and risk management system.

Your key responsibilities will include:

• Planning and conducting risk-based internal audits (finance, payments, operations, marketing, etc.)
• Auditing the full payment cycle: deposits, withdrawals, bonuses, commissions, chargebacks, crypto
• Assessing the effectiveness of internal controls and governance
• Analyzing fraud risks and abuses, including internal cases
• Auditing partners, PSPs, providers, and affiliates
• Verifying the accuracy of management and financial reporting
• Preparing audit reports for CFO / CEO / Board
• Developing and monitoring corrective action plans
• Providing advisory support to the business on risk and control matters
• Participating in the development and update of internal policies and procedures 

It’s a match if you have:

• 3+ years of experience in internal audit / financial audit / risk & compliance
• Experience in fintech / payments / high-risk businesses is a strong advantage
• Hands-on experience with risk-based auditing
• Deep understanding of payment infrastructure (fiat + crypto)
• Experience working with multi-jurisdictional structures
• Experience interacting with C-level executives and/or the Board
• Strong independence in audit planning and decision-making

What we offer:

• Flexible schedule and remote format or offices in Warsaw/Kyiv - you choose.
• 24 paid vacation days, sick leaves, and health insurance (UA-based, other locations in progress).
• A supportive, friendly team where knowledge-sharing is part of the culture.
• Coverage for professional events and learning.
• Birthday greetings, team buildings, and warm human connection beyond work.
• Zero joules of energy to the aggressor state, its affiliated businesses, or partners.

Send your CV and let’s get to know each other better!

Playtech‘s Security unit is looking for an experienced Cloud Security Engineer with strong communication skills and security‑focused critical thinking to support business needs.

Job Description

Your influential mission. You will...

• Oversee cloud security governance and monitoring
• Maintain a Cloud Security Posture Management (CSPM) solution
• Collaborate with DevOps, IT, development and GRC teams to provide subject‑matter expertise in the Google Cloud domain
• Support and maintain cloud‑native security controls
• Conduct security reviews for cloud environments
• Develop documentation outlining security recommendations and best practices
• Identify weak spots, missing controls, vulnerabilities, providing clear recommendations for improvement and remediation
• Stay current on emerging security threats, vulnerabilities, and cloud security controls
• Participate in investigations and responses to potential security incidents

• Implement automation for security‑related tasks

   

Qualifications

Components for success. You...

• Bring at least 2 years of experience in a similar technical security role
• Demonstrate experience with Google Cloud Platform (GCP) and Google Workspace
• Apply strong knowledge of CSPM tools — preferably WIZ
• Understand how cloud infrastructure works, including architecture best practices, managed services, typical vulnerabilities, mitigations, and security best practices
• Communicate clearly, positively, and persuasively on security topics to both technical and non‑technical stakeholders, building effective relationships
• Maintain a strong security mindset with a business‑enablement focus
• Leverage familiarity with modern application development approaches (infrastructure as code, CI/CD, containers, serverless, code/artifact repositories, etc.), with hands‑on experience considered a plus
• Possess broad IT and enterprise architecture knowledge (TCP/IP stack, relevant protocols/technologies—firewall, proxy, etc.; server OS like Windows/Linux; web/database servers, etc.)
• Use basic scripting skills (Python/Shell) to automate and streamline daily tasks
• Communicate effectively in spoken and written English

• Operate effectively within an enterprise environment

   

You’ll get extra points for...

• Knowledge of AWS or Azure cloud

• Relevant security, systems, networking certifications

   

Thrive in a culture that values...

• Collaborating with a true product company where your impact is visible
• Growing through a structured educational program designed to support your development
• Continuously learning in a collaborative environment where experienced colleagues help you expand your skills

• Working in a friendly, supportive, and inclusive atmosphere

   

Additional Information

SECURITY TEAM
A dynamic and innovative team that focuses on developing and maintaining networks across Playtech. If you’re looking for a challenging and rewarding work environment, the Security Unit at Playtech is a great place to be!

Playtech is an equal opportunities employer. Our mission is to welcome everyone and create inclusive teams. We celebrate differences and encourage everyone to join us and be themselves at work.

Our Mission and Vision

At Solidgate, our mission is clear: to empower outstanding entrepreneurs to build exceptional internet companies. We exist to fuel the builders — the ones shaping the digital economy — with the financial infrastructure they deserve. To achieve that, we’re on a bold path: to become the #1 payments orchestration platform in the world.
 

About the Role

Solidgate builds financial infrastructure for fast-growing internet businesses worldwide. Our platform processes millions of payments daily and operates in a highly regulated fintech environment, where security is a core product requirement — not an afterthought.
 

Our engineering organization builds and scales a complex cloud-native platform with over 120 microservices. As the company continues to grow, we are strengthening our security organization and introducing a dedicated Application Security Engineer role.
 

The mission of this role is to keep our business and revenue safe by building security into the way we develop software — from early design decisions to CI/CD pipelines and live production systems.
 

This is a hands-on Application Security role focused on embedding security into the software development lifecycle and reducing real product risks.
 

You will work closely with engineering teams to:

• design secure application architectures
• improve secure coding practices
• detect vulnerabilities early in the development lifecycle

• continuously improve application security as part of everyday engineering work

   

You will have a direct impact on how secure software is built across a large microservices ecosystem, influencing standards, tooling, and engineering culture.
 

Explore our technology stack ➡️ here (https://solidgate-tech.github.io/)

 

What You Will Own

As an Application Security Engineer, you will be responsible for application-level security across our fintech platform, including:
 

• Building and maintaining secure coding standards and supporting their adoptionl across development teams
• Conducting threat modeling during architecture and design stages
• Implementing and improving application security testing, including: SAST, DAST, Dependency and secrets scanning, CI/CD security checks
• Performing regular application security assessments and maturity evaluations (OWASP ASVS, OWASP SAMM)
• Managing the full vulnerability lifecycle: triage, prioritization, remediation support, and validation
• Supporting external penetration testing and Bug Bounty programs
• Identifying and mitigating security risks in cloud environments and CI/CD pipelines
   

You are a great fit if you have

• At least 2 years of experience in Application Security or Product Security
• Hands-on experience with OWASP Top 10 vulnerabilities
• Practical experience with: secure code reviews, threat modeling, SAST and DAST tools and their integration into CI/CD pipelines
• Strong understanding of web application and API security
• Ability to communicate clearly with engineers and work as a partner rather than a blocker
   

Nice to Have

• Experience with container security and cloud security tooling
• Familiarity with DevSecOps and shift-left security practices
• Experience automating application security processes
• Background as a software engineer or close collaboration with development teams
  
   

Why Join Solidgate?
 

Build security that matters. Lead initiatives that define how security is embedded into our software development lifecycle across multiple teams and products.

Your expertise counts. Enjoy real autonomy — propose, test, and implement security practices and tooling that directly improve product resilience and reduce risk.

Room to experiment. Apply modern AppSec, automation, and shift-left approaches with full support from engineering and security leadership.

Impact & visibility. See the results of your work directly in more secure products, fewer vulnerabilities, and stronger engineering practices.

Collaborative environment. Work side by side with experienced, curious engineers who treat security as a shared responsibility and value partnership over gatekeeping.

The Extras: 30+ days off, unlimited sick leave, free office meals, health coverage, and Apple gear to keep you productive. Courses, conferences, sports and wellness benefits — all designed for ideas, focus, and fun.
 

Tomorrow’s fintech needs your mindset. Come build it with us.
 

🫂 Know top talent? We’re always on the lookout. Recommend someone for our role, and if they get hired, there’s a bonus waiting for you — simple as that.

About Playson

Founded in 2012, Playson is a leading iGaming supplier recognized worldwide. We provide our partners with a high-end, microservice-based Platform-as-a-Service capable of processing billions of financial transactions daily. Our global infrastructure is designed for cross-regional performance, with a relentless focus on latency reduction and flawless player experience, regardless of bandwidth or connectivity.

We are now building a Platform & Cloud Security function and are looking for the first hire to launch and lead it. This is a rare opportunity to set the standards from scratch and shape how security is embedded into a modern, high-load, cloud-native environment.

Key Responsibilities

• Establish the DevSecOps function at Playson, defining best practices and security standards across the Platform Tribe.
• Integrate security into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning).
• Harden infrastructure and runtime environments (Linux, Docker, Kubernetes/EKS, RBAC).
• Design and enforce cloud security controls in AWS (IAM least-privilege, GuardDuty, Security Hub, encryption at rest/in transit).
• Define and maintain IaC security policies (Terraform/Terragrunt, drift detection, policy-as-code).
• Implement and manage secrets management solutions (Vault, AWS Secrets Manager).
• Build centralized security monitoring & alerting (Datadog, ELK, CloudWatch, SIEM/SOAR).
• Lead vulnerability management and threat modeling practices.
• Automate workflows through scripting (Python, Bash).
• Partner with backend, infrastructure, and platform engineers to embed security in design & delivery.
• Contribute to compliance readiness (ISO 27001, GDPR, PCI-DSS).
• Act as a security subject-matter expert, mentoring engineers and raising awareness.
• Continuously evaluate and implement new security tools and approaches.

Requirements

• 5+ years in Security Engineering / DevSecOps roles, with proven success delivering secure infrastructure and applications.
• Strong skills in Python and Bash for building and automating security workflows.
• Cloud Security (AWS focus) - Deep knowledge of IAM least-privilege design, encryption at rest/in transit, GuardDuty, Security Hub, and best practices for securing multi-account environments.
• Implementation of security controls in pipelines (SAST, DAST, dependency scanning, container image scanning, policy-as-code).
• Hardening of Linux systems, Docker, Kubernetes/EKS; strong experience with RBAC, PodSecurity/OPA/Gatekeeper/Kyverno policies.
• Terraform/Terragrunt, including policy-as-code, drift detection, and compliance enforcement.
• Expertise with HashiCorp Vault, AWS Secrets Manager, or equivalent.
• Hands-on with centralized logging, SIEM/SOAR tools (Datadog Security, ELK, CloudWatch, etc.) and incident response workflows.
• In-depth understanding of secure network design, segmentation, and monitoring.
• Experience with tools enabling temporary, approval-based access (Teleport, AWS IAM Identity Center, Okta, etc.).
• Ability to design and enforce zero trust principles (continuous verification, microsegmentation, contextual access).
• Familiarity with SBOM generation (CycloneDX, Syft), artifact signing (Cosign, Sigstore), and applying SLSA/in-toto frameworks.
• Understanding of ISO 27001, GDPR, PCI-DSS (iGaming relevance), plus experience automating compliance checks with IaC and policy engines.

Nice to have:

• Exposure to Kafka or ClickHouse in security-sensitive environments.
• Familiarity with GitOps tooling (FluxCD/ArgoCD).
• Broader knowledge of SOC 2, HIPAA, or other regulatory frameworks.

What We Offer

• Compensation at top industry standards + quarterly bonuses based on transparent evaluation.
• Remote-first flexibility and adaptable working hours.
• Unlimited paid vacation & sick leave.
• Comprehensive medical insurance (for you and your partner).
• Financial support for major life events.
• Professional growth budget for courses, training, and certifications.

Recruitment Process

1. HR Interview – 45 min
2. Hiring Manager Interview – 60 min
3. Technical Interview – 90 min
4. Final Interview with Head of Platform & CTO – 60 min

The Role

We are looking for an Application Security Engineer to be a core technical pillar of our new Application Security team. This is a hands-on technical leadership role without people management responsibilities.

You will be the go-to person for security architecture, secure coding practices, and vulnerability management.

Your primary mission is to ensure the integrity of our core platforms—the Exchange and GRX Pay—by building automated security systems and defining the standards that protect our users' assets. You will analyze the existing infrastructure to understand its strengths and weaknesses, developing a clear strategy to harden and evolve it.

While this is a remote-first role, you should be based in a CET-adjacent timezone to collaborate effectively with colleagues. You can also expect to travel for periodic in-person team gatherings.

What You’ll Do

• Architect Secure Systems: Design, build, and maintain the security frameworks for our web and mobile applications, ensuring security is baked into the platform from the start.
• Audit and Hardening: Analyze the existing codebase and infrastructure to identify vulnerabilities. Develop and execute a strategy for incrementally refactoring legacy features into the new, secure platform.
• Secure the Exchange: Profile and optimize our applications to ensure a reliable and secure experience for the data-intensive Golden Ratio Exchange.
• Set the Standard: Define and enforce best practices for code quality, security testing, and automated vulnerability scanning (e.g., SAST, DAST) across all codebases.
• Technical Leadership: Act as the primary technical mentor for other engineers regarding secure development life cycles (SDLC). Solve the most complex challenges related to cryptography and data protection.
• Collaborate: Work closely with the Security Manager and Product teams to translate business needs into scalable, secure technical solutions.

What We’re Looking For

• Experience: 3+ years of professional experience in application security or software engineering with a heavy focus on security.
• Legacy Systems Experience: Demonstrable experience working with and securing large, existing codebases. You see complex legacy code as a challenge to be solved, not avoided.
• Technical Expertise: Expert-level knowledge of web and mobile security vulnerabilities (OWASP Top 10) and deep familiarity with TypeScript or React environments.
• Security Mindset: Experience building or maintaining shared security libraries or automated security tooling. You enjoy building tools that make other developers more productive and secure.
• Quality Focus: A deep commitment to code quality, automated testing, and integrating security into CI/CD pipelines.
• Location: Based in a timezone adjacent to Central European Time (CET) for optimal team collaboration.
• Communication: Excellent skills in articulating complex technical security concepts clearly to both technical and non-technical stakeholders.

What We Offer

• High-Impact Role: A unique opportunity to be a founding technical expert for application security, making key architectural decisions.
• Clear Ambition: The chance to join a company with a clear goal of becoming the #1 crypto platform in the EU.
• Greenfield Culture, Brownfield Code: A rare chance to join a new company culture with no baggage, while solving the interesting technical challenges of a mature product.
• Flexibility & Connection: A 100% remote-first role with periodic, all-expenses-paid team gatherings and a new hub in Ticino, Switzerland.

We are looking for a Senior Backend Engineer with strong DevOps experience to join a modern, large-scale cybersecurity platform. This role focuses on backend architecture, distributed systems, and production infrastructure, with a high level of ownership of critical systems running in cloud environments.

The project is a well-funded, post–Series B cybersecurity product with a strong engineering-driven culture. You will work on complex, production-grade systems, collaborate closely with engineering leadership, and contribute to long-term architectural decisions in a fast-paced startup environment.

Benefits

• Long-term, full-time engagement
• High level of ownership over backend architecture and production systems
• Challenging engineering problems in a cybersecurity domain
• Modern cloud-native stack and distributed systems
• Close collaboration with senior engineers and product leadership
• Opportunity to influence technical direction and system evolution

About the client:

FlexMade is a software development company headquartered in Seattle, USA. We have delivery centers and branch offices in the USA, Germany, Poland, and Ukraine.

We create reliable and scalable software for businesses from North America and Europe. We do it using modern programming technologies and, of course, by hiring highly experienced and qualified personnel.

With over 15 years of experience in the IT market, we have polished the high efficiency of our software development processes. We’re fast and responsive, honest and professional. Besides, we’re a crew of really easy-going people!

Requirements:

• 8+ years of professional software development experience
• Strong backend expertise with Node.js (TypeScript, NestJS) and Python
• Proven experience designing and maintaining distributed systems / microservices architectures
• Strong DevOps experience with production cloud infrastructure
• Deep understanding of scalable systems and backend architecture
• Strong experience with AWS (mandatory)
• Hands-on experience with Kubernetes and containerized environments
• Strong experience with PostgreSQL and data-intensive systems
• Prior startup experience (mandatory)
• Ability to operate independently with high ownership and technical maturity

Responsibilities:

• Design, develop, and maintain backend services using Node.js (TypeScript) and Python
• Lead architectural improvements and major refactoring initiatives across distributed systems
• Own production systems, including monitoring, debugging, and incident response
• Drive improvements in system reliability, performance, and operational excellence
• Work closely with cloud infrastructure and DevOps tooling
• Collaborate with multiple engineering and product teams to deeply understand system workflows
• Design scalable backend architectures with clear trade-off analysis (performance, cost, scalability, maintainability)
• Participate in technical decision-making and long-term architectural planning
• Review code and contribute to raising overall engineering quality and standards
• Nice to Have:
• Experience with Dagster or other data orchestration platforms
• Experience with GCP or Azure in addition to AWS
• Infrastructure-as-Code experience (Terraform or CloudFormation)
• Experience with cloud cost optimization initiatives
• Experience working closely with senior stakeholders or leadership teams

Our Mission and Vision

At Solidgate, our mission is clear: to empower outstanding entrepreneurs to build exceptional internet companies. We exist to fuel the builders — the ones shaping the digital economy — with the financial infrastructure they deserve. To achieve that, we’re on a bold path: to become the #1 payments orchestration platform in the world.

We believe the future of payments is shaped by people who think big, take ownership, and bring curiosity and drive to everything they do. That’s exactly the kind of teammates we want on board.
 

About the Role

Solidgate builds financial infrastructure for fast-growing internet businesses worldwide. Our platform processes millions of payments daily and operates in a highly regulated fintech environment, where security is a fundamental business requirement.

As our company scales, we are strengthening and expanding our Information Security team and are looking for an Information Security Engineer to support and develop our corporate and operational security practices.
 

The mission of this role is to reduce the risk of compromise of corporate accounts, devices, and SaaS systems by:

• maintaining compliance with international security standards
• ensuring controlled and auditable access
• strengthening security awareness across the company
• and supporting effective incident response

This role focuses on corporate security, access management, vulnerability management, and compliance, working closely with engineering, IT, and business teams to ensure Solidgate remains secure, resilient, and audit-ready at all times.
 

What You Will Own

As an Information Security Engineer, you will be responsible for corporate and operational security controls, including:

• Supporting and maintaining ISMS, PIMS, and BCMS frameworks
• Participating in external certifications and audits (PCI DSS, ISO 27001, ISO 27701, ISO 22301, GDPR, DORA)
• Managing access control processes: IAM / SSO / MFA, Joiner—Mover—Leaver processes, regular access reviews and privilege control
• Operating and tuning information security tools, including: vulnerability scanners, IAM and access control systems, anti-phishing tools and security awareness platforms
• Analyzing alerts and findings, including false positives, and driving remediation
• Maintaining and updating asset and information security risk registers
• Supporting incident response activities and post-incident analysis
• Conducting and tracking Disaster Recovery (DRP) and Business Continuity (BCP) tests, ensuring identified gaps are addressed
   

You are a great fit if you have

• 3+ years of experience in Information Security
• Knowledge of at least one security standard: ISO/IEC 27001, SOC 2, or PCI DSS
• Hands-on experience with building and operating an information security management framework, including policies, risk management, and incident response.
• Strong experience with access management (IAM): least privilege principles, RBAC / ABAC, MFA / SSO, Joiner—Mover—Leaver processes and regular access reviews
• Experience configuring and administering security tools such as: IAM solutions, vulnerability scanners, XDR / endpoint protection, anti-phishing and phishing simulation platforms
• Ability to communicate effectively with engineers, IT teams, and external auditors
   

Nice to Have

• Experience participating in or leading external security audits
• Hands-on experience with ISO 22301, ISO 27701, GDPR, or DORA
• Experience automating information security or compliance processes
• Background in security operations or security engineering within a regulated environment
   

Why Join Solidgate?

Build security that protects the business. Own and evolve corporate security controls that safeguard our people, systems, and data at scale.

Your expertise counts. Enjoy real autonomy to improve access management, compliance processes, and operational security tooling.

Room to experiment. Apply modern approaches to security operations, automation, and awareness with strong leadership support.

Impact & visibility. See the results of your work directly in successful audits, reduced risk exposure, and stronger organizational security.

Collaborative environment. Work alongside experienced security professionals, engineers, and stakeholders who value clarity, ownership, and partnership.

The Extras: 30+ days off, unlimited sick leave, free office meals, health coverage, and Apple gear to keep you productive. Courses, conferences, sports and wellness benefits — all designed for ideas, focus, and fun.

Tomorrow’s fintech needs your mindset. Come build it with us.

Location: EU Remote (Preferably Ukrainian speaking) 
Client: Tier-1 Global Tech Leader

About the Role: We are looking for a Security Engineer to act as the human intelligence layer for our client’s AI-driven security initiative. You will be responsible for triaging and validating potential security vulnerabilities across a massive variety of codebases (C#, C++, Rust, TypeScript, JS, etc.). 

This is a unique opportunity to work with high-maturity, top-notch source code at a global scale and help protect software used by billions. Your goal is to distinguish genuine security threats from false positives and provide actionable feedback to senior engineering teams.

Responsibilities:

• Perform deep-dive manual source code analysis on findings generated by AI and SAST tools.
• Determine the "exploitability" of a finding based on data-flow and control-flow analysis.
• Write clear, concise technical reports for developers explaining the vulnerability and why it is a true positive.
• Collaborate with the client to refine AI detection logic based on your triage results.

Requirements:

• 3+ years in Application Security, Security Research, or specialized Quality Assurance.
• The "Polyglot" Mindset: Demonstrated ability to read and understand multiple languages (C#, C++, TypeScript/JS are high priority).
• Deep understanding of common vulnerabilities, such as OWASP Top 10 and SANS Top 25 vulnerabilities.
• Demonstrable manual and SAST source code  review experience
• Education: Degree in CS, Cyber Security, or equivalent experience.
• Language: Professional English (B2).

Bonus Points:

• Pentesting experience and relevant certifications, such as OSCP, OSWE, or GWEB.
• Binary vulnerabilities

About the Role

We are looking for a Senior Application Security Engineer (Cryptography) to join a Client’s team building a Zero-Knowledge, privacy-first product.

This role is for an internal adversary and cryptography architect — someone who validates that our Zero-Knowledge and security claims are mathematically sound, not just marketing statements.

Your mission is to actively attack our own system, identify cryptographic flaws, detect metadata leaks, and prevent key compromise before real attackers do.

Location: Remote
Cooperation Type: Full-time, long-term
Experience Level: Senior
Start: ASAP

Responsibilities

• Audit and validate cryptographic protocols (Signal Protocol, MLS, Zero-Knowledge Proofs / ZK-SNARKs)
• Review and assess security-critical implementations in mobile and backend systems
• Conduct threat modeling for Zero Trust and Zero-Knowledge architectures
• Identify vulnerabilities in mobile applications and cryptographic flows
• Perform security code reviews in Swift, Kotlin, and Java
• Execute penetration testing and security assessments using Burp Suite, Frida, Wireshark, Ghidra
• Perform mobile application security analysis (SAST / DAST)
• Design and review Private Set Intersection (PSI) schemes for secure contact discovery
• Audit secure local storage and offline-first encryption strategies (SQLCipher, Encrypted SQLite)
• Validate hardware-backed security usage (Secure Enclave / Android Keystore)
• Detect and mitigate metadata leaks, privacy risks, and key compromise threats
• Work closely with engineering teams to fix vulnerabilities and improve system security
• Document findings, security recommendations, and cryptographic risks

Requirements

• 6+ years of experience in application security, cryptography, or security engineering
• Deep understanding of cryptographic protocols (Signal Protocol, MLS, Zero-Knowledge Proofs / ZK-SNARKs)
• Strong knowledge of applied cryptography and encryption principles
• Experience reviewing and auditing security-critical code in Swift, Kotlin, or Java
• Experience with mobile application security and client-side threat models
• Hands-on experience with penetration testing tools (Burp Suite, Frida, Wireshark, Ghidra)
• Experience conducting SAST / DAST and mobile security assessments
• Experience designing or reviewing Private Set Intersection (PSI) solutions
• Experience with threat modeling for Zero Trust architectures
• Strong understanding of secure local storage and offline-first encryption (SQLCipher, encrypted SQLite)
• Familiarity with hardware-backed security (Secure Enclave, Android Keystore)
• Ability to think like an attacker and proactively break systems before others do
• English: Upper-Intermediate or higher

Nice to Have

• Experience working on Zero-Knowledge systems in production
• Experience with formal cryptographic verification or research
• Experience with reverse engineering mobile applications
• Background in security research, bug bounty, or CTFs
• Experience with privacy-preserving systems or anonymous networks
• Contributions to open-source security or cryptography projects

What We Offer

• Competitive compensation according to your experience (gross system)
• Fully remote work and long-term cooperation
• Opportunity to work on a deeply technical, cryptography-heavy security role
• Direct impact on core Zero-Knowledge and privacy architecture
• Fast hiring process and quick decision
• Supportive engineering culture focused on security, correctness, and ownership

What happens after you apply

• Quick CV review
• Short recruiter call
• Technical interview with LITSLINK team
• Technical deep-dive with the Client
• Fast decision & offer

About the Role

We are looking for a Senior Secure Mobile Engineer to join a Client’s team building a Zero-Knowledge, privacy-first mobile product.

In this role, the mobile client is the primary security boundary — responsible for encryption, key management, secure storage, and protecting sensitive data on-device.
You will work deeply with iOS and Android internals, applied cryptography, and mobile security.

Location: Remote
Cooperation Type: Full-time, long-term
Experience Level: Senior
Start: ASAP

Responsibilities

• Design, develop, and maintain a security-critical mobile client (iOS & Android)
• Implement client-side cryptography, key generation, and secure session handling
• Work with Swift (iOS) and Kotlin / Java (Android)
• Implement secure local storage using iOS Keychain, Android Keystore, and SQLCipher / encrypted SQLite
• Apply memory hygiene practices to prevent leakage of sensitive data (keys, plaintext)
• Implement certificate pinning and protect against Man-in-the-Middle attacks
• Build privacy-first, offline-capable features aligned with Zero-Knowledge principles
• Implement or integrate secure messaging protocols (Signal Protocol, MLS)
• Work with mobile threat models and platform-level security
• Collaborate with backend, cryptography, and DevSecOps teams to ensure end-to-end security
• Participate in security reviews, threat modeling, and architecture discussions
• Write clean, maintainable, and well-documented production code

Requirements

• 5+ years of mobile development experience (iOS / Android)
• Strong hands-on experience with Swift (iOS)
• Strong hands-on experience with Kotlin or Java (Android)
• Experience with mobile security and secure data handling
• Solid understanding of applied cryptography and encryption principles
• Experience with iOS Keychain and Android Keystore
• Experience implementing secure local storage (SQLCipher / encrypted SQLite)
• Experience with certificate pinning and mobile network security
• Experience working on security-critical or privacy-sensitive mobile apps
• Understanding of offline-first architectures on mobile
• Ability to take ownership of high-risk security features
• English: Upper-Intermediate or higher

Nice to Have

• Experience implementing Signal Protocol (X3DH, Double Ratchet) or MLS
• Experience with Zero-Knowledge systems
• Experience with Tor / Orbot or anonymous networking
• Experience with mobile penetration testing or reverse engineering
• Experience with Flutter / Dart (optional)
• Experience with on-device AI (TensorFlow Lite, MediaPipe, offline inference)
• Experience with advanced mobile OS security or anti-tampering techniques

What We Offer

• Competitive compensation according to your experience (gross system)
• Fully remote work and long-term cooperation
• Opportunity to work on a high-security, privacy-first product
• Direct impact on core mobile security architecture
• Fast hiring process and quick decision
• Supportive engineering culture focused on security, ownership, and quality

What happens after you apply

• Quick CV review
• Short recruiter call
• Technical interview with LITSLINK team 
• Fast decision & offer