Jobs

We are the creators of a new fintech era!
Our mission is to revolutionize the world by making blockchain technology accessible to everyone in everyday life. WhiteBIT is a global team of more than 1,200 professionals united by a shared vision of shaping the Web3 future.
We are building our own blockchain ecosystem, ensuring maximum transparency and security for over 8 million users worldwide. Our cutting-edge solutions, rapid adaptation to market challenges, and technological excellence set us apart from traditional companies.
Our official partners include the National Football Team of Ukraine, FC Barcelona, Lifecell, FACEIT, and VISA.


The future of Web3 starts with you — join us Cybersecurity Compliance Analyst !

Requirements

Hard Skills:

- Strong understanding of cybersecurity frameworks and regulations (ISO/IEC 27001, SOC 2, PCI DSS, GDPR, MICA/DORA, CCSS).

- Hands-on experience with internal audits and evidence collection.

- Knowledge of risk management principles (ISO 31000, NIST RMF is a plus).

- Familiarity with network and cloud security basics, data protection, and secure development lifecycle (SSDLC).

- Understanding of business continuity and disaster recovery concepts.

Soft Skills:

- Attention to detail and strong analytical mindset.

- Excellent written and verbal communication skills.

- Ability to work effectively with cross-functional teams.

- Critical thinking and problem-solving approach.

- Adaptability and willingness to learn.

Responsibilities

- Support the implementation and maintenance of cybersecurity governance frameworks (ISO 27001, SOC 2, PCI DSS, GDPR, MICA/DORA, CCSS).

- Assist in conducting internal security audits: prepare checklists, perform interviews, collect evidence, and document findings.

- Maintain and improve cybersecurity policies, procedures, and compliance documentation.

- Participate in risk assessments for systems, processes, and third-party vendors.

- Contribute to the development and monitoring of risk registers and control matrices.

- Assist in Business Continuity (BCP) and Disaster Recovery (DRP) planning and testing.

- Collaborate with IT, security engineers, legal, and business stakeholders to ensure compliance and mitigate risks.

- Prepare clear and concise reports on compliance status, audit results, and identified gaps.

Work conditions

Immerse yourself in Crypto & Web3:
— Master cutting-edge technologies and become an expert in the most innovative industry.
Work with the Fintech of the Future:
— Develop your skills in digital finance and shape the global market.

Take Your Professionalism to the Next Level:
— Gain unique experience and be part of global transformations.
Drive Innovations:
— Influence the industry and contribute to groundbreaking solutions.

Join a Strong Team:
— Collaborate with top experts worldwide and grow alongside the best.
Work-Life Balance & Well-being:
— Modern equipment.
— Comfortable working conditions, and an inspiring environment to help you thrive.
— 24 calendar days of paid leave.
— 5 calendar days of sick leave.
— Additional days off for national holidays.

We’re looking for a Senior Blockchain Auditor specializing in Sui Move smart contracts. You’ll work on audits and verification of on-chain code using tools like Sui Prover and other formal verification frameworks, while also contributing to the development and improvement of our AI-assisted auditing and verification tools.

We’ll fully support your growth — providing onboarding, mentorship, and hands-on training in formal verification methods, Move language, and AI-assisted workflows.
 

Responsibilities

• Audit and verify Sui Move and Rust smart contracts.
• Apply formal verification techniques to ensure correctness and security.
• Use and help improve AI-assisted verification tools that enhance the audit process.
• Collaborate with developers and researchers to integrate formal methods into blockchain auditing.
• Contribute to internal standards and best practices for smart contract verification.
   

Required Experience & Skills

• 4+ years of experience in blockchain development, smart contract auditing, or security engineering (Move or Rust preferred).
• Proficiency with testing and verification frameworks (unit, integration, and/or formal methods).
• Strong analytical thinking and a passion for precision and security.
• Motivation to learn and work at the intersection of blockchain, formal verification, and AI automation.
   

Nice to Have

• Experience with Sui Prover, or similar formal verification tools.
• Familiarity with Sui Move ecosystem and smart contract design patterns.
• Interest in AI-assisted code analysis or LLM-based development tools.
   

Why Join Us

• Work on cutting-edge blockchain security and formal verification challenges.
• Use and help shape AI-driven tools for smarter and faster auditing.
• Get strong support and mentorship as you develop expertise in Move and formal methods.
• Join a fast-growing, research-driven team with room for professional growth.
• Enjoy a remote-friendly culture with flexible hours and an optional hybrid workspace.

Our client is a remote-first, dynamic international product company in the iGaming field. Currently we’re on the lookout for an experienced Cybersecurity Analyst for their team.

MAIN TASK:

Ensure continuous visibility into the company’s security posture through proactive monitoring, detection, and analysis of potential threats and incidents. Build and maintain a robust cybersecurity monitoring ecosystem to protect business-critical infrastructure, gambling platform, and corporate systems.

RESPONSIBILITIES:

• Continuously monitor security events, alerts, and logs from infrastructure, applications, and network components.
• Develop detection rules and correlation logic to identify potential incidents, anomalies, and suspicious activity.
• Design, configure, and maintain SIEM systems (e.g., Splunk, ELK, Wazuh, Graylog) for comprehensive event collection and correlation.
• Analyze and triage security alerts to distinguish false positives from genuine threats.
• Conduct initial investigation, enrichment, and classification of security events.
• Contribute to root-cause analysis and post-incident reviews.
• Optimize log collection pipelines (agents, parsers, enrichment).
• Develop custom dashboards, metrics, and reporting for SOC visibility.
• Maintain data quality, retention policies, and performance of the monitoring infrastructure.
• Work closely with DevOps, Network, and Platform Engineering teams to ensure log visibility across all layers.

REQUIREMENTS:

• 3+ years in cybersecurity monitoring, SOC operations, or security analytics.
• Experience in environments with mixed on-premise (bare metal) and cloud infrastructure.
• Experience with SIEM tools (e.g., Splunk, ELK Stack, Wazuh, Graylog, Sentinel, QRadar).
• Strong understanding of log formats, network protocols, and system telemetry.
• Knowledge of Linux/Windows system internals and security event sources.
• Experience with scripting (Python, Bash, PowerShell) for automation and analysis.
• Familiarity with EDR, IDS/IPS, NDR, and threat intelligence integrations.
• Analytical mindset and attention to detail.
• Ability to prioritize and triage multiple alerts effectively.
• Clear communication of technical findings to non-technical stakeholders.
• Proactive approach to continuous improvement and security hygiene.
• (As a plus) Experience in high-load, regulated, or 24/7 production environments (e.g., iGaming, FinTech, telecom).

WE OFFER:

• Possibility of a remote work from anywhere in the world.
• Generous days-off policy (vacation, sick leave, days off, holidays).
• Guaranteed performance reviews & career plan development.
• Low bureaucracy level, with decisions made quickly.
• Open-minded and easy-going management.
• Friendly atmosphere among people who love their work.

About us
Takopi Group s.r.o. is an international company with more than 20 years of experience in information technology and digital infrastructure.
We operate across Eastern Europe, the Caucasus, and Central Asia, partnering with leading global vendors and helping businesses implement innovative solutions.
We are certified partners of companies such as Sophos, Mitel, Mikrotik, Netgear, Progress, Tiandy, nJoy, Edimax, and others.

As we expand our operations in the Czech Republic, we are looking for a Business Development Manager to strengthen our presence in the local market.
 

Key responsibilities

• Develop and grow the partner network in the Czech Republic;
• Identify and attract new B2B clients;
• Promote and sell the company’s product portfolio;
• Build and maintain long-term relationships with partners and vendors;
• Negotiate and agree on commercial terms;
• Achieve sales targets and meet KPIs;
• Take part in vendor and in-house training sessions.

What we expect

• Minimum 2 years of experience in IT distribution and B2B sales;
• Proficiency in Czech (B2 level or higher) for client and partner communication;
• Understanding of Ukrainian or Russian is a plus for internal communication with the team;
• Legal residence and living in the Czech Republic;
• Solid knowledge of the IT distribution and system integration market;
• Strong skills in negotiation, presentation, and business development;
• Willingness to travel on short business trips within the region.

What we offer

• Fully remote work supported by modern digital tools;
• Access to a modern office in the heart of Prague for meetings, teamwork, and networking;
• Opportunity to shape business development in the region and contribute to strategic decisions;
• Paid vacation and official sick leave;
• Standard work schedule: Monday–Friday, 9:00–18:00 (local time).

Interested?
If this opportunity matches your skills and experience, send us your CV today!

About us
Takopi Group s.r.o. is an international company with more than 20 years of experience in information technology and digital infrastructure.
We operate across Eastern Europe, the Caucasus, and Central Asia, partnering with leading global vendors and helping businesses implement innovative solutions.
We are certified partners of companies such as Sophos, Mitel, Mikrotik, Netgear, Progress, Tiandy, nJoy, Edimax, and others.

As we expand our operations in Slovakia, we are looking for a Business Development Manager to strengthen our presence in the local market.
 

Key responsibilities

• Develop and grow the partner network in Slovakia;
• Identify and attract new B2B clients;
• Promote and sell the company’s product portfolio;
• Build and maintain long-term relationships with partners and vendors;
• Negotiate and agree on commercial terms;
• Achieve sales targets and meet KPIs;
• Take part in vendor and in-house training sessions.

What we expect

• Minimum 2 years of experience in IT distribution and B2B sales;
• Proficiency in Slovak (B2 level or higher) for client and partner communication;
• Understanding of Ukrainian or Russian is a plus for internal communication with the team;
• Legal residence and living in Slovakia;
• Solid knowledge of the IT distribution and system integration market;
• Strong skills in negotiation, presentation, and business development;
• Willingness to travel on short business trips within the region.

What we offer

• Fully remote work supported by modern digital tools;
• Access to a modern office in central Bratislava for meetings, teamwork, and networking;
• Opportunity to shape business development in the region and contribute to strategic decisions;
• Paid vacation and official sick leave;
• Standard work schedule: Monday–Friday, 9:00–18:00 (local time).

Interested?
If this opportunity matches your skills and experience, send us your CV today!

Playson is a leading iGaming supplier operating in multiple regulated markets, delivering engaging casino content and advanced technology. We’re a fast-growing, tech-driven company that values innovation, autonomy, and ownership. At Playson, we welcome people who are curious, proactive, and passionate about solving complex challenges at scale.

We are ISO/IEC 27001 certified and committed to maintaining a robust security and compliance posture across all our operations.

About the Role

We are looking for a Security Lead to strengthen Playson’s information security framework and drive continuous improvement of our security culture.

This role combines technical expertise, investigative focus, and process leadership - ensuring that our systems, data, and people remain secure, compliant, and resilient.

What will you be doing?

Information Security & Compliance

• Maintain and continuously improve the ISO/IEC 27001:2022 Information Security Management System (ISMS).
• Foster a strong Security-First mindset across the organization.
• Work closely with the CTO, Head of IT, and DevOps to enhance internal security controls.
• Conduct internal audits, risk assessments, and coordinate certification renewals.
• Update security policies and controls in line with ISO 27001, GDPR, and relevant international frameworks (e.g., NIST CSF and NIS2 principles where applicable).
  Manage integrations and alerting within Datadog SIEM, CrowdStrike, Cloudflare, and Google Workspace.
• Support DLP implementation and maintain central tracking of security events.
• Document risks, incidents, and corrective actions to ensure continuous compliance.

Incident Response & Investigation

• Lead investigations into security incidents such as phishing, data leakage, or unauthorized access.
• Collect and analyze digital evidence across systems (CrowdStrike, Cloudflare, Google, Slack).
• Maintain and enhance incident response playbooks and escalation workflows.
• Collaborate with HR, Legal, and IT teams during internal investigations.
• Produce post-incident reports and recommend remediation measures.

Endpoint & Access Security

• Manage MDM systems (Zoho MDM, Endpoint Central) and ensure full compliance for macOS endpoints.
• Maintain CrowdStrike Falcon configurations and endpoint posture enforcement.
• Oversee SSO, MFA, and 2FA enforcement across services (Google SSO, DUO Mobile, 1Password).
• Implement Just-in-Time (JIT) privilege elevation and regular admin access reviews.
• Perform Quarterly RAS Access Management Reviews.

• Maintain a consistent audit trail for access management throughout the year.

   

To succeed in the role, you will have:

• 3+ years of experience in information security, IT audit, or digital investigations.
• Solid understanding of ISO 27001, GDPR, and modern security frameworks (NIST CSF / NIS2).
• Hands-on experience with SIEM / EDR systems
• Proven ability to manage SSO, MFA, DLP, and MDM environments.
• Strong communication skills in English (B2 or higher).
• Analytical mindset, integrity, and attention to detail.

Preferred additional qualifications:

• Certifications: CISSP, CISM, CEH, ISO 27001 Lead Auditor, AWS Security Specialty.
• Experience with Zero Trust, PAM, DLP/CASB, or SOAR platforms.
• Forensics experience.
• Experience in designing awareness programs or running phishing simulations.

What you get in return:

At Playson, we invest in both your growth and your well-being:

• Competitive compensation package (with performance-based bonuses up to 50%)
• Unlimited paid vacation & sick leave (B2B model)
• Premium health insurance (for you + 1 family member)
• Learning & development support (courses, certifications, mentoring, conferences)
• Remote-first with flexible working arrangements across Europe or Ukraine
• International exposure – attend industry expos, team gatherings & global meetups

The recruitment process includes the next steps:

1. HR Interview - 30-45 min

2. Technical interview with Service Desk & Security Lead - 60 min

3. Final Interview with CTO and People Business Partner - 60 min

👉 Apply here and become part of the Playson success story!

The Information Security Specialist ensures appropriate controls are implemented and maintained to protect the confidentiality, integrity, and availability of company information assets. The position combines technical expertise with the development and enforcement of internal and regulatory security standards. 

Requirements:

• Minimum 2 years of practical experience in information security
• Degree in computer science or at least 5 years of relevant experience
• Hands-on experience with security tools such as Endpoint Protection, IDS/IPS, Network Security Scanners, Web Application Scanners, and DLP solutions
• Familiarity with containerization technologies (Docker, Kubernetes)
• Proficiency in configuring and securing UNIX/Linux systems
• Understanding of SDLC concepts and secure development practices
• Working knowledge of network architecture and operations
• Experience in digital evidence handling and security incident investigation
• Familiarity with international and industry standards such as PCI DSS, ISO 27001, GDPR, and DORA
• Basic understanding of blockchain principles and related security considerations
   

Responsibilities:

• Develop internal standards for secure system and network configurationIdentify and remediate vulnerabilities in company systems
• Manage and monitor access to information systems
  Administer and maintain security infrastructure (Endpoint Protection, SIEM, DLP, IDS, etc.)
• Monitor and analyze security events and incidents
• Develop and apply methods for detecting and responding to threats
• Participate in security incident investigations and digital forensics
• Lead or support initiatives to ensure compliance with PCI DSS, ISO 27001, GDPR, and DORA requirements

About Us

We’re a young startup, Lovat Compliance — a global tax & compliance technology provider specialising in EPR, VAT, sales tax and cross‑border compliance for e‑commerce businesses. We’re not yet a giant corporation, and much of what we will build is still ahead of us. We need someone who understands that things aren’t perfect yet, is comfortable being the one who owns the space, and who can help us build things from the ground up.

What You’ll Do

• Establish and maintain our data‑security and information‑security programme from scratch: policies, standards, procedures tailored to our platform and services.
• Perform regular risk assessments, vulnerability scans and data‑protection audits; identify gaps and lead remediation.
• Be the owner of incident response: detection, containment, investigation and reporting of security events.
• Collaborate closely with IT development and compliance teams so that data‑protection is embedded into product development and operations.
• Manage data‑handling and access controls across the organisation — ensuring our client and platform data are processed securely.
• Run training and awareness programmes for staff on data‑security, privacy regulation (e.g., GDPR) and secure behaviours.

• Keep an eye on emerging threats, security trends and regulatory developments relevant to e‑commerce, EPR/VAT/sales‑tax platforms, and advise on what changes we need to make.

   

What We Are Looking For

• Minimum 1.5 years of experience in a role related to data security, information security or risk management — ideally within SaaS, e‑commerce or cloud‑based platforms.
• Good knowledge of data‑protection laws (e.g., UK/EU GDPR), information‑security frameworks (e.g., ISO 27001, NIST) and data‑security best practices.
• Proven experience with risk assessments, incident response and security audits.
• Excellent communication skills — able to explain security concepts to both technical and non‑technical people.

• We’re looking for someone grounded and realistic — who understands that perfection isn’t necessary, who can work independently to build things, and who’ll sleep well at night knowing things are secure even if the system isn’t «perfect».

   

Will be an advantage:

• A bachelor’s degree (or equivalent experience) in Computer Science, Information Security, Cybersecurity or a related discipline.
• Certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor or similar.

• Familiarity with cloud platforms like Google Cloud (GCP) and/or Amazon Web Services (AWS).

   

What We Offer

• Competitive salary: €1,000 - €1,700 (remote contract)
• Opportunity to work in a fast‑growing startup with global ambitions.
• Fully remote working model — flexibility and autonomy.
• Professional development opportunities and support.

Description

We are looking for a Senior DevSecOps who will help make our cloud infrastructure safe, stable, and automated. You will work together with the development, platform, and security teams to add security at every step of product creation.

This is a great chance to grow in security automation, improve processes, and bring modern DevSecOps practices into the company.

Requirements
Must-Have Skills

5+ years of hands-on experience in DevOps / DevSecOps / Cloud Engineering roles;

Deep expertise with AWS services (IAM, VPC, CloudTrail, GuardDuty, KMS, WAF);

Proven experience with Kubernetes security — RBAC, network segmentation, image scanning, Falco or similar runtime security tools;

Strong proficiency in Infrastructure-as-Code tools, particularly Terraform (modules, state management, policy as code);

Experience managing CI/CD pipelines on GitHub Actions with integrated vulnerability scanning and secret protection;

Solid knowledge of Cloudflare security suite (Zero Trust, WAF, DNS, Access, API Gateway rules);

Familiarity with SSO and MFA solutions (DUO SSO, OIDC flows, federation via SAML);

Scripting and automation using Python, Bash, or Go;

Strong understanding of network security, TLS management, logging, and monitoring pipelines;

Excellent collaboration and communication skills, with the ability to work effectively with cross-functional engineering and compliance teams.

Nice-to-Have

Experience with policy-as-code frameworks (OPA, Conftest, Terraform Cloud Policies);

Hands-on knowledge of container security scanners (Trivy, Aqua, Anchore, Grype);

Exposure to SIEM / SOC integrations;

Familiarity with compliance frameworks (ISO 27001, NIST CSF, CIS Benchmarks);

Relevant certifications (AWS Security Specialty, Terraform Associate, CISSP, or DevSecOps certifications).

Responsibilities
Integrate security practices (SAST, DAST, SCA, secret management, compliance checks, etc) directly into CI pipelines on GitHub;

Build and manage infrastructure using Terraform (IaC) with a strong focus on least privilege, encryption, and auditing;

Strengthen security across Kubernetes clusters (RBAC, network policies, Falco runtime threat detection);

Implement security automation and continuous monitoring for vulnerabilities, misconfigurations, and drift in AWS + Kubernetes environments;

Collaborate closely with Development, Platform, SRE, Cloud Delivery Engineers, and Security teams to embed “security-by-design” principles throughout SDLC;

Conduct threat modeling, risk assessments, and incident response for cloud and container workloads;

Drive adoption of DevSecOps best practices, mentor team members, and promote a proactive security culture;

Continuously research and implement new security tools, policies, and automation opportunities to improve visibility and resilience.

Benefits

Why Join Us?

🎰 Be part of the international iGaming industry – Work with a top European solution provider and shape the future of online gaming;

💕 A Collaborative Culture – Join a supportive and understanding team;

💰 Competitive salary and bonus system – Enjoy additional rewards on top of your base salary;

📆 Unlimited vacation & sick leave – Because we prioritize your well-being;

📈 Professional Development – Access a dedicated budget for self-development and learning;

🏥 Healthcare coverage – Available for employees in Ukraine and compensation across the EU;

🫂 Mental health support – Free consultations with a corporate psychologist;

🇬🇧 Language learning support – We cover the cost of foreign language courses;

🎁 Celebrating Your Milestones – Special gifts for life’s important moments;

⏳ Flexible working hours – Start your day anytime between 9:00-11:00 AM;

🏢 Flexible Work Arrangements – Choose between remote, office, or hybrid work;

🖥 Modern Tech Setup – Get the tools you need to perform at your best;

🚚 Relocation support – Assistance provided if you move to one of our hubs.

Overview

Our Partner, who connects exceptional tech talent with leading companies across Israel, the USA, Great Britain, and Western Europe is looking for a Application Security Engineer. You’ll be working at the intersection of cutting-edge biometrics, behavioral analytics, and next-gen identity orchestration – helping the world’s leading brands safeguard millions of users. 

Main Responsibilities

– Lead security reviews across both iOS and Android, with a strong understanding of the low-level capabilities of the operating systems.

– Research and explore mobile OS internals, including system services, security mechanisms, and data collection points across both Android and iOS.

– Stay up-to-date with the latest platform changes, OS versions, and security enhancements.

– Collaborate closely with security researchers and backend engineers to design and implement advanced security solutions.

– Work in a team developing developer-centric products, enabling seamless integration into clients’ apps across industries such as banking.

Mandatory Requirements

– At least 6 years of hands-on experience in mobile security for Android and iOS.

– Experience developing security solutions for mobile platforms (threat modeling, attack surfaces, RASP, root/jailbreak detection, anti-tampering, etc.).

– Profound understanding of mobile operating systems, including: Application lifecycle management; Resource management and performance optimization; Deep familiarity with OS internals (memory, threading, security models).

– A strong sense of ownership, independence, and problem-solving skills; you get things done.

– Upper-intermediate English level.

As a plus:

– Strong experience with mobile security for SDKs, preferably used by third-party developers and large-scale organizations.

– Deep understanding of trusted hardware components (TEE, Secure Enclave, KeyStore).

We offer

– People-oriented management without bureaucracy;

– The friendly climate inside the company is confirmed by the frequent comeback of previous employees;

– Flexible working schedule;

– 18 vacation working days per year, plus all national holidays;

– 10 sick leave days;

– Free English classes with native speakers;

– Dedicated HR;

OUR STEPS:

✅ Intro call with a Recruiter — ✅ Client tech interview — ✅ Tech interview with livecoding — ✅ HR client interview — ✅ Offer

Job Description

We are seeking a highly skilled Security Architect to lead and drive our on-premises business engagements. This is a customer-facing, hands-on technical role responsible for designing, deploying, and supporting enterprise-scale solutions in complex customer environments. You will serve as the trusted technical advisor for customers, bridging Customer Success, R&D, and Product Management, and acting as the voice of the customer within the organization.
You will help customers architect secure, scalable, and high-performing deployments, oversee complex upgrades, and ensure the overall success of on-premises implementations.

Key Responsibilities

• Serve as the primary technical point of contact for on-premises deployments and upgrades.
• Engage directly with customers to understand their infrastructure, security requirements, and business objectives.
• Architect and design on-premises deployments aligned with customer needs, best practices, and security principles.
• Drive deployment, integration, and optimization of platforms in customer environments.
• Perform and oversee complex upgrades, migrations, and architecture transformations.
• Act as the escalation point for on-premises technical and deployment challenges.
• Collaborate with R&D, Product, and Support teams to drive continuous improvement and provide structured customer feedback.
• Provide technical guidance and mentorship to Professional Services and support engineers.
• Support proof-of-concept activities, architectural review, and security validation with customers.
• Participate in post-deployment reviews to ensure reliability, performance, and compliance with best practices.
• Represent the voice of the customer to internal teams, influencing roadmap and product decisions.
• Develop and maintain documentation, reference architectures, and deployment methodologies for on-premises environments.

Job Responsibilities

Required Qualifications

• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or related technical field.
• 7+ years of experience in cybersecurity, infrastructure, or solution architecture roles.
• Strong expertise in on-premises deployments, including servers, storage, virtualization, and networking.
• Deep understanding of security architectures, endpoint protection, and defense-in-depth concepts.
• Hands-on experience with Linux, Windows Server, and enterprise IT ecosystems.
• Proven ability to design and deliver complex, high-availability enterprise deployments.
• Excellent customer-facing communication skills, capable of translating technical solutions into business value.
• Experience working with Professional Services teams and managing customer escalations.
• Strong problem-solving and troubleshooting skills in mission-critical environments.
• Familiarity with agile project delivery and cross-functional collaboration.

Preferred Qualifications

• Master’s degree in Cybersecurity, Computer Science, or Engineering.
• Relevant certifications: CISSP, CSSLP, CCSP, OSCP, CEH, or similar.
• Experience with endpoint detection & response (EDR), SIEM, or threat intelligence platforms.
• Working knowledge of cloud and hybrid architectures.
• Understanding of security compliance frameworks (NIST, ISO 27001, SOC 2, GDPR, etc.).
• Experience with DevOps/CI-CD processes for product deployment and upgrades.
• Scripting or programming familiarity (Python, Bash, PowerShell).
• Demonstrated ability to lead technical workshops, customer briefings, and architecture reviews.

Department/Project Description

The client is a product international company that provides a defence platform that enables development and security teams to protect critical workloads against emerging threats and undiscovered vulnerabilities with a lightweight agent that protects the organisation's public, private and hybrid cloud deployments on-premises data centres managed. In addition, it is an advanced endpoint detection and response platform, which gathers as much information as possible to detect and analyse complex threats while being as non-intrusive as possible, minimising the impact on the network and the endpoint.

We’re looking for a Senior Back-end Engineer with a strong background in security to help build a next-generation confidential computing system from the ground up.

You’ll design cryptographic infrastructure, develop Back-end services and APIs, and shape the core platform architecture. Working with HSMs, TEEs, and enterprise-grade cryptography, you’ll operate at the intersection of Back-end engineering and cybersecurity.

If you’re eager to build secure, high-performance systems that redefine data protection, join us to shape the future of confidential computing!

Customer:

Our Сustomer is at the forefront of AI and high-performance computing, building next-generation GPU infrastructure to power advanced AI/ML workloads, data analytics, and research.

Their team has decades of hands-on experience with high-performance distributed systems, ranging from creating early distributed clusters at NASA to scaling infrastructure for global leaders such as Google, Microsoft, CoreWeave, and Yahoo!/AOL. They know the challenges developers face because they’ve experienced them, and they’re determined to improve the situation.

Project:

Today, they’re redefining AI infrastructure by putting control and efficiency back into the hands of developers. With the latest GPUs, exceptional reliability, and transparent, fair pricing, they’re making powerful AI more accessible and enjoyable to use.

Their mission is simple yet bold: great AI developers deserve great AI infrastructure. By empowering creators with the necessary tools, they’re paving the way for real breakthroughs in artificial intelligence, and they’re just getting started.

Responsibilities:

• Design and build high-performance, secure Back-end services for our vault and key management infrastructure
• Develop cryptographic workflows, including key generation, rotation, and secure storage mechanisms
• Build robust APIs with comprehensive authentication, authorization, and rate limiting
• Write clean, maintainable, and well-tested code with security as a primary consideration
• Implement comprehensive audit logging and monitoring for security-critical operations
• Collaborate with the security team on threat modeling and security reviews
• Participate in code reviews with a focus on security best practices
• Create technical documentation for internal systems and API endpoints
• Integrate with Hardware Security Modules (HSMs) and cloud KMS services
• Implement secure secret management and rotation mechanisms
• Build defense-in-depth security controls across all services
• Conduct security analyses of third-party dependencies

• Participate in security audits and penetration testing remediation

   

Requirements:

• 5+ years of Back-end development experience, building production systems
• Strong proficiency in Python (FastAPI, Django, or Flask) and/or Go, Rust, C++
• Solid understanding of cryptographic principles, including symmetric and asymmetric encryption, hashing, key derivation and digital signatures
• Experience with RESTful API design and development
• Understanding of authentication and authorization patterns (OAuth 2.0, JWT, and mTLS)

• Upper-Intermediate level of English

   

Will be a plus:

• Experience with Trusted Execution Environments, such as Intel TDX, NVIDIA Confidential Computing, or Secure VMs
• Experience with Git, CI/CD pipelines, and modern development workflows

• Ability to adapt and thrive in ambiguous and fast-moving startup environments

   

Personal Profile:

• Strong problem-solving skills and the ability to diagnose complex security workflows
• Excellent communication skills and the ability to collaborate with DevOps, AI, and cloud engineering teams
• Detail-oriented mindset to ensure high availability and reliable services

Format: full time, Warsaw, office / hybrid
Level: Senior
 

Context and mission

We are scaling IT and building the company’s security program on top of modern best practices. We are looking for an experienced specialist who will own the architecture and implementation of security controls in a Zero Trust, risk based and defense in depth paradigm. We align with frameworks such as NIST CSF 2.0, ISO 27001, CIS Controls v8, NIST SP 800-207 and MITRE ATT&CK.
 

What you are expected to achieve in the first 6-12 months

• Assess the current state of security and define a target architecture and roadmap with risk based prioritization.
• Bring order to identities and access: SSO, MFA, conditional access, least privilege, JIT and PAM.
• Close foundational technical controls: disk encryption, configuration baselines, patch and vulnerability management, monitoring and logging.
• Establish an operational security function: telemetry collection and correlation, detection rules, incident response playbooks, testing and post incident reviews.
• Improve data protection: classification, DLP, egress and shadow channel control, minimization of access to critical assets.
• Define processes and metrics: response SLA, MTTD and MTTR, control coverage, vulnerability remediation by priority, employee awareness.
   

Scope of responsibility

• Security architecture and technical roadmap aligned with business risks and budgets.
• Identity and access: IdP, IAM and IGA, MFA, conditional access, RBAC and ABAC, PAM for admins and service accounts.
• Endpoints and servers: EDR or XDR, encryption, configuration baselines, patch and update management.
• Network and access: ZTNA and SSE or SASE, segmentation, remote access policies.
• Data and email: classification and labeling, DLP, protection of email and collaboration tools.
• Cloud and code: CSPM and CIEM, secrets management, policies for container images and registries, CI integration.
• SecOps: log collection, SIEM and SOAR, playbooks, tests and exercises, collaboration with IT, DevOps, Legal.
• Vulnerabilities: scanning, risk based prioritization, remediation SLAs, reporting.
• Policies and training: policy and standard level documents, concise user facing guidance, phishing simulations.
   

Technology focus and vendor stacks

The candidate should have solid hands on experience in part of the areas listed below. We expect depth in at least two of them and practical understanding of how they integrate.

• IdP and IAM: Microsoft Entra ID, Okta, Ping, Google Cloud Identity. IGA: SailPoint.
• PAM: CyberArk, Delinea, BeyondTrust.
• EDR and XDR: Microsoft Defender, CrowdStrike Falcon, SentinelOne, Palo Alto Cortex XDR, Sophos.
• MDM and UEM: Microsoft Intune, Jamf, Kandji, VMware Workspace ONE.
• SSE and ZTNA or SASE: Zscaler, Palo Alto Prisma Access, Cloudflare Zero Trust, Netskope.
• Email and collaboration: Microsoft Defender for Office 365, Proofpoint, Mimecast, Google Workspace Security.
• DLP and classification: Microsoft Purview, Netskope, Symantec DLP, Forcepoint.
• SIEM and SOAR: Microsoft Sentinel, Splunk, Google Chronicle, Elastic.
• CSPM and CIEM and KSPM: Wiz, Prisma Cloud, Lacework, Orca, Snyk, Aqua.
• Vulnerabilities: Tenable, Qualys, Rapid7.
• Secrets and keys: HashiCorp Vault, 1Password Business, Bitwarden, cloud native KMS.
• Backup and immutability: Veeam, Rubrik, Cohesity.
• EASM and ASM: Cortex Xpanse, Randori, Defender EASM.
• Security for code and pipelines: GitHub Advanced Security, Semgrep, SonarQube, Snyk, Trivy.
   

Requirements

• 5-7 years of experience in security or closely related fields with a strong focus on engineering implementation and operations.
• Practical experience designing and implementing controls aligned with NIST CSF or ISO 27001 or CIS Controls with measurable impact.
• Deep expertise in at least two technology families from the list above and understanding of how IdP, EDR, SIEM, DLP, PAM and SSE fit together.
• Ability to design detection and response: correlation rules, telemetry enrichment, playbooks and KQL or SPL or SQL based queries.
• Hands on vulnerability and patch management on Windows, macOS and Linux, with risk and exploit based prioritization.
• Automation skills: Python or Bash scripting, APIs and webhooks, infrastructure as code for policies and configurations.
• Communication and documentation skills: clear policies and standards, reports for leadership, coordination with IT and DevOps.
• English sufficient for working with documentation and vendors.
   

Nice to have

• Experience with audits and certifications: ISO 27001 or SOC 2 or NIS2 or GDPR.
• Practical implementation of Zero Trust, ZTNA and replacement of traditional VPN models.
• Experience with tabletop exercises and post incident analysis.
• Knowledge of MITRE ATT&CK and threat modeling tools.
   

KPI and success metrics

• MFA coverage for critical systems at 100 percent.
• EDR coverage and disk encryption at 100 percent.
• MTTD and MTTR for P1 and P2 within agreed SLAs.
• Vulnerability remediation SLAs: P1 within 7 days, P2 within 30 days, P3 within 90 days.
• Reduction of successful phishing click rate to the target threshold based on simulation results.
• Reduction of unauthorized egress events according to DLP or SSE data.
• Regular risk and control status reporting to leadership.

We’re looking for a skilled Product Security Engineer with a strong technical background to drive security initiatives across our product ecosystem. In this role, you’ll collaborate closely with development and platform teams to proactively identify and mitigate security risks, integrate robust security practices into every stage of the software development lifecycle (SDLC), and lead efforts around automation, tooling, and secure configuration of Azure-based infrastructure and pipelines.

Responsibilities

• Design, implement, and maintain secure and scalable CI/CD pipelines using Azure DevOps
• Automate provisioning and configuration of Azure infrastructure (Terraform, ARM templates)
• Conduct threat modeling, architecture reviews, and secure code assessments
• Collaborate with engineering teams to ensure secure application deployment and configuration
• Embed security controls and checkpoints across the SDLC
• Manage and optimize security tools: SAST, DAST, SCA, container and IaC scanning
• Tune automation workflows and reduce false positives
• Secure Azure services such as App Services, AKS, Key Vault, and Azure AD
• Guide on secrets management, access control, and workload hardening
• Participate in incident response and root cause analysis with the SOC

• Support compliance efforts (SOC 2, ISO 27001) and contribute to audit readiness

   

Requirements

• 7+ years in Product Security, Application Security, DevSecOps, or related fields
• Strong development skills (Python, Java, JavaScript, Go, or C# preferred)
• Solid hands-on experience with Azure (Azure DevOps, App Services, Key Vault, AKS)
• Familiarity with security standards like OWASP, CWE, and secure coding best practices
• Experience with CI/CD security automation (GitHub Actions, Azure DevOps)
• Strong understanding of infrastructure-as-code and cloud security (Terraform, Docker, Kubernetes)
• Background with IAM, API security, and regulatory compliance (SOC 2, ISO 27001, NIST)
• Experience troubleshooting production issues and optimizing performance in cloud environments

• Strong communication and collaboration skills

   

Preferred Qualifications

• Experience working with multi-tenant SaaS applications
• Understanding of AI/ML security principles
• Familiarity with threat intelligence and attack surface management tooling

What’s In It for You?

• Career Growth – Opportunities to develop and advance.
• Performance Reviews – Regular feedback and support.
• Work Anniversaries – Special gifts to celebrate milestones.
• Flexible Work – Hybrid or remote (Lviv office available).
• Mentorship – Guidance from experienced professionals.
• Accounting Support – We handle the paperwork.
• Paid Time Off – 18 vacation days + 5 sick days per year.
• Extra Leave – 10 additional days off annually.
• Free Office Lunches – Enjoy meals on us.
• Team Events – Gatherings, gifts, and a welcoming atmosphere.

We are seeking a Senior Information Security Consultant / IT Audit Manager to join our TechMagic team. You will work on a diverse portfolio of clients, providing expert guidance on their security and compliance journeys. This is a full-time, remote position, and we are looking for a highly skilled professional with a strong background in GRC and IT audit.

Must have

• Experience: 4–7+ years in GRC, IT audit, or compliance, with a proven track record of successfully completing at least two end-to-end ISO 27001 and/or SOC 2 programs.
• Primary Stack: Deep expertise in ISO/IEC 27001:2022, SOC 2, NIST CSF 2.0, and OWASP ASVS/SAMM/DSOMM.
• Cloud & Compliance: Strong knowledge of cloud security best practices on AWS/Azure/GCP and a solid understanding of HITRUST, GDPR, and HIPAA.
• Tools: Hands-on experience with GRC platforms like Drata, Vanta, or Secureframe.
• English: Upper-Intermediate or Advanced level proficiency.

Will be a plus

• Certifications: ISO 27001 Lead Implementer/Lead Auditor, CISSP, CISM, or CISA.
• Regulatory Knowledge: Familiarity with Microsoft SSPA/DPR and NIS2/DORA.
• Security Operations: Exposure to SIEM/SOC (e.g., Microsoft Sentinel).
• Domain Experience: Prior experience in the fintech or healthcare industries.

Responsibilities

• Lead GRC Engagements: You will manage end-to-end ISO 27001, SOC 2, and HITRUST readiness projects. This includes everything from gap assessments and risk analysis to coaching clients on implementation and providing support during external audits.
• Act as a vCISO: Serve as a fractional vCISO for our clients, taking ownership of their security roadmaps, risk registers, security awareness programs, and reporting to executive leadership and boards.
• Implement and Manage ISMS: Build and maintain Information Security Management Systems (ISMS), handling all aspects from policy lifecycle management and internal audits to continual improvement.
• Drive Risk Management: Conduct enterprise risk assessments and facilitate threat modeling to proactively identify and mitigate security risks.
• Consult on Core Security Practices: Advise clients on key security practices, including secure SDLC, change management, incident response, and business continuity planning, with a focus on cloud security in AWS, Azure, and GCP.

Work Schedule

Full-time working day in our Lviv or Kyiv office, (flexible hours) or full-time remote

Interview Stages

• 1st stage - call with Recruiter
• 2nd stage - Technical interview

Our Benefits

• Opportunity to improve your skills in stong technical team
• Work from anywhere (fully remotely or in our office) 
• Paid vacations and sick leaves, additional days off, relocation bonus;
• Wellness: Medical insurance/sports compensation/ health check-up+flu vaccination at your choice
• Education: regular tech talks, educational courses, paid certifications, English classes;
• Fun: own football team, budget for team lunches, branded gifts
• One of the best IT employers in Lviv based on DOU rating.