DevSecOps/Security Engineer

Remote
About the role:

Our client seeking a highly skilled DevOps Security Engineer with a focus on security compliance and certifications to help us evaluate, implement, and achieve SOC 2 and ISO 27001 certification.

This role will include hands-on programming tasks to directly implement security fixes and enhancements across their systems and applications.

The ideal candidate will play a critical role in securing our infrastructure, leveraging a tech stack including Node.js, AWS, MongoDB, Microsoft Bot Framework, Slack API integrations, and OpenAI API integrations. Familiarity with GDPR and data segregation is essential to support our commitment to data privacy and compliance.

Responsibilities:
  • 3+years experience in implementing DevOps and Secure SDLC principles, development and testing automation, source code analysis, application security testing, container security, secret management, open-source and supply chain security, cloud environment hardening.
  • Deep knowledge of core security principles and processes, such as security-by-design, security-by-default, threat modeling, risk management, vulnerability and patch management, incident response, encryption.
  • Up-to-date practical knowledge of application and cloud security standards and frameworks, such as OWASP Top 10, DSOMM, SAMM, BSIMM, MSDL, CIS, CSA CCM, CSA STAR, MITRE ATT&CK.
  • Strong knowledge of security frameworks and standards, particularly ISO 27001.
  • Strong understanding of automation tools, programing and scripting languages (bash, PowerShell, Python, Java etc.).
  • Strong practical experience in installing, configuring and implementing of the following software and technologies or similar:

*Terraform, Ansible, Chef Automate.
*AWS CloudFormation, Azure Resource Manager.
*SAST tools (SonarQube, SonarCloud).
*DAST tools (Burp Suite, Acunetix, Checkmarx, Veracode, OWASP ZAP).
*Threat modeling tools (OWASP Threat Dragon, Microsoft Threat Modeling Tool).
*GitHub, GitLab, Bitbucket.
*Jira, Trello.
*Docker, Kubernetes.
*Ubuntu, Debian, CentOS.
*Any test automation software.

  • Knowledge of network security, identity and access management, and data protection.
  • Excellent problem-solving skills and the ability to work under pressure.
  • Strong communication and collaboration skills.
Requirements:
  • Define and lead the security roadmap to ensure compliance with SOC 2 and ISO 27001 standards.
  • Plan, coordinate, and support security audits, assessments, and vulnerability testing.
  • Create and maintain security documentation to ensure standards align with GDPR, data segregation, and data privacy regulations.
  • Work directly within our tech stack (Node.js, AWS, MongoDB, Microsoft Bot Framework, Slack API, OpenAI API) to implement security measures.
  • Identify and address security vulnerabilities within our infrastructure and applications through coding and system modifications.
  • Collaborate with cross-functional teams to assess, implement, and verify security fixes across all systems.
  • Proactively monitor and update security protocols to address evolving threats and maintain compliance with industry standards.
  • Integrate security into DevOps workflows, ensuring a secure CI/CD pipeline.
We offer:
  • 20 working days of paid vacation per year;
  • Official holidays of Ukraine – days off;
  • Modern equipment for work;
  • Corporate events;
  • External and internal training: conferences, professional events, courses, TechTalks;
  • English speaking club.
Hiring process:
  • HR interview;
  • Introduce call with the CTO;
  • Test task;
  • Technical interview
Thank You for Reaching Out!
Your submission has been received and our team will get back to you shortly.