DevSecOps Engineer
Skills
TrivyContainer SecuritySecrets ManagerContainer ScanningOpentelemetryBashGitlabJenkinsCircleciTypescriptTerraformInfrastructure-As-CodeAwsCi/CdAzureGcpGrafanaPrometheusPythonComplianceIdentity And Access ManagementGoDockerKubernetesNetwork SecuritySecrets ManagementPulumiVaultVulnerability ScanningClairAnchoreAws Secrets Manager
About the Role
You will integrate security practices into the software development lifecycle, embedding security checks and automated compliance tests into CI/CD pipelines. You will secure cloud and on-premises infrastructure, harden containerized and Kubernetes environments, monitor systems for security threats, respond to incidents, and drive continuous improvements. You will collaborate with developers, SREs, and QA to guide secure coding, perform threat modeling, and ensure compliance with standards such as ISO27001, SOC 2, GDPR, and NIST.
Requirements
- Strong knowledge of cloud platforms (AWS, GCP, Azure) and their security services
- Proficiency in scripting and programming (Python, Bash, Go, TypeScript)
- Experience with CI/CD tools (GitLab, Jenkins, CircleCI) and integrating security into pipelines
- Hands-on experience with Kubernetes, Docker, and container security tools (Trivy, Clair, Anchore)
- Familiarity with infrastructure as code (Terraform, Pulumi) and securing IaC workflows
- Understanding of network security, identity and access management, and secrets management (Vault, AWS Secrets Manager)
- Knowledge of monitoring and logging tools (Prometheus, Grafana, OpenTelemetry) for security observability
Responsibilities
- Embed security checks, vulnerability scanning, and automated compliance tests into CI/CD pipelines
- Implement secure cloud and on-premises infrastructure using access control, encryption, and network segmentation best practices
- Manage and harden containerized environments, including image scanning, runtime protection, and pod security policies
- Monitor systems for security threats, respond to incidents, and implement continuous improvements
- Collaborate with developers, SREs, and QA to ensure security-first development practices, provide guidance on secure coding, and conduct threat modeling
- Ensure systems and processes comply with standards like ISO27001, SOC 2, GDPR, and NIST and maintain audit readiness
Benefits
- Learning support with courses, English classes, and conferences (up to 100% reimbursement)
- Unique loyalty program offering corporate digital miners to earn passive income
- Retreats in international locations (for example, company apartments in Cyprus)
- Memorable events with prizes and an Employee of the Month award
- Paid leave: up to 28 vacation days plus 8 company holidays and 5 personal days per year
- Flexible hours and remote work