Security Engineer (DevSecOps)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Security Engineer (DevSecOps): Building and maintaining technical security controls and compliance evidence for a regulated fintech and crypto platform with an accent on infrastructure security, vulnerability management, and CI/CD pipeline integrity. Focus on bridging the gap between CISO requirements and engineering implementation through a specify-implement-verify model.
Location: Must be based in or able to work from Cyprus (Hybrid/Remote-friendly)
Company
A group of regulated fintech and cryptocurrency companies focused on building secure, foundation-first financial infrastructure.
What you will do
- Act as the primary security-engineering liaison, translating CISO requirements into actionable engineering tasks.
- Produce audit-ready technical compliance evidence for frameworks like PCI DSS, ISO 27001, and SOC 2.
- Execute offensive security validation, including vulnerability scanning and reproduction of pen test findings.
- Manage CI/CD security gates, defining thresholds for SAST, dependency scanning, and container security.
- Assess and harden cloud and edge infrastructure, including direct management of WAF and CDN security rules.
- Co-build and maintain detection logic for a Kubernetes-native monitoring platform.
Requirements
- Strong background in DevOps and infrastructure including AWS, Kubernetes, CI/CD, and Linux.
- Hands-on experience with offensive security tools such as Burp Suite, Metasploit, Nmap, or Nessus.
- Proficiency in Bash scripting for automation and security tooling.
- Ability to translate complex compliance requirements into clear, technical engineering specifications.
- Must be based in Cyprus or able to work from this location.
Nice to have
- 2+ years of experience in security engineering or vulnerability management.
- Offensive security certifications like OSCP, eJPT, or PNPT.
- Experience with audit evidence production for PCI DSS, ISO 27001, or SOC 2.
- Knowledge of Python for security automation.
- Background in fintech, payments, or cryptocurrency.
Culture & Benefits
- Founding security hire role with direct influence over the security roadmap and CISO collaboration.
- Exposure to a modern, AI-assisted security stack and Kubernetes-native monitoring.
- Opportunity to work across the full breadth of security domains including offensive, defensive, and compliance.
- Dedicated GRC support to handle non-technical audit paperwork.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →