Senior DevSecOps
🎯 Role Overview TrueLabel is an iGaming platform running a PHP/Laravel monolith plus a suite of microservices (game, payment, bank, bonus, loyalty) behind a BFF, deployed on AWS/EKS via GitLab CI and Werf. We’re looking for a Senior DevSecOps Engineer to embed security into every stage of our SDLC - from code commit to production - and to own our shift-left security tooling. You’ll work at the intersection of development, infrastructure and security, making the secure path the easy path for 50+ engineers across multiple brands. This is a hands-on role with strong ownership: you set the standards, build the guardrails, and keep a high-velocity delivery pipeline (** PR → Prod ≤ 2 days**) safe at scale. 👤 Our Criteria 5+ years in DevOps / SRE / DevSecOps / Cyber Security, with at least 2 years focused on security; Deep hands-on AWS (** IAM, VPC, KMS, Secrets Manager**) and Kubernetes/EKS Security (** RBAC, Network Policies, Pod Security, Admission Controllers**); Strong CI/CD Security expertise - GitLab CI, SAST, DAST, SCA, Secrets Scanning, Container/Image Scanning, IaC Scanning; Experience with a unified Cloud Security / CNAPP Platform (Wiz.io or equivalent - Prisma, Aqua, Snyk, Trivy, etc.); Solid Infrastructure-as-Code: Terraform, Helm/Werf, GitOps workflows; Practical knowledge of OWASP Top 10, Threat Modeling, Vulnerability Management and remediation prioritization; Comfortable reading and reasoning about application code (** PHP/Laravel** is a strong plus) to give meaningful security feedback; Bash + Python or Go. ⚙️ Your Tasks Own and evolve Shift-Left Security Tooling across GitLab CI - SAST, DAST, SCA, Secret Detection, Container & IaC Scanning - with sane gating that doesn’t block delivery; Roll out and operate Wiz.io; triage findings, define policies, drive remediation with dev teams; Harden AWS/EKS: IAM Least Privilege, Network Segmentation, Secrets Management, Runtime Security; Embed security into the SDLC - Threat Modeling, secure-by-default templates, security reviews of architecture changes; Build Vulnerability Management Process: detection → prioritization → SLA-based remediation tracking; Define and maintain Security Standards & Runbooks; Partner with engineering to keep PR → Prod Lead Time Low without trading away security; Lead Security Incident Response, post-mortems and preventive follow-ups; Mentor engineers and raise the overall Security Maturity of the organization. ⭐ Nice to Have iGaming / FinTech / High-Load Production experience and related compliance exposure (** PCI DSS**, GDPR); Werf experience specifically (our deploy tool); Kafka / Event-Driven Architecture Security; Experience securing a Monolith-to-Microservices Migration; Certifications: AWS Security Specialty, CKS, OSCP or similar; Experience building Security Awareness / Security Champions Programs. 💼 Our Offer Flexible Work Setup - work remotely or from the office, we focus on results, not location; Support for a comfortable work environment - we compensate Coworking Expenses and EcoFlow Power Stations to help our team stay productive during power outages in Ukraine; Unlimited Vacation and Sick Leave, because we trust our people to manage their time responsibly; Relocation Support for team members who want to move; Regular Performance-Based Bonuses that reward individual and team impact; Learning Support - we cover 50% of Professional Courses and Development Programs; Language & Wellbeing Support - we cover 50% of English Classes and Psychological Consultations; Career Growth Opportunities - we prioritize Internal Promotions and Development; Team Culture That Actually Feels Like One - regular gifts, company merch, and team events throughout the year; Real Impact - we are small enough for every voice to be heard and big enough to turn great ideas into action quickly. Відгукнутись на вакансію
