🎯 Role Overview
TrueLabel is an iGaming platform running a PHP/Laravel monolith plus a suite of microservices (game, payment, bank, bonus, loyalty) behind a BFF, deployed on AWS/EKS via GitLab CI and Werf.
We’re looking for a Senior DevSecOps Engineer to embed security into every stage of our SDLC — from code commit to production — and to own our shift-left security tooling.
You’ll work at the intersection of development, infrastructure and security, making the secure path the easy path for 50+ engineers across multiple brands.
This is a hands-on role with strong ownership: you set the standards, build the guardrails, and keep a high-velocity delivery pipeline (PR → Prod ≤ 2 days) safe at scale.
👤 Our Criteria
5+ years in DevOps / SRE / DevSecOps / Cyber Security, with at least 2 years focused on security;
Deep hands-on AWS (IAM, VPC, KMS, Secrets Manager) and Kubernetes/EKS Security (RBAC, Network Policies, Pod Security, Admission Controllers);
Strong CI/CD Security expertise — GitLab CI, SAST, DAST, SCA, Secrets Scanning, Container/Image Scanning, IaC Scanning;
Experience with a unified Cloud Security / CNAPP Platform (Wiz.io or equivalent — Prisma, Aqua, Snyk, Trivy, etc.);
Solid Infrastructure-as-Code: Terraform, Helm/Werf, GitOps workflows;
Practical knowledge of OWASP Top 10, Threat Modeling, Vulnerability Management and remediation prioritization;
Comfortable reading and reasoning about application code (PHP/Laravel is a strong plus) to give meaningful security feedback;
Bash + Python or Go.
⚙️ Your Tasks
Own and evolve Shift-Left Security Tooling across GitLab CI — SAST, DAST, SCA, Secret Detection, Container & IaC Scanning — with sane gating that doesn’t block delivery;
Roll out and operate Wiz.io; triage findings, define policies, drive remediation with dev teams;
Harden AWS/EKS: IAM Least Privilege, Network Segmentation, Secrets Management, Runtime Security;
Embed security into the SDLC — Threat Modeling, secure-by-default templates, security reviews of architecture changes;
Build Vulnerability Management Process: detection → prioritization → SLA-based remediation tracking;
Define and maintain Security Standards & Runbooks;
Partner with engineering to keep PR → Prod Lead Time Low without trading away security;
Lead Security Incident Response, post-mortems and preventive follow-ups;
Mentor engineers and raise the overall Security Maturity of the organization.
⭐ Nice to Have
iGaming / FinTech / High-Load Production experience and related compliance exposure (PCI DSS, GDPR);
Werf experience specifically (our deploy tool);
Kafka / Event-Driven Architecture Security;
Experience securing a Monolith-to-Microservices Migration;
Certifications: AWS Security Specialty, CKS, OSCP or similar;
Experience building Security Awareness / Security Champions Programs.
💼 Our Offer
Flexible Work Setup — work remotely or from the office, we focus on results, not location;
Support for a comfortable work environment — we compensate Coworking Expenses and EcoFlow Power Stations to help our team stay productive during power outages in Ukraine;
Unlimited Vacation and Sick Leave, because we trust our people to manage their time responsibly;
Relocation Support for team members who want to move;
Regular Performance-Based Bonuses that reward individual and team impact;
Learning Support — we cover 50% of Professional Courses and Development Programs;
Language & Wellbeing Support — we cover 50% of English Classes and Psychological Consultations;
Career Growth Opportunities — we prioritize Internal Promotions and Development;
Team Culture That Actually Feels Like One — regular gifts, company merch, and team events throughout the year;
Real Impact — we are small enough for every voice to be heard and big enough to turn great ideas into action quickly.
Відгукнутись на вакансію
