DevSecOps Engineer

Job Description

A DevSecOps Engineer is responsible for integrating security practices into the entire software development lifecycle, ensuring that applications, infrastructure, and operations are secure by design. This role blends development, operations, and security expertise to maintain high-availability systems while proactively managing security risks and compliance requirements.

Responsibilities:

• Security Integration in CI/CD: Embed security checks, vulnerability scanning, and automated compliance tests into CI/CD pipelines.
• Infrastructure Security: Implement secure cloud and on-premises infrastructure using best practices for access control, encryption, and network segmentation.
• Container & Kubernetes Security: Manage and harden containerized environments, including image scanning, runtime protection, and pod security policies.
• Monitoring & Incident Response: Use observability tools to monitor systems for security threats, respond to incidents, and implement continuous improvements.
• Collaboration & Education: Work closely with developers, SREs, and QA teams to ensure security-first development practices, provide guidance on secure coding, and conduct threat modeling.
• Compliance & Governance: Ensure systems and processes comply with standards like ISO27001, SOC 2, GDPR, NIST, and maintain audit readiness.

Requirements

• Strong knowledge of cloud platforms (AWS, GCP, Azure) and their security services.
• Proficiency in scripting/programming (Python, Bash, Go, TypeScript).
• Experience with CI/CD tools (GitLab, Jenkins, CircleCI) and integrating security into pipelines.
• Hands-on experience with Kubernetes, Docker, and container security tools (Trivy, Clair, Anchore).
• Familiarity with infrastructure as code (Terraform, Pulumi) and securing IaC workflows.
• Understanding of network security, identity and access management, secrets management (Vault, AWS Secrets Manager).
• Knowledge of monitoring and logging tools (Prometheus, Grafana, OpenTelemetry) for security observability.
  
  Nice to Have
  
• Experience in penetration testing, red teaming, or security audits.
• Knowledge of zero-trust architectures and microservices security patterns.
• Experience with security automation frameworks and policy-as-code tools.
• Experience or strong interest in Web3 and crypto technologies, including blockchain-based data systems or decentralized applications.
• Certifications such as CISSP, CISM, AWS Security Specialty, or GCP Professional Security Engineer.

Benefits

• Learning support - courses, English classes, and conferences (up to 100% reimbursement)
• Unique loyalty program - receive corporate digital miners and earn passive income with no investment
• Team retreats - company-sponsored stays at a villa in Turkey
• Memorable events with wow prizes - we celebrate big occasions in a big way
• “Employee of the Month” award - we recognize and reward our top performers
• Flexible days off — holidays based on your location + up to 15 sick days + up to 28 vacation days (with fast and automated approvals)
• New career tracks - real opportunities to grow into expert or top management roles
• Work-life fit - flexible hours and remote work. You don’t need to chase balance - here, work is a part of life, not the opposite. We aim to make work inspiring, not exhausting. For us, results matter most.