Security DevOps Engineer

Wymagania: - 8+ years in DevOps, Cloud Security, or Site Reliability Engineering roles. - Experience working in regulated or high-traffic financial environments (fintech, trading, banking). - Strong commitment to Security as Code and automation-driven security practices. - IAM & Access Control: Strong experience with cloud IAM platforms (OCI, AWS, GCP, or Azure), OIDC/SAML, and modern infrastructure access tools. - Kubernetes Security: Expert-level knowledge of security contexts, admission controllers (OPA Gatekeeper, Kyverno), and service mesh technologies for mTLS. - Infrastructure as Code: Proficiency in Terraform and/or Ansible, including secure module design and static analysis tooling. - Linux & Networking: Deep understanding of Linux security mechanisms and core networking protocols. Mile widziane: - Supporting financial or security audits and compliance initiatives. - Knowledge of cryptography, PKI, and encryption standards. - Experience with security resilience testing or chaos engineering practices. O firmie: - We recruit the best IT specialists for technology companies – with no risk and full accountability for the outcome. Zakres obowiązków: - Identity, Access & Zero Trust - • Design and maintain RBAC and ABAC models across cloud platforms, Kubernetes, and internal systems. - • Implement Privileged Access Management (PAM) with just-in-time access to production environments, removing long-lived credentials. - • Enforce enterprise authentication standards, including MFA, SSO, and centralized identity policies. - Infrastructure & Platform Security - • Secure Kubernetes environments by hardening container runtimes, enforcing Pod Security Standards, and implementing network isolation policies. - • Design and deploy network segmentation, firewalls, WAF, and DDoS protection suitable for high-volume financial APIs. - • Own the full lifecycle of secrets management, including certificates, credentials, and API keys, using enterprise key management solutions. - CI/CD & Software Supply Chain Security - • Integrate automated security checks (SAST, DAST, SCA) into CI/CD pipelines to prevent vulnerabilities from reaching production. - • Implement container image and artifact signing to ensure only trusted code is deployed. - Compliance, Auditing & Monitoring - • Ensure infrastructure access and changes are fully logged, immutable, and auditable to support regulatory and security frameworks (e.g., SOC 2, ISO 27001). - • Integrate security monitoring and alerting into observability platforms to detect suspicious activity in real time. Oferujemy: - Engagement type: B2B / Contract - Duration: Long-term cooperation - Work model: Full-time commitment - Level: Senior / Expert - Start: ASAP or by mutual agreement - Location: Remote