DevSecOps Engineer in EvoPlay

DevSecOps Engineer Kyiv, remote The project is a billing platform for making electronic payments using various methods with high throughput. We face the challenges of high service availability and security of payment processing. Our platform is certified according to PCIDSS and developed using modern technologies. Requirements: — Work experience of 3 years or more. — Understanding of data security principles and security standards such as PCIDSS and ISO 27001. — Knowledge of network technologies and protocols such as TCP/IP, DNS, SSL/TLS, SSH, VPN, etc. —Experience with Kubernetes and Docker. —Experience in working with AWS and GCP cloud services. —Experience with programming conspiracies/command line scripts such as Python, Bash, etc. —Knowledge of various data security tools, network scanners, vulnerability analysis tools, IDS/IPS systems, identity management systems, etc. —Knowledge of various automation and integration tools such as Gitlab CI, Jenkins, Ansible, Puppet, Chef, etc. —Understanding the principles of developing secure software, learning methods for detecting and eliminating vulnerabilities in software code. —Knowledge of incident management methods and the ability to quickly respond to incidents in the field of information security. —The ability to work in a team, the ability to communicate and cooperate. It will be a plus: —Experience of working with the GDPR regulation. —Understanding the principles of software development methods such as Agile, Scrum, Kanban, etc. —Experience in working with virtualization tools. Responsibilities: — Development and implementation of procedures and technologies to ensure the security of critical data and infrastructure in accordance with the requirements of PCIDSS, ISO 27001, GDPR. — Administration and monitoring of the company's information security systems. —Ensuring continuous improvement of processes and application of modern security methods. — Automation of information security processes, as well as automation and integration of security testing and continuous integration and continuous delivery (CI/CD) tools. —Analysis and assessment of application and infrastructure vulnerabilities, ensuring their elimination. —Conducting regular audits for compliance with the requirements of the IS configuration, infrastructure and applications. —Performance of testing for the detection of abuse of tazlams, thread hunting, reverse engineering. — Analysis of the current state of information security, creation of reports and recommendations for improvement. —Participation in risk analysis, incident management, internal and external audits. We offer: — Flexible schedule; — Vacation of 20 working days; —Paid sick leave; — 12 sick days; —Day off for a birthday; —Development of professional education; — Mental health care — corporate psychologist; —Support and development of volunteer culture—our team organizes and participates in charity events. We want to help and make the world around us kinder; —Modern office center.