Lead DevSecOps Engineer

About the Role

We are now building a Platform & Cloud Security function and are looking for the first hire to launch and lead it. This is a rare opportunity to set the standards from scratch and shape how security is embedded into a modern, high-load, cloud-native environment.

Key Responsibilities

• Establish the DevSecOps function at Playson, defining best practices and security standards across the Platform Tribe.

• Integrate security into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning).

• Harden infrastructure and runtime environments (Linux, Docker, Kubernetes/EKS, RBAC).

• Design and enforce cloud security controls in AWS (IAM least-privilege, GuardDuty, Security Hub, encryption at rest/in transit).

• Define and maintain IaC security policies (Terraform/Terragrunt, drift detection, policy-as-code).

• Implement and manage secrets management solutions (Vault, AWS Secrets Manager).

• Build centralized security monitoring & alerting (Datadog, ELK, CloudWatch, SIEM/SOAR).

• Lead vulnerability management and threat modeling practices.

• Automate workflows through scripting (Python, Bash).

• Partner with backend, infrastructure, and platform engineers to embed security in design & delivery.

• Contribute to compliance readiness (ISO 27001, GDPR, PCI-DSS).

• Act as a security subject-matter expert, mentoring engineers and raising awareness.

• Continuously evaluate and implement new security tools and approaches.

Requirements

• 5+ years in Security Engineering / DevSecOps roles, with proven success delivering secure infrastructure and applications.

• Strong skills in Python and Bash for building and automating security workflows.

• Cloud Security (AWS focus) - Deep knowledge of IAM least-privilege design, encryption at rest/in transit, GuardDuty, Security Hub, and best practices for securing multi-account environments.

• Implementation of security controls in pipelines (SAST, DAST, dependency scanning, container image scanning, policy-as-code).

• Hardening of Linux systems, Docker, Kubernetes/EKS; strong experience with RBAC, PodSecurity/OPA/Gatekeeper/Kyverno policies.

• Terraform/Terragrunt, including policy-as-code, drift detection, and compliance enforcement.

• Expertise with HashiCorp Vault, AWS Secrets Manager, or equivalent.

• Hands-on with centralized logging, SIEM/SOAR tools (Datadog Security, ELK, CloudWatch, etc.) and incident response workflows.

• In-depth understanding of secure network design, segmentation, and monitoring.

• Experience with tools enabling temporary, approval-based access (Teleport, AWS IAM Identity Center, Okta, etc.).

• Ability to design and enforce zero trust principles (continuous verification, microsegmentation, contextual access).

• Familiarity with SBOM generation (CycloneDX, Syft), artifact signing (Cosign, Sigstore), and applying SLSA/in-toto frameworks.

• Understanding of ISO 27001, GDPR, PCI-DSS (iGaming relevance), plus experience automating compliance checks with IaC and policy engines.

Nice to have:

• Exposure to Kafka or ClickHouse in security-sensitive environments.

• Familiarity with GitOps tooling (FluxCD/ArgoCD).

• Broader knowledge of SOC 2, HIPAA, or other regulatory frameworks.

What We Offer

• Competitive Salary: We offer a competitive salary in EUR, subject to annual performance reviews;

• Quarterly Bonuses: Benefit from a transparent and systematic quarterly bonus system;

• Flexible Schedule: We offer a flexible work schedule to accommodate your needs;

• Remote Work Option: Choose to work remotely, providing greater flexibility and comfort;

• Medical Insurance: Receive comprehensive medical insurance for both you and a significant other;

• Financial Support for Life Events: We provide financial support during special life events;

• Unlimited Paid Vacation: Enjoy unlimited paid vacation leave;

• Unlimited Paid Sick Leave: Take unlimited paid sick leave whenever necessary;

• Professional Development: Get reimbursement for professional development courses and training.

Recruitment Process

• HR interview

• Technical interview (with Live coding)

• Final interview

Please take into account that sometimes the process may differ, your TA Partner will keep you updated.

Join us today!