Lead DevSecOps Engineer

Playson, founded in 2012, is a leading iGaming supplier globally, providing a high-end, microservice-based Platform-as-a-Service. They are establishing a Platform & Cloud Security function and seeking a Lead DevSecOps Engineer. This role involves defining best practices, integrating security into CI/CD pipelines, hardening infrastructure, designing AWS cloud security controls, managing secrets, building centralized monitoring, leading vulnerability management, and contributing to compliance readiness.

Must Have

• Establish DevSecOps function and security standards across the Platform Tribe.
• Integrate security into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning).
• Harden infrastructure and runtime environments (Linux, Docker, Kubernetes/EKS, RBAC).
• Design and enforce cloud security controls in AWS (IAM least-privilege, GuardDuty, Security Hub, encryption).
• Define and maintain IaC security policies (Terraform/Terragrunt, policy-as-code).
• Implement and manage secrets management solutions (Vault, AWS Secrets Manager).
• Build centralized security monitoring & alerting (Datadog, ELK, CloudWatch, SIEM/SOAR).
• Lead vulnerability management and threat modeling practices.
• Automate workflows through scripting (Python, Bash).
• Partner with engineers to embed security in design & delivery.
• Contribute to compliance readiness (ISO 27001, GDPR, PCI-DSS).
• 5+ years in Security Engineering / DevSecOps roles with proven success.
• Deep knowledge of IAM least-privilege design, encryption, GuardDuty, Security Hub in AWS.
• Strong experience with RBAC, PodSecurity/OPA/Gatekeeper/Kyverno policies.
• Expertise with HashiCorp Vault, AWS Secrets Manager, or equivalent.
• Hands-on with centralized logging, SIEM/SOAR tools and incident response workflows.
• In-depth understanding of secure network design, segmentation, and monitoring.
• Experience with tools enabling temporary, approval-based access (Teleport, AWS IAM Identity Center, Okta).
• Ability to design and enforce zero trust principles.
• Familiarity with SBOM generation, artifact signing, and applying SLSA/in-toto frameworks.
• Experience automating compliance checks with IaC and policy engines.

Good to Have

• Exposure to Kafka or ClickHouse in security-sensitive environments.
• Familiarity with GitOps tooling (FluxCD/ArgoCD).
• Broader knowledge of SOC 2, HIPAA, or other regulatory frameworks.

Perks & Benefits

• Compensation at top industry standards + quarterly bonuses based on transparent evaluation.
• Remote-first flexibility and adaptable working hours.
• Unlimited paid vacation & sick leave.
• Comprehensive medical insurance (for you and your partner).
• Financial support for major life events.
• Professional growth budget for courses, training, and certifications.
• Professional development
• Social events
• Flexibility in your schedule
• Full Medical Insurance for you and your +1
• Unlimited paid vacation leave
• Bonus system
• Unlimited sick leave
• Remote work
• Courses and training reimbursement
• Employee referral program
• Competitive salary fixed in EUR/USD

###### About Playson

Founded in 2012, Playson is a leading iGaming supplier recognized worldwide. We provide our partners with a high-end, microservice-based Platform-as-a-Service capable of processing billions of financial transactions daily. Our global infrastructure is designed for cross-regional performance, with a relentless focus on latency reduction and flawless player experience, regardless of bandwidth or connectivity.

We are now building a Platform & Cloud Security function and are looking for the first hire to launch and lead it. This is a rare opportunity to set the standards from scratch and shape how security is embedded into a modern, high-load, cloud-native environment.

###### Key Responsibilities

• Establish the DevSecOps function at Playson, defining best practices and security standards across the Platform Tribe.
• Integrate security into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning).
• Harden infrastructure and runtime environments (Linux, Docker, Kubernetes/EKS, RBAC).
• Design and enforce cloud security controls in AWS (IAM least-privilege, GuardDuty, Security Hub, encryption at rest/in transit).
• Define and maintain IaC security policies (Terraform/Terragrunt, drift detection, policy-as-code).
• Implement and manage secrets management solutions (Vault, AWS Secrets Manager).
• Build centralized security monitoring & alerting (Datadog, ELK, CloudWatch, SIEM/SOAR).
• Lead vulnerability management and threat modeling practices.
• Automate workflows through scripting (Python, Bash).
• Partner with backend, infrastructure, and platform engineers to embed security in design & delivery.
• Contribute to compliance readiness (ISO 27001, GDPR, PCI-DSS).
• Act as a security subject-matter expert, mentoring engineers and raising awareness.
• Continuously evaluate and implement new security tools and approaches.

###### Requirements

• 5+ years in Security Engineering / DevSecOps roles, with proven success delivering secure infrastructure and applications.
• Strong skills in Python and Bash for building and automating security workflows.
• Cloud Security (AWS focus) - Deep knowledge of IAM least-privilege design, encryption at rest/in transit, GuardDuty, Security Hub, and best practices for securing multi-account environments.
• Implementation of security controls in pipelines (SAST, DAST, dependency scanning, container image scanning, policy-as-code).
• Hardening of Linux systems, Docker, Kubernetes/EKS; strong experience with RBAC, PodSecurity/OPA/Gatekeeper/Kyverno policies.
• Terraform/Terragrunt, including policy-as-code, drift detection, and compliance enforcement.
• Expertise with HashiCorp Vault, AWS Secrets Manager, or equivalent.
• Hands-on with centralized logging, SIEM/SOAR tools (Datadog Security, ELK, CloudWatch, etc.) and incident response workflows.
• In-depth understanding of secure network design, segmentation, and monitoring.
• Experience with tools enabling temporary, approval-based access (Teleport, AWS IAM Identity Center, Okta, etc.).
• Ability to design and enforce zero trust principles (continuous verification, microsegmentation, contextual access).
• Familiarity with SBOM generation (CycloneDX, Syft), artifact signing (Cosign, Sigstore), and applying SLSA/in-toto frameworks.
• Understanding of ISO 27001, GDPR, PCI-DSS (iGaming relevance), plus experience automating compliance checks with IaC and policy engines.

###### Nice to have:

• Exposure to Kafka or ClickHouse in security-sensitive environments.
• Familiarity with GitOps tooling (FluxCD/ArgoCD).
• Broader knowledge of SOC 2, HIPAA, or other regulatory frameworks.

###### What We Offer

• Compensation at top industry standards + quarterly bonuses based on transparent evaluation.
• Remote-first flexibility and adaptable working hours.
• Unlimited paid vacation & sick leave.
• Comprehensive medical insurance (for you and your partner).
• Financial support for major life events.
• Professional growth budget for courses, training, and certifications.

###### Recruitment Process

1. HR Interview – 45 min

2. Hiring Manager Interview – 60 min

3. Technical Interview – 90 min

4. Final Interview with Head of Platform & CTO – 60 min

What you get in return

• Professional development
• Social events
• Flexibility in your schedule
• Full Medical Insurance for you and your +1
• Unlimited paid vacation leave
• Bonus system
• Unlimited sick leave
• Remote work
• Courses and training reimbursement
• Employee referral program
• Competitive salary fixed in EUR/USD