DevSecOps Engineer

Company Overview

We are a leading decentralized finance (DeFi) aggregator, connecting users to top liquidity sources across multiple blockchain networks. As we grow, we prioritize security, compliance, and governance as core aspects of our development.

Role Overview

We are looking for a DevSecOps Engineer to establish and scale security practices across the organization. You will design a secure software delivery pipeline, protect corporate systems, and safeguard applications and blockchain infrastructure.

As the first DevSecOps Engineer, you will collaborate with Engineering, Legal, DevOps, and Compliance teams to integrate security and compliance at every stage. Responsibilities include implementing automated security checks, securing cloud environments, and driving application security best practices.

This is a unique opportunity to lead and innovate in the evolving DeFi space while ensuring our platform is secure, scalable, and resilient against emerging threats.

Key Responsibilities

• Security & Infrastructure Integration
• Design and implement automated security checks, including SAST/DAST, vulnerability scans, and policy compliance gates, within CI/CD pipelines.
• Secure cloud-native architectures, containerized environments, and microservices.
• Implement and maintain hardened configurations through infrastructure-as-code (IaC) practices (e.g., Terraform).
• Corporate Security
• Collaborate with IT teams to secure corporate systems, networks, and endpoints.
• Define and enforce security policies, access controls, and data protection measures.
• Ensure compliance with global privacy regulations (e.g., GDPR, CCPA) and internal standards.
• Manage identity and access management (IAM) systems and promote secure authentication mechanisms.
• Drive employee security awareness programs and phishing simulation exercises.

Policy Development & Governance:

• Collaborate with Legal, DevOps, and Compliance teams to develop, refine, and maintain policies that align with global regulations and DeFi-specific requirements.
• Participate in cross-functional security committees to ensure a unified approach to risk management, data protection, and blockchain forensic investigations.

Security Audits & Risk Management:

• Conduct continuous security and compliance audits, identifying vulnerabilities in codebases, configurations, and third-party dependencies.
• Implement mitigation strategies and remediate findings promptly, ensuring that risk assessments are an ongoing component of the development lifecycle.

Cloud & Infrastructure Security:

• Secure cloud-native architectures and containerized environments.
• Implement infrastructure-as-code (IaC) best practices, ensuring hardened configurations and secure baselines that withstand regulatory scrutiny and potential threats.

Incident Response & Blockchain Forensics:

• Maintain structured incident response protocols for code and infrastructure breaches.
• Assist in blockchain forensic analysis to identify root causes, contain issues, and enhance future security measures.

Regulatory Alignment & Law Enforcement Engagement:

• Integrate compliance checks into deployment workflows and ensure adherence to relevant global regulations.
• Collaborate with compliance teams to respond effectively to data requests, and support law enforcement engagement where necessary.

Tool Evaluation & Technology Integration:

• Assess, select, and implement cutting-edge security tools, such as vulnerability scanners, compliance platforms, and blockchain analysis solutions, to enhance transaction monitoring and threat detection within Dev LifeCycles, CI/CD, etc.

Training & Advocacy:

• Provide training and guidance to engineering, legal, and compliance personnel on secure coding practices, compliance requirements, and evolving threats.
• Foster a security-first mindset and continuous improvement culture throughout the organization.

Qualifications

Professional Experience:

• 5+ years in DevSecOps, cybersecurity engineering, or a related field - ideally within fintech, DeFi, or blockchain.
• Proven experience integrating security and compliance tools (e.g., SAST/DAST scanners, blockchain analysis platforms) into Dev and CI/CD workflows.

Technical Expertise:

• Proficiency with DevOps toolchains (e.g.GitHub Actions), containerization (Docker, Kubernetes), and IaC (Terraform).
• Strong scripting skills (Python, Bash) and familiarity with compliance-focused solutions (TRM Labs, Hypernative, Etherscan, Blockaid).
• Cloud Security Expertise: Familiarity with securing multi-cloud environments (AWS, GCP, Azure) and leveraging native tools for threat detection and compliance (e.g., AWS Security Hub).

Security & Compliance Knowledge:

• In-depth understanding of OWASP Top 10, AML/KYC frameworks, and global regulatory requirements.
• Experience with blockchain security, cryptographic protocols, and financial sanctions compliance is highly valued.

Cross-Functional Collaboration & Governance:

• Ability to work closely with Legal, DevOps, Compliance, and Product teams.
• Experience developing policies, conducting risk assessments, and implementing governance structures that ensure robust security and regulatory adherence.

Soft Skills:

• Excellent communication, problem-solving, and leadership abilities.
• Comfortable working in a dynamic environment with shifting regulatory landscapes and evolving threat models.

Terms

• Remote work, flexible hours (our team is distributed around the world)
• Young creative team, vibrant environment, and adequate leadership
• Suggestions welcome: propose an idea and execute it
• Competitive remuneration based on a candidate's skills and experience
• Work for a leader in its segment
• Unlimited vacation days per year
• Compensation for work equipment
• Annual team building event at an international resort