DevSecOps Engineer

About the DevSecOps Engineer Role at Playson

We are actively building our Platform & Cloud Security function and seeking a Lead DevSecOps Engineer to establish and spearhead this critical area. This unique opportunity allows you to define security standards from the ground up, shaping how security is integrated into our modern, high-load, and cloud-native environment.

Founded in 2012, Playson stands as a leading iGaming supplier globally recognized for providing a high-end, microservice-based Platform-as-a-Service. Our platform handles billions of financial transactions daily, supported by a global infrastructure optimized for cross-regional performance, low latency, and a flawless player experience regardless of connectivity.

Key Responsibilities

• Establish the DevSecOps function at Playson, defining best practices and security standards across the Platform Tribe.
• Integrate security into CI/CD pipelines, covering SAST, DAST, dependency scanning, and container scanning.
• Harden infrastructure and runtime environments, including Linux, Docker, Kubernetes/EKS, and RBAC.
• Design and enforce robust cloud security controls within AWS, focusing on IAM least-privilege, GuardDuty, Security Hub, and encryption at rest/in transit.
• Define and maintain IaC security policies using Terraform/Terragrunt, including drift detection and policy-as-code.
• Implement and manage secrets management solutions such as Vault and AWS Secrets Manager.
• Build centralized security monitoring & alerting systems using Datadog, ELK, CloudWatch, and SIEM/SOAR tools.
• Lead vulnerability management and threat modeling practices.
• Automate security workflows extensively using scripting languages like Python and Bash.
• Partner with backend, infrastructure, and platform engineers to embed security throughout design and delivery.
• Contribute to compliance readiness for standards such as ISO 27001, GDPR, and PCI-DSS.
• Act as a security subject-matter expert, providing mentorship to engineers and raising security awareness.
• Continuously evaluate and implement new security tools and approaches to maintain a cutting-edge security posture.

Requirements

• 5+ years of experience in Security Engineering or DevSecOps roles, with a proven track record of delivering secure infrastructure and applications.
• Strong proficiency in Python and Bash for developing and automating security workflows.
• Deep expertise in Cloud Security (AWS focus), including IAM least-privilege design, encryption, GuardDuty, Security Hub, and securing multi-account environments.
• Hands-on experience implementing security controls in CI/CD pipelines, including SAST, DAST, dependency scanning, container image scanning, and policy-as-code.
• Extensive experience hardening Linux systems, Docker, and Kubernetes/EKS, alongside strong skills in RBAC and policies like PodSecurity, OPA, Gatekeeper, or Kyverno.
• Proficiency with Terraform/Terragrunt, including policy-as-code, drift detection, and compliance enforcement.
• Expertise in secrets management with HashiCorp Vault, AWS Secrets Manager, or similar solutions.
• Practical experience with centralized logging, SIEM/SOAR tools (e.g., Datadog Security, ELK, CloudWatch) and incident response workflows.
• In-depth understanding of secure network design, segmentation, and monitoring.
• Experience with tools for temporary, approval-based access (e.g., Teleport, AWS IAM Identity Center, Okta).
• Ability to design and enforce zero trust principles, including continuous verification, microsegmentation, and contextual access.
• Familiarity with SBOM generation (e.g., CycloneDX, Syft), artifact signing (e.g., Cosign, Sigstore), and applying SLSA/in-toto frameworks.
• Understanding of ISO 27001, GDPR, PCI-DSS (especially relevant to iGaming), and experience automating compliance checks with IaC and policy engines.

What We Offer

• Compensation at top industry standards, complemented by quarterly bonuses based on transparent evaluations.
• Remote-first flexibility and adaptable working hours to support work-life balance.
• Unlimited paid vacation & sick leave for genuine rest and recovery.
• Comprehensive medical insurance for both you and your partner.
• Financial support for major life events.
• Generous professional growth budget for courses, training, and certifications.

Key skills/competency

• DevSecOps
• Cloud Security
• AWS
• Kubernetes
• CI/CD Security
• IAM
• Terraform
• Python
• Vulnerability Management
• Compliance (ISO 27001, GDPR, PCI-DSS)