Senior DevSecOps Engineer

About the role:

As a founding Senior DevSecOps Engineer, you’ll architect resilient, scalable infrastructures and drive security automation that fortifies our systems. Your expertise will directly shape our product as you partner with cross-functional teams to create innovative, secure solutions that drive our evolving business forward.

About us:

BeOne is a next-generation neobank that redefines how individuals and businesses manage money by blending traditional and digital finance. Our platform offers multi-currency accounts, ultra-low fees, real-time global payments, and robust financial tools, all within an intuitive, refined interface.

Our bold vision is to become the largest regulated funds and data transfer network for both retail and business customers. We empower users with financial freedom, security, and efficiency, whether for personal finances, business operations, or global investments.

What you will do:

• Create, maintain, and evolve secure infrastructure in GCP and GKE, focusing on performance, availability, and reliability while embedding security at every layer
• Take ownership of security best practices across the DevOps lifecycle by integrating vulnerability scanning, patch management, and automated security testing into CI/CD pipelines
• Ensure continuous compliance with industry standards and regulations, collaborating with compliance & security teams to meet audit requirements
• Design and implement secure network architectures, including secure access controls, encryption, segmentation, and the use of VPNs, firewalls, and cloud-native security services
• Monitor, detect, and respond to security incidents using SIEM tools such as Splunk, ELK Stack, or Sumo Logic, working closely with incident response teams to mitigate threats
• Promote a security-first culture by educating teams on secure coding practices, deployment, and monitoring techniques
• Document implemented solutions thoroughly and share insights to support continuous improvement
• Research emerging security technologies and develop proofs of concept to enhance our security posture and operational efficiency
• Build and maintain automation tools that streamline security processes throughout the software development lifecycle
• Collaborate with other teams and participate in daily stand-ups and planning sessions to address challenges and align on security objectives
  

What we expect from you:

• 4+ years in security roles; 5+ years in DevOps/DevSecOps/SRE positions; 10+ years overall in technology
• Proficient in Bash, Python, or GoLang and strong in Linux administration (Debian/Ubuntu)
• Solid understanding of networking (LAN/WAN, firewalls, proxies, load balancers, VPNs, HTTP(s), DNS, SSH, TCP/IP)
• Experience with Docker, Kubernetes, Helm; CI/CD, version control, and IaC using Terraform; familiarity with GCP/AWS/Azure
• Expertise in SIEM tools (Splunk, ELK, Sumo Logic), risk analysis, threat modeling, and automating security processes (vulnerability scans, security testing, scripting)
• Knowledge of data protection (encryption, key management, access controls), ISO standards, security audits, and pentesting
• Proficient in English (B2+)

Nice to Have:

• Familiarity with GDPR, SOC 2, HIPAA, PCI-DSS
• Experience with Argo CD and Argo Rollouts
• Knowledge of Kafka, Redis, Nginx, Apache HTTP Server, or Nats
• Expertise in logging tools (Kibana, FluentD, Elasticsearch)
• Skills in PostgreSQL administration and JVM technologies
• A strong interest in finance, trading, and crypto

Why it’s worth a try:

• Remote-first company - we enable you to work from anywhere in the world.
• Flexible working hours - we have core working hours between 11 am and 3 pm CET, offering you the opportunity to choose when you work outside of those hours
• 38 days of paid vacation leave, and 14 days of sick leave
• Join a forward-thinking team where you have the autonomy to make your own choices and explore new ideas.

Our tech stack & methodologies:

• Automation & IaC: Bash, Python, GoLang, Terraform
• Observability: Elasticsearch, Kibana, FluentD; Prometheus, Grafana; SIEM tools (Splunk, ELK, Sumo Logic)
• CI/CD: Bitbucket Pipelines, ArgoCD
• Containerization & Orchestration: Docker, Kubernetes, Helm
• Security: VPNs (OpenVPN), firewalls, TFsec, Trivy, and cloud-native security services
• Networking: LAN/WAN, Load Balancers, HTTP(s), DNS, SSH, TCP/IP
• Collaboration: Slack, Google Meet, Jira, Confluence, Bitbucket