DevSecOps engineer | Cossack Labs

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Back to the list

DevSecOps engineer

Kyiv, UkraineLviv, UkraineFull timeFlexible remote // Build secure infrastructures in large-scale.

The opportunity: #

Cossack Labs is looking for an infrastructure engineer with security focus (SecOps, DevSecOps if you will) to join the operations team and work with us on making innovative security tools robust, reliable and efficient. If you are interested in building secure infrastructures in large-scale, security-sensitive systems — this could be an interesting offering for you.

We are a data security solutions company, developing software products (open-source and proprietary), as well as providing custom bespoke solutions to innovative development teams around the world. Our mission is to make strong security methodologies and approaches convenient within modern infrastructures and, as the software is eating the world, help it eat the world responsibly, without leaking customer’s data.

Among our customers are power grid operators, payment processors, legal companies, million-user customer applications. We cater to young ambitious startups and well-established enterprises, who use our software and solutions as core part of their security arsenal.

Our mission would be impossible without brilliant engineering force, and we’re looking to grow it.

Sounds interesting?

You will: #

  • Build security controls and infrastructural tooling internally for infrastructure and SSDLC.
  • Assist our clients with integrations of our software and surrounding security controls.
  • Participate in infrastructure audits and improvement projects.
  • Participate in working out internal procedures, standards, and flows.
  • Have an individual set of “growth work tasks” depending on preferred further direction of growth (there are a lot of options).

Technical stack: #

  • OS: Linux Debian (mostly), RHEL, Alpine, other Linux distributions just for niche solutions, no MS products at all.
  • VPN: IPSec, OpenVPN.
  • Virtualization: KVM, Docker.
  • IaaC: Ansible, Chef, Terraform.
  • DB: PostgreSQL (mostly), MariaDB/MySQL.

We expect you to have: #

  • Good knowledge of Linux systems.
  • Good networking knowledge.
  • Good understanding of security fundamentals – risks, threats, security controls, types, and classes of security controls, processes, and procedures.
  • Good knowledge and practical experience in scripting languages: one of Python/Ruby + Bash.
  • Knowledge and practical experience in at least one of non-scripting languages: C/C++/Go/Rust.
  • Good understanding of software development lifecycle in security context.
  • Fluent with Docker, KVM.
  • Have some experience with at least one of PostgreSQL/MySQL.

Please note that you can be a perfect fit even if not everything we’ve outlined above applies to you. If you have any questions, please don’t hesitate to ask – everyone is unique.

Extra skills and experience that matter: #

  • Deep Linux architecture.
  • Deep virtualization skills.
  • SSDLC.
  • Clouds.
  • Advanced networking skills.
  • IaaC tools and approaches.
  • Advanced knowledge of monitoring approaches and technologies.
  • CI/CD, packaging.
  • RPi, other IoT life forms.

We will feel comfortable working together if you: #

  • Don’t get desperate to find and read documentation. Of course, each of us is always ready to assist with approaches and search for solutions, but we respect the time of colleagues, and we can read reference information on our own.
  • DO NOT think that good advertising replaces deep knowledge.
  • You don’t necessarily like to write, but you do write good technical documentation.
  • You’d rather do well once than constantly generate monkey patches.
  • You’re not deprived of healthy perfectionism, a sense of beauty and a sense of humour.

We offer: #

Environment: #

  • Friendly and experienced team: smart people to learn from, great people to build with. Each of us is unique, we value and support each other.
  • An atmosphere that motivates you to grow and get smarter every month, a healthy ratio of routine / experimentation.
  • Trust: schedule, reporting, bureaucracy is kept at reasonable minimum. We hire smart people and trust them to do the right thing. When things go wrong, we help rather than punish.
  • Shared decision making: this business is driven by engineering excellence, so engineers are important part of tactical and strategical business decisions.
  • Friendly to humans: not just a formal vacation and sick leave quota. Feel like your mental or physical wellbeing needs care? Take some time off. Feel like working a few days from home? Sure. As long as you’re in line, we are here to support you when you’re not.

Growth: #

  • On this position, you can grow into full-on Site Reliability Engineer, security architect, security engineer with infra bias, - depending on type of tasks and challenges you find exciting.
  • Team that facilitates internal learning and growth all the time.
  • Interesting technologies to work with — sometimes, even unique ones (we design applied cryptography schemes and techniques and novel ways to use them).
  • Ability to grow into one of the fastest growing industry sectors (computer security) with a team of experienced professionals.
  • Management attention to help you improve upon your personal goals (through regular 1:1s and mentoring).

Unique experience: #

  • Interesting challenges, great variety – from internal SSDLC to advising customers how to build security monitoring and automation in restricted environments.
  • Reasonable time budgets and attitude to build things well – we build for decades, rather than till next release.
  • Work at the intersection of technologies: software development, information security, cloud/on-prem infrastructure engineering. You won’t be bored :)
  • A sense of meaning and responsibility for those who seek purpose—we’re building “the invisible texture of modern civilisation”—bits of infrastructure finance, power grids, healthcare rely on, and we are trusted with very challenging aspects of it.

Benefits: #

  • Competitive compensation with flexible bonus scheme.
  • Sick leaves, 21 vacation days a year, extra days off — according to agreements and laws.
  • Conferences, books, courses — we encourage learning and sharing with the community. Our team members share a lot in talks, workshops and blog posts.

Not sure but considering? Talk to us. #

If you see yourself fit but a few things are off — don’t hesitate to talk anyway. It might be that your unique combination of skills and knowledge would be perfectly fitting for our environment, but we both just don’t know it yet.

Why work at Cossack Labs? #

Some companies prioritise talent and value proposition, while others understand business and would take any job that pays well. However, only few companies choose to specialise in difficult tasks as their primary competency.

We take on difficult jobs, we take mission-critical software and make it mission-secure.

  • Virtualise OT infrastructure securely in the presence of active adversaries, preventing them from accessing the susceptible nation-wide network? ✓ Check.
  • Provide immediate application security and infrastructure security guidance for mission-critical application that will be deployed on thousands of devices on the front-line tomorrow? ✓ Check.
  • Validate counter-reverse engineering protections for power grid hardware to ensure that previously air-gapped environments were safe to open up to the outside world? ✓ Check.
  • Ensure that software platforms for exchange of sensitive documents actually have a top-tier SSDLC programme that supplements missing capabilities and builds out processes? ✓ Check.

We operate as a lean core team and a diverse network of experts. The finest people you may work with include PhDs in information security and cryptography, infosec community standard contributors, in-depth experts in rare security topics, and business-centric security engineers with broad experiences. Some of your teammates have worked in infosec since the 1990s and saw the industry grow from nothing. Some of them helped write standards that govern security around you. Maybe someone’s work actually keeps the lights up while you’re reading this?

Our core engineers go through extensive indoctrination and training to become disciplined, stringent, self-sufficient field unit who owns the outcomes rather than just showing up for work.

As you grow into the Cossack Labs engineer, you’ll work on slow-paced projects to learn and improve, internal projects to innovate and build tools, and of course a few fires, because no smooth sea can make a skilled sailor. You’ll discover what works for you and what you need to learn.

We help innovators who are launching new venues of civilisation while facing significant security risks in becoming more secure and resilient. Customers trust us to achieve their business goals, not merely address gaps someone else has to identify first.

If this is a challenge you’re up to, let's talk!

How to apply?

We'd like to get your CV to start a conversation. A supporting letter explaining your story, your interest in security and operations, what you have done in the past and what kind of work you find interesting would help, but is not necessary.

Contact us

Get whitepaper

Apply for the position

Our team will review your resume and provide feedback
within 5 business days

Thank you!
We’ve received your request and will respond soon.
Your resume has been sent!
Our team will review your resume and provide feedback
within 5 business days