Senior DevSecOps Engineer

We are seeking an experienced Senior DevSecOps Engineer to join our engineering team.

This role combines development, security, and operations expertise to build and maintain secure, scalable infrastructure while embedding security practices throughout our software development lifecycle.

 
About Play North

We are a diverse and fast-growing online casino operator active in regulated markets with offices based in Malta, Estonia and The Netherlands. You can now join our dynamic, capable and enthusiastic team. 

We are the people behind the global casino brands Pikakasino.com and Kansino.nl. We are licensed and regulated by the Malta Gaming Authority and Kansspelautoriteit in The Netherlands. 

Due to the continued growth and success of our brands, we are now searching for more A class talents to join our mission to build the next iGaming giant.

Are you a self-motivated and dedicated person with an eye for detail? If you get kicks from new challenges in a top professional, yet easy-going and fun, work environment, then we are eager to hear from you!

Responsibilities: 

• Design, implement, and maintain secure AWS cloud infrastructure using Infrastructure as Code (CDK)
• Integrate and manage security scanning tools within CI/CD pipelines (SAST, DAST, container scanning)
• Configure and maintain AWS security services
• Define and enforce security best practices for development teams
• Lead incident response activities and participate in 24/7 on-call rotation for critical security incidents
• Collaborate with development teams to remediate security vulnerabilities and implement secure coding practices
• Automate security controls and compliance monitoring processes
• Conduct vulnerability assessments and prioritize remediation efforts based on risk
• Manage Cloudflare, including  security services including WAF rules, DDoS protection, Rate Limiting, Bot Management, DNS management, workers, rules and proxies for edge computing and security automation
• Solve vulnerability issues in infrastructure (IaC)
• Ensure compliance with ISO 27001:2022, NIS2, GDPR and gambling jurisdiction requirements. 
• Integrate and maintain SAST and DAST within CI/CD pipelines to ensure continuous integration and delivery. Identify and address any security findings. 
• Define and enforce secure coding principles. Run periodic secure training with developers. 
• Mentor engineering teams on secure design, code review and compliance responsibilities. 
• Generate and keep updated hardening guides and provide updated hardened images to be used in the CI/CD. 
• Centralised logging and monitoring of security and critical systems (Cloudflare, AWS, GCP). Implement detection playbooks and automated alerting. 
• Support auditors and testers during periodic audits, penetration and vulnerability tests performed.

Requirements:

• Minimum 5 years of experience in DevOps, Security Operations, or related roles
• Strong expertise in AWS cloud services and architecture
• Proficiency with Infrastructure as Code tools
• Experience with security controls in AWS (IAM, CloudTrail, GuardDuty, Security Hub) 
• Strong knowledge of secrets and key management (AWS secret manager) and secret injection pattern in CI/CD.
• Experience with detection engineering and SIEM tools.  Hands-on experience with CI/CD pipelines and security integration
• Experience with monitoring and observability
• Basic coding abilities
• Excellent problem-solving and communication skills
• Hands-on experience with Cloudflare products (WAF, CDN, Workers, Zero Trust)

What we offer

• A hybrid working model.
• Competitive salary based on experience and qualifications.
• Brand new offices.
• Private parking.
• Private Health insurance.
• Wellness allowance up to €600 per year.
• Employee assistance program with Richmond Foundation.
• Birthday wishes with something special.
• Office lunches and daily nibbles such as fresh fruit and healthy snacks.
• Meal allowance.
• Lots of great company discounts.

"By submitting your application, you understand that your personal data will be processed as set out in our Privacy Policy, which can be accessed by clicking here. Where you have not granted consent to retain your data in our talent pool, we will, in cases where the recruitment process did not lead to employment with Play North, retain your personal data for a period not exceeding six months in order to, among other things, enable us to manage potential disputes or store data about your talents for near future opportunities. Once this retention period has elapsed, your data will be deleted. You have a right to object to this additional 6 months-period of processing by explaining the reasons why we should not process your personal data to our Data Protection Officer at DPO@playnorth.com."