Job VC
DevSecOps Engineer (Cloud Security and Compliance)
Come Back Agency supports US software and technology companies by running their hiring process. We work with delivery and leadership teams to define roles, screen candidates, and manage interviews. Successful candidates are hired directly by the company and become part of its team.
This position is with a US-based software company providing custom development and AI implementation for North American clients. The team builds and maintains production software, including AI-enabled systems, and works in long-term client engagements. Team members operate as part of an internal, distributed team and collaborate directly with client stakeholders.
About the role
The company is moving deeper into enterprise work. We need a DevOps engineer who can help harden our infrastructure, implement security best practices, and drive compliance readiness so we can pass enterprise vendor reviews and pursue certifications like SOC 2 and ISO 27001. You will work closely with engineering and leadership across infrastructure, security, and compliance.
What you will do:
Build and maintain secure cloud infrastructure and CI/CD pipelines
Implement access control, least privilege, and secrets management across environments
Standardize logging, monitoring, alerting, and audit trails
Create and maintain secure SDLC practices, including code scanning, dependency scanning, and change control
Set up incident response basics, including runbooks, on-call expectations, and post-incident process
Compliance readiness for SOC 2 and ISO 27001 by implementing required technical controls and gathering evidence
Vulnerability management and patching routines for infrastructure and dependencies
Improve backup, disaster recovery, and business continuity practices
Support client security questionnaires with clear technical answers and evidence
Requirements:
Up to 2 years
of DevOps experience with cloud infrastructure and deployment pipelines
Hands-on experience with AWS, including IAM, networking, compute, and logging services
Experience with Infrastructure as Code such as Terraform
Experience with containerization and orchestration, Docker and Kubernetes preferred
Comfort setting up security tooling, SAST, DAST, dependency scanning, secret scanning
Ability to document systems clearly and work with auditors or compliance tools when needed
English at B2 level or higher
- you will collaborate directly with US client stakeholders
Nice to have:
SOC 2 or ISO 27001 experience, even if you were the technical owner not the compliance PM
Experience with Vanta, Drata, Secureframe, or similar evidence automation tools
Experience working with HIPAA or other regulated client environments
AWS certifications such as Solutions Architect or Security Specialty
What We Offer:
Working hours aligned with US time zones, typically 16:00-23:59 Kyiv time
English lessons to support clear and confident communication
Paid vacation and sick days
Fully remote work
Opportunities for professional growth within the team
Structured, personalized onboarding to help you ramp up effectively
Apply with your resume and a short note outlining your relevant experience. You can also submit it through our website at comeback.ua. Selected candidates will be contacted by Come Back Agency.