Job VC

DevSecOps Engineer (Cloud Security, Compliance)

Unknown · workua · Come Back Agency
Open original ↗

Come Back Agency supports US software and technology companies by running their hiring process. We work with delivery and leadership teams to define roles, screen candidates, and manage interviews. Successful candidates are hired directly by the company and become part of its team.
This position is with a US-based software company providing custom development and AI implementation for North American clients. The team builds and maintains production software, including AI-enabled systems, and works in long-term client engagements. Team members operate as part of an internal, distributed team and collaborate directly with client stakeholders.
About the role
The company is moving deeper into enterprise work. We need a DevOps engineer who can help harden our infrastructure, implement security best practices, and drive compliance readiness so we can pass enterprise vendor reviews and pursue certifications like SOC 2 and ISO 27001. You will work closely with engineering and leadership across infrastructure, security, and compliance.
What you will do:

Build and maintain secure cloud infrastructure and CI/CD pipelines

Implement access control, least privilege, and secrets management across environments

Standardize logging, monitoring, alerting, and audit trails

Create and maintain secure SDLC practices, including code scanning, dependency scanning, and change control

Set up incident response basics, including runbooks, on-call expectations, and post-incident process

Compliance readiness for SOC 2 and ISO 27001 by implementing required technical controls and gathering evidence

Vulnerability management and patching routines for infrastructure and dependencies

Improve backup, disaster recovery, and business continuity practices

Support client security questionnaires with clear technical answers and evidence

Requirements:

Up to 2 years
of DevOps experience with cloud infrastructure and deployment pipelines

Hands-on experience with AWS, including IAM, networking, compute, and logging services

Experience with Infrastructure as Code such as Terraform

Experience with containerization and orchestration, Docker and Kubernetes preferred

Comfort setting up security tooling, SAST, DAST, dependency scanning, secret scanning

Ability to document systems clearly and work with auditors or compliance tools when needed

English at B2 level or higher
— you will collaborate directly with US client stakeholders

Nice to have:

SOC 2 or ISO 27001 experience, even if you were the technical owner not the compliance PM

Experience with Vanta, Drata, Secureframe, or similar evidence automation tools

Experience working with HIPAA or other regulated client environments

AWS certifications such as Solutions Architect or Security Specialty

What We Offer:

Working hours aligned with US time zones, typically 16:00—23:59 Kyiv time

English lessons to support clear and confident communication

Paid vacation and sick days

Fully remote work

Opportunities for professional growth within the team

Structured, personalized onboarding to help you ramp up effectively

Apply with your resume and a short note outlining your relevant experience. You can also submit it through our website at
comeback.ua
. Selected candidates will be contacted by Come Back Agency.