DevSecOps Engineer - Fintech (relocation to Cyprus)

This is an onsite role with our team in Nicosia, Cyprus. We offer relocation support to our team members relocating from abroad.

Reluna is redefining the future of Wealth Management and Family Governance with cutting-edge, data-driven platforms. Leveraging advanced automation and scalable architecture, we make complex processes – from data integration to reporting and compliance – fast, seamless and accurate.

We are hiring a DevSecOps Engineer to take ownership of security across infrastructure, pipelines and application delivery. This is not a compliance role - this is hands-on engineering with real control over how security is designed and enforced across our platforms.

Key Responsibilities:

• Design and enforce secure-by-default infrastructure across AWS and Kubernetes
• Own secrets management and identity flows across services and environments
• Harden Kubernetes clusters and workloads with policy-driven security controls
• Build and maintain secure CI/CD pipelines with strong supply chain guarantees
• Implement end-to-end workload identity using modern federation (OIDC, IRSA)
• Integrate security directly into developer workflows without slowing delivery
• Drive threat modeling practices across APIs and distributed systems
• Lead incident response from a security perspective and improve detection capabilities
• Continuously audit, validate and improve system security posture
• Partner with DevOps Engineer and engineering teams to embed security into architecture decisions

Must Have Technical Expertise:

• Scanning: Trivy, Semgrep, Gitleaks/TruffleHog, Snyk (optional)
• Runtime: OPA/Gatekeeper, Rego policies (conftest, opa test)
• Kubernetes: NetworkPolicies, Pod Security Standards, Kyverno (optional)
• AWS: GuardDuty, SecurityHub, CloudTrail, AWS Config, IAM (least privilege, roles, access analyzer)
• Secrets: Vault + secret scanning в CI/CD
• CI/CD: GitHub Actions/GitLab CI security, OIDC, pipeline hardening, artifact security
• Supply chain: Syft/Trivy (SBOM), Cosign (signing), Dependabot/Renovate
• Containers: Image scanning, distroless/minimal images, lifecycle policies, registry security
• Monitoring: Falco, SIEM (ELK/Splunk), alerting, incident response playbooks
• Compliance: SOC 2 / PCI DSS (controls → automated checks), Policy-as-Code (OPA/Rego)

What We Are Looking For:

• 4+ years in DevSecOps, Security Engineering or SRE with strong security ownership
• Proven experience securing Kubernetes-based production systems
• Deep understanding of identity, authentication and authorization models
• Strong bias toward automation and policy-as-code
• Ability to challenge weak security practices and enforce better ones
• Comfortable operating in high-accountability environments with minimal oversight
• Russian and English languages at professional working capacity

Bonus Points For:

• AI-Forward Mindset: Enthusiasm for leveraging AI-assisted tools to enhance productivity and automation

• Experience in regulated or financial environments
• Experience with multi-tenant SaaS architectures at scale
• Exposure to service mesh (Istio or Linkerd)
• Experience securing multi-tenant SaaS platforms
• Familiarity with time-series databases (KDB+)
• Background in incident response or red teaming

Reality Check

If your idea of “security” is running scanners and filing tickets, this role will not work. If you build systems that make insecure behavior impossible, you will fit right in.

Why Join Reluna?

At Reluna, you will join a forward-thinking team passionate about innovation in fintech. We value initiative, ownership and bias for action. You will have the opportunity to architect infrastructure for significant scale, drive cost savings through architecture optimization and work with cutting-edge cloud-native technologies

How to Apply

Please submit your updated CV in English. Due to the volume of applications, only shortlisted candidates will be contacted.