Role Description We are looking for a hands-on Security Operations Engineer to own and evolve our security posture across infrastructure, endpoints, and internal systems. You will be the primary driver of day-to-day security operations — from managing protective tooling to responding to incidents and coordinating audits. This is a high-ownership role with direct impact on how the company detects, responds to, and prevents security threats. - Security Systems Management: - Own the configuration, maintenance, and continuous improvement of security tooling across the organization — including DLP, MDM, SIEM, and endpoint protection platforms. - Ensure policies are enforced, coverage is complete, and tooling stays current with evolving threats and business needs. - Incident Management: - Act as the first responder for security incidents: triage alerts, investigate root causes, coordinate containment and remediation, and produce clear post-mortem reports. - Build and refine runbooks and playbooks to reduce response time and improve team readiness over time. - Infrastructure Security: - Partner with DevOps and Engineering teams to embed security across cloud infrastructure, Kubernetes workloads, CI/CD pipelines, and network layers. - Conduct regular reviews of IAM policies, secrets management, network segmentation, and access controls to identify and close gaps before they become incidents. - Audit & Penetration Testing: - Coordinate internal and external security audits, manage relationships with pentest vendors, and track remediation of findings through to closure. - Conduct ongoing vulnerability assessments and support compliance activities (SOC 2, ISO 27001, PCI DSS, or equivalent) by maintaining evidence and responding to auditor requests. Qualifications - Hands-on experience administering DLP platforms (Forcepoint, Symantec DLP, Teramind, Nightfall, or similar) — policy authoring, tuning, and alert management. - MDM administration experience: Jamf, Kandji, Microsoft Intune, or equivalent — device enrollment, compliance policies, remote wipe, certificate management. - Familiarity with PAM solutions (CyberArk, HashiCorp Vault, BeyondTrust) and secrets lifecycle management. - Email security tooling: DMARC/DKIM/SPF configuration, anti-phishing platforms (Proofpoint, Mimecast). - Network security fundamentals: firewall rule management, IDS/IPS configuration, zero-trust access models, VPN and ZTNA (Cloudflare Access, Tailscale, Zscaler). - Infrastructure-as-Code security scanning: Checkov, tfsec, KICS for Terraform/Helm/Kubernetes manifests. - Structured incident response methodology: NIST SP 800-61, PICERL, or equivalent framework. - Digital forensics basics: memory and disk image acquisition, log preservation and chain of custody, timeline reconstruction. - Threat intelligence platforms and feeds: MISP, OpenCTI, VirusTotal, Shodan — IOC enrichment and threat correlation. - Practical knowledge of MITRE ATT&CK framework for detection mapping and adversary emulation. - Vulnerability scanning and management: Nessus, Qualys, Wiz, Orca Security — prioritization, SLA tracking, and remediation coordination. - Pentest coordination: scoping, managing NDA/RoE, validating findings, tracking remediation through to closure. - Web application security fundamentals: OWASP Top 10, common API vulnerabilities, ability to validate findings from external researchers. Requirements - Experience in fintech, crypto, or another regulated industry. - Relevant certifications: OSCP, CEH, GCIA, GCIH, GWAPT, Security+, CISSP, AWS Security Specialty, or CKS (Certified Kubernetes Security Specialist). - Compliance frameworks: SOC 2 Type II, ISO 27001, PCI DSS — evidence collection, control mapping, auditor interaction. - Exposure to blockchain-specific security considerations: smart contract audit basics, wallet security, on-chain threat monitoring. - Experience operating or hardening Web3-facing infrastructure. - SIEM deployment and tuning: Splunk, Elastic SIEM, Microsoft Sentinel, or similar — writing detection rules, building dashboards, reducing false positive rates. - Bug bounty program management: HackerOne, Bugcrowd, or equivalent — triage, researcher communication, severity classification. Benefits - Learning support - courses, English classes, and conferences (up to 100% reimbursement). - Unique loyalty program - receive corporate digital miners and earn passive income with no investment. - Team culture: retreats in international locations (for example, company apartments in Cyprus). - Memorable events with wow prizes - we celebrate big occasions in a big way. - “Employee of the Month” award - we recognize and reward our top performers. - Paid leave: up to 28 vacation days + 8 company holidays + 5 personal days per year. - New career tracks - real opportunities to grow into expert or top management roles. - Work-life fit - flexible hours and remote work. You don’t need to chase balance - here, work is a part of life, not the opposite. We aim to make work inspiring, not exhausting. For us, results matter most.

• Definir y liderar la estrategia integral de ciberseguridad y protección digital • Garantizar la protección de activos digitales y información sensible • Integrar seguridad desde el diseño (Security by Design) en desarrollos tecnológicos • Supervisar la seguridad en aplicaciones y acceso a sistemas • Establecer controles de seguridad en arquitecturas modernas

• Design, prompt-engineer, and deploy automated security review workflows, using for example Claude or other LLM APIs to perform real-time code analysis and architectural reviews within our CI/CD environment. • Lead secure design reviews and advanced threat modeling for our complex payment systems and AI integrated applications. • Act as a technical bridge between Security and Engineering teams. • Collaborate frequently with different engineering teams to identify and address security issues. • Oversee deep-dive technical reviews, moving beyond basic scans to perform source code audits and live application testing on high-risk features. • Contribute and take ownership for the automated security controls we are building and take an active part in every aspect of the secure software development lifecycle (S-SDLC). • Provide hands-on remediation guidance and mentor junior security or software engineers, also members of Product teams, on both traditional exploits and emerging AI-specific vulnerabilities.

• Act as a technical visionary, bridging the gap between robust defense and rapid innovation • Design, prompt-engineer, and deploy automated security review workflows • Lead secure design reviews and advanced threat modeling for complex payment systems and AI integrated applications • Collaborate frequently with different engineering teams to identify and address security issues • Oversee deep-dive technical reviews, moving beyond basic scans to perform source code audits and live application testing on high-risk features • Contribute and take ownership for the automated security controls we are building • Provide hands-on remediation guidance and mentor junior security or software engineers