DevSecOps Engineer

Description

Summary: ThetaRay is seeking a DevSecOps Engineer to strengthen the security, reliability, and compliance of their cloud-native AML platform, focusing on vulnerability management and secure CI/CD practices. Highlights: 1. Strengthen security, reliability, and compliance of cloud-native AML platform 2. Identify, analyze, prioritize, and remediate security vulnerabilities 3. Automate security, compliance, and operational tasks Madrid, Spain Full\-timeDescription ThetaRay provides AI\-driven anti\-financial crime technology used by global banks and fintechs to detect money laundering and financial crimes. Our Madrid office is a key R\&D hub with 50\+ team members across engineering, data, and customer delivery, working closely with strategic customers across the region. We are looking for a **DevSecOps Engineer** to join our global engineering team and help strengthen the security, reliability, and compliance posture of our cloud\-native AML platform. The ideal candidate has hands\-on experience with Kubernetes\-based environments, vulnerability management, secure CI/CD practices, Linux systems, and security tooling. This role requires strong technical ownership, a proactive security mindset, and the ability to collaborate effectively with engineering, DevOps, security, and global teams.**Key Responsibilities** * Identify, analyze, prioritize, and remediate security vulnerabilities, including CVEs in containers, application dependencies, and infrastructure components. * Work closely with engineering and DevOps teams to fix vulnerabilities across CI/CD pipelines, container images, Kubernetes workloads, and cloud infrastructure. * Support and secure Kubernetes environments, preferably **Azure Kubernetes Service (AKS)**, with experience in **OpenShift Container Platform (OCP)** considered an advantage. * Implement and maintain security controls across cloud\-native platforms, including container security, image scanning, runtime security, and Kubernetes hardening. * Work with **Static Code Analysis / SAST** tools to identify code\-level security risks and help development teams remediate findings. * Work with **CSPM** tools to detect and resolve cloud security misconfigurations. * Automate security, compliance, and operational tasks using Bash and other scripting tools. * Support secure software delivery processes, including CI/CD security gates, vulnerability scans, policy enforcement, and compliance checks. * Collaborate with global teams across different time zones to support security initiatives, incident response, and platform improvements. * Promote DevSecOps best practices and help embed security into the software development lifecycle. Requirements * Proven experience as a **DevSecOps Engineer**, **DevOps Engineer with security focus**, **Cloud Security Engineer**, or similar role. * Hands\-on experience handling **CVEs**, vulnerability remediation, patching, dependency upgrades, and risk prioritization. * Strong experience with **Kubernetes**, preferably **AKS**; experience with **OCP / OpenShift** is a strong advantage. * Strong hands\-on experience with **Linux systems**, including troubleshooting, hardening, package management, permissions, services, networking, and logs. * Solid experience writing and maintaining **Bash scripts**. * Experience with **Static Code Analysis tools** such as SonarQube, Checkmarx, Veracode, Snyk Code, Semgrep, or similar. * Experience with **CSPM tools** such as Prisma Cloud, Wiz, Microsoft Defender for Cloud, Orca, Lacework, or similar. * Familiarity with container security tools and practices, including image scanning, base image management, secrets handling, and Kubernetes security policies. * Understanding of cloud security concepts, IAM, networking, encryption, logging, monitoring, and compliance. * Experience working in CI/CD environments such as Azure DevOps, GitHub Actions, GitLab CI, Jenkins, or similar. **Preferred Qualifications*** Experience working in a financial services, fintech, AML, compliance, or regulated SaaS environment. * Familiarity with security standards and frameworks such as CIS Benchmarks, OWASP, NIST, ISO. * Experience with Infrastructure as Code tools such as Terraform, Helm, Helmfile, Kustomize, or ArgoCD. * Experience with container registries and artifact management tools. * Experience with runtime security, admission controllers, Kubernetes policies, or policy\-as\-code tools such as OPA/Gatekeeper or Kyverno. * Knowledge of SIEM, audit logging, and security monitoring platforms. **Personal Skills*** Strong team player with excellent collaboration skills. * Able to work effectively with global and cross\-functional teams. * Proactive, responsible, and detail\-oriented. * Strong problem\-solving skills and ability to drive issues to resolution. * Good communication skills in English, both written and verbal. * Security\-minded approach with a willingness to learn and continuously improve.