Description
ThetaRay provides AI-driven anti-financial crime technology used by global banks and fintechs to detect money laundering and financial crimes.
Our Madrid office is a key R&D hub with 50+ team members across engineering, data, and customer delivery, working closely with strategic customers across the region.
We are looking for a DevSecOps Engineer to join our global engineering team and help strengthen the security, reliability, and compliance posture of our cloud-native AML platform.
The ideal candidate has hands-on experience with Kubernetes-based environments, vulnerability management, secure CI/CD practices, Linux systems, and security tooling. This role requires strong technical ownership, a proactive security mindset, and the ability to collaborate effectively with engineering, DevOps, security, and global teams.
Key Responsibilities
- Identify, analyze, prioritize, and remediate security vulnerabilities, including CVEs in containers, application dependencies, and infrastructure components.
- Work closely with engineering and DevOps teams to fix vulnerabilities across CI/CD pipelines, container images, Kubernetes workloads, and cloud infrastructure.
- Support and secure Kubernetes environments, preferably Azure Kubernetes Service (AKS), with experience in OpenShift Container Platform (OCP) considered an advantage.
- Implement and maintain security controls across cloud-native platforms, including container security, image scanning, runtime security, and Kubernetes hardening.
- Work with Static Code Analysis / SAST tools to identify code-level security risks and help development teams remediate findings.
- Work with CSPM tools to detect and resolve cloud security misconfigurations.
- Automate security, compliance, and operational tasks using Bash and other scripting tools.
- Support secure software delivery processes, including CI/CD security gates, vulnerability scans, policy enforcement, and compliance checks.
- Collaborate with global teams across different time zones to support security initiatives, incident response, and platform improvements.
- Promote DevSecOps best practices and help embed security into the software development lifecycle.
Requirements
- Proven experience as a DevSecOps Engineer, DevOps Engineer with security focus, Cloud Security Engineer, or similar role.
- Hands-on experience handling CVEs, vulnerability remediation, patching, dependency upgrades, and risk prioritization.
- Strong experience with Kubernetes, preferably AKS; experience with OCP / OpenShift is a strong advantage.
- Strong hands-on experience with Linux systems, including troubleshooting, hardening, package management, permissions, services, networking, and logs.
- Solid experience writing and maintaining Bash scripts.
- Experience with Static Code Analysis tools such as SonarQube, Checkmarx, Veracode, Snyk Code, Semgrep, or similar.
- Experience with CSPM tools such as Prisma Cloud, Wiz, Microsoft Defender for Cloud, Orca, Lacework, or similar.
- Familiarity with container security tools and practices, including image scanning, base image management, secrets handling, and Kubernetes security policies.
Preferred Qualifications
- Experience working in a financial services, fintech, AML, compliance, or regulated SaaS environment.
- Familiarity with security standards and frameworks such as CIS Benchmarks, OWASP, NIST, ISO.
- Experience with Infrastructure as Code tools such as Terraform, Helm, Helmfile, Kustomize, or ArgoCD.
- Knowledge of SIEM, audit logging, and security monitoring platforms.
Personal Skills
- Strong team player with excellent collaboration skills.
- Able to work effectively with global and cross-functional teams.
- Proactive, responsible, and detail-oriented.
- Strong problem-solving skills and ability to drive issues to resolution.
- Good communication skills in English, both written and verbal.
- Security-minded approach with a willingness to learn and continuously improve.
