Job Description

ThetaRay provides AI-driven anti-financial crime technology used by global banks and fintechs to detect money laundering and financial crimes.

Our Madrid office is a key R&D hub with 50+ team members across engineering, data, and customer delivery, working closely with strategic customers across the region.

We are looking for a DevSecOps Engineer to join our global engineering team and help strengthen the security, reliability, and compliance posture of our cloud-native AML platform.

The ideal candidate has hands-on experience with Kubernetes-based environments, vulnerability management, secure CI/CD practices, Linux systems, and security tooling. This role requires strong technical ownership, a proactive security mindset, and the ability to collaborate effectively with engineering, DevOps, security, and global teams.

Key Responsibilities

• Identify, analyze, prioritize, and remediate security vulnerabilities, including CVEs in containers, application dependencies, and infrastructure components.
• Work closely with engineering and DevOps teams to fix vulnerabilities across CI/CD pipelines, container images, Kubernetes workloads, and cloud infrastructure.
• Support and secure Kubernetes environments, preferably Azure Kubernetes Service (AKS), with experience in OpenShift Container Platform (OCP) considered an advantage.
• Implement and maintain security controls across cloud-native platforms, including container security, image scanning, runtime security, and Kubernetes hardening.
• Work with Static Code Analysis / SAST tools to identify code-level security risks and help development teams remediate findings.
• Work with CSPM tools to detect and resolve cloud security misconfigurations.
• Automate security, compliance, and operational tasks using Bash and other scripting tools.
• Support secure software delivery processes, including CI/CD security gates, vulnerability scans, policy enforcement, and compliance checks.
• Collaborate with global teams across different time zones to support security initiatives, incident response, and platform improvements.
• Promote DevSecOps best practices and help embed security into the software development lifecycle.

Requirements

• Proven experience as a DevSecOps Engineer, DevOps Engineer with security focus, Cloud Security Engineer, or similar role.
• Hands-on experience handling CVEs, vulnerability remediation, patching, dependency upgrades, and risk prioritization.
• Strong experience with Kubernetes, preferably AKS; experience with OCP / OpenShift is a strong advantage.
• Strong hands-on experience with Linux systems, including troubleshooting, hardening, package management, permissions, services, networking, and logs.
• Solid experience writing and maintaining Bash scripts
• Experience with Static Code Analysis tools such as SonarQube, Checkmarx, Veracode, Snyk Code, Semgrep, or similar.
• Experience with CSPM tools such as Prisma Cloud, Wiz, Microsoft Defender for Cloud, Orca, Lacework, or similar.
• Familiarity with container security tools and practices, including image scanning, base image management, secrets handling, and Kubernetes security policies.

Preferred Qualifications

• Experience working in a financial services, fintech, AML, compliance, or regulated SaaS environment.
• Familiarity with security standards and frameworks such as CIS Benchmarks, OWASP, NIST, ISO.
• Experience with Infrastructure as Code tools such as Terraform, Helm, Helmfile, Kustomize, or ArgoCD.
• Knowledge of SIEM, audit logging, and security monitoring platforms.

Personal Skills

• Strong team player with excellent collaboration skills.
• Able to work effectively with global and cross-functional teams.
• Proactive, responsible, and detail-oriented.
• Strong problem-solving skills and ability to drive issues to resolution.
• Good communication skills in English, both written and verbal.
• Security-minded approach with a willingness to learn and continuously improve.