Overview

We are looking for a hands-on Senior DevSecOps Engineer dedicated to closing security gaps across the Azure cloud environment. In this technical position, you will concentrate on vulnerability remediation, AKS hardening, and network isolation through private connectivity and automated pipelines to reinforce our overall cloud security posture.

Responsibilities

  • Address security recommendations within Microsoft Defender for Cloud and apply technical fixes (patching, config changes, policy deployments) to raise the Azure Secure Score
  • Strengthen Azure Kubernetes Service (AKS) clusters by applying CIS Benchmarks
  • Deploy Kubernetes Network Policies to limit pod-to-pod communication
  • Enforce identity security through Managed Identities, OIDC, and Entra ID integration
  • Maintain and remediate Kubernetes YAML manifests, making sure Pod Security Standards (PSS) and resource limits are applied
  • Protect Azure Container Registry (ACR) by configuring Private Endpoints, disabling public access, and handling image signing via Content Trust
  • Configure lifecycle policies that automatically purge vulnerable or outdated container images
  • Integrate security scanning (SAST/SCA) into Azure DevOps CI/CD pipelines
  • Use Infrastructure as Code (Terraform, Bicep, or ARM) to automate the rollout of secure network patterns and NSG rules
  • Administer Network Security Groups (NSGs) and ASGs following the principle of least privilege
  • Roll out and manage Azure Private Links and Private Endpoints so PaaS services (SQL, Storage, Key Vault, Cosmos DB) remain off the public internet
  • Resolve "Public Access Enabled" alerts by shifting resources to private networking backbones

Requirements

  • 4+ years of experience with the Azure Cloud Platform
  • Proficiency in Microsoft Defender for Cloud, Azure WAF, and Azure Key Vault
  • Expertise in Azure Pipelines and ACR Management, including integrating automated security gates (SAST/SCA/IaC Scanning) into Azure DevOps CI/CD pipelines
  • Hands-on background in AKS and ACR security
  • Strong skills in PowerShell or Azure CLI for bulk remediation tasks
  • Understanding of VNet Peering, NSG/UDR configuration, and Private Endpoint implementation
  • Capability to author and remediate Terraform or Bicep code
  • English proficiency at a B2 level to support clear communication and documentation

Nice to have

  • Certifications: AZ-500 (Azure Security Engineer Associate) and AZ-400 (Azure DevOps Engineer)

Ukraine

With us you can:

  • Work on a flexible schedule remotely or from any of our comfortable offices or coworking spaces in Ukraine
  • Receive the necessary equipment to perform your work tasks
  • Change projects and technology stacks within EPAM
  • Gain experience in various business domains (Insurance, E-commerce, Healthcare, Finance, Travelling, Media, Artificial Intelligence, and more)
  • Relocation opportunities may be available for eligible candidates, depending on the role and openings at other EPAM locations
  • Participate in volunteer, charity programs and communities (both technical and interest-based)

We focus on your professional growth:

  • You can plan your individual career path together with your manager
  • Receive regular feedback from colleagues
  • Improve your English for free with certified teachers (Speaking Clubs, client interview preparation courses, etc.)
  • Get the opportunity to undergo free training and certification in AWS, GCP, or Azure Clouds
  • Use the internal E-learn training program (18,200+ specialized training and mentoring programs)
  • Access corporate accounts on LinkedIn Learning, Get Abstract and other partner resources
  • Study at EPAM Solution Architecture School with the instructors who are practicing architects
  • Develop as a leader, join Delivery Management, Resource Management, Leadership Essentials school and more
  • Participate in internal communities (500+ meetups, technical discussions, brainstorming sessions, online events and conferences annually)

What we offer:

  • Vacation and sick leave (including a sick leave without a medical certificate)
  • A wide range of Voluntary Medical Insurance programs providing both medical treatment and various preventive options (including sports activities)
  • Medical insurance for family members at corporate rates
  • Company support during significant life events (childbirth or adoption, marriage, etc.)
  • Support for psychological comfort: discounts on services from mental health specialists or coaches, thematic training
  • E-kids program - a free programming language training program for EPAMers' children

[epamgdo] Ukraine (Remote)

Kindly note that this role supports remote work, but only from within Ukraine.

[epamgdo] Ukraine (benefits may differ)

Kindly be advised that the set of benefits, including learning, certification, and other opportunities, may vary depending on the role you apply for. Our recruiter will be able to share more details about the specific opportunity during your general interview.

[epamgdo] Ukraine (About EPAM)

EPAM strives to provide its global team of over 62,350 professionals in more than 55 countries with opportunities for professional growth from day one of collaboration. Our colleagues are the source of EPAM's success, so we value cooperation, strive to always understand our clients' business and aim for the highest quality standards. No matter where you are, you will join a dedicated, diverse community that will help you realize your potential to the fullest.