DevSecOps Engineer

ThetaRay provides AI-driven anti-financial crime technology used by global banks and fintechs to detect money laundering and financial crimes. Our Madrid office is a key R&D hub with 50+ team members across engineering, data, and customer delivery, working closely with strategic customers across the region. We are looking for a DevSecOps Engineer to join our global engineering team and help strengthen the security, reliability, and compliance posture of our cloud-native AML platform. The ideal candidate has hands-on experience with Kubernetes-based environments, vulnerability management, secure CI/CD practices, Linux systems, and security tooling. This role requires strong technical ownership, a proactive security mindset, and the ability to collaborate effectively with engineering, DevOps, security, and global teams. Key Responsibilities Identify, analyze, prioritize, and remediate security vulnerabilities, including CVEs in containers, application dependencies, and infrastructure components. Work closely with engineering and DevOps teams to fix vulnerabilities across CI/CD pipelines, container images, Kubernetes workloads, and cloud infrastructure. Support and secure Kubernetes environments, preferably Azure Kubernetes Service (AKS), with experience in OpenShift Container Platform (OCP) considered an advantage. Implement and maintain security controls across cloud-native platforms, including container security, image scanning, runtime security, and Kubernetes hardening. Work with Static Code Analysis / SAST tools to identify code-level security risks and help development teams remediate findings. Work with CSPM tools to detect and resolve cloud security misconfigurations. Automate security, compliance, and operational tasks using Bash and other scripting tools. Support secure software delivery processes, including CI/CD security gates, vulnerability scans, policy enforcement, and compliance checks. Collaborate with global teams across different time zones to support security initiatives, incident response, and platform improvements. Promote DevSecOps best practices and help embed security into the software development lifecycle. Requirements Proven experience as a DevSecOps Engineer, DevOps Engineer with security focus, Cloud Security Engineer, or similar role. Hands-on experience handling CVEs, vulnerability remediation, patching, dependency upgrades, and risk prioritization. Strong experience with Kubernetes, preferably AKS; experience with OCP / OpenShift is a strong advantage. Strong hands-on experience with Linux systems, including troubleshooting, hardening, package management, permissions, services, networking, and logs. Solid experience writing and maintaining Bash scripts. Experience with Static Code Analysis tools such as SonarQube, Checkmarx, Veracode, Snyk Code, Semgrep, or similar. Experience with CSPM tools such as Prisma Cloud, Wiz, Microsoft Defender for Cloud, Orca, Lacework, or similar. Familiarity with container security tools and practices, including image scanning, base image management, secrets handling, and Kubernetes security policies. Understanding of cloud security concepts, IAM, networking, encryption, logging, monitoring, and compliance. Experience working in CI/CD environments such as Azure DevOps, GitHub Actions, GitLab CI, Jenkins, or similar. Preferred Qualifications Experience working in a financial services, fintech, AML, compliance, or regulated SaaS environment. Familiarity with security standards and frameworks such as CIS Benchmarks, OWASP, NIST, ISO. Experience with Infrastructure as Code tools such as Terraform, Helm, Helmfile, Kustomize, or ArgoCD. Experience with container registries and artifact management tools. Experience with runtime security, admission controllers, Kubernetes policies, or policy-as-code tools such as OPA/Gatekeeper or Kyverno. Knowledge of SIEM, audit logging, and security monitoring platforms. Personal Skills Strong team player with excellent collaboration skills. Able to work effectively with global and cross-functional teams. Proactive, responsible, and detail-oriented. Strong problem-solving skills and ability to drive issues to resolution. Good communication skills in English, both written and verbal. Security-minded approach with a willingness to learn and continuously improve.