Senior DevSecOps Engineer

Codeway Dijital Hizmetler Anonim Şirketi

Job Overview

Location

Istanbul

Job Type

Full-time

Full Job Description

📋 Description

• As a Senior DevSecOps Engineer at Codeway, you will be at the forefront of integrating robust security practices into our rapidly evolving software development lifecycle. You will play a pivotal role in fostering a security-first mindset across our engineering teams, ensuring that the integrity, confidentiality, and availability of our global consumer tech products and user data are paramount. This is an opportunity to make a significant impact on a company that has achieved over 400 million users worldwide and is recognized as the most downloaded app publisher on iOS in 2024, driven by cutting-edge AI research and data-driven execution.
• Your primary responsibility will be to architect, implement, and maintain security solutions that are seamlessly embedded within our development and deployment pipelines. This involves proactively identifying and mitigating potential vulnerabilities before they can impact our users or systems. You will be instrumental in building secure-by-design applications and infrastructure, contributing directly to Codeway's reputation for innovation and reliability.
• A key aspect of this role is driving security awareness and education. You will develop and deliver comprehensive training programs for our development and operations teams, equipping them with the knowledge and skills to adopt secure coding practices and understand the importance of security in every deployment. This proactive approach to security culture is essential for scaling our operations securely.
• You will be responsible for establishing and rigorously enforcing security policies, standards, and procedures. These guidelines will be designed to align with industry best practices and meet stringent regulatory requirements, ensuring Codeway remains compliant and trustworthy in an increasingly complex digital landscape.
• Proactive vulnerability management will be a core function. This includes orchestrating regular security assessments, conducting in-depth vulnerability scanning, and coordinating penetration testing efforts. Your findings will directly inform remediation strategies, ensuring that our systems are continuously hardened against emerging threats.
• In the event of a security incident, you will take the lead in coordinating the response. This involves ensuring swift and effective resolution, conducting thorough post-incident investigations, and implementing measures to prevent recurrence, thereby minimizing any potential impact on our users and business operations.
• You will contribute significantly to the design and implementation of secure cloud architectures. This encompasses defining and enforcing security best practices for network security, identity and access management (IAM), data encryption, and overall data protection strategies across our cloud environments, likely including Google Cloud and AWS.
• A critical part of your role will be the seamless integration of security tools and practices into our CI/CD pipelines. This automation is key to enabling continuous security testing, ensuring that code is secure before it is deployed, and maintaining the agility of our development processes without compromising security.
• You will be tasked with setting up and maintaining advanced security monitoring and logging solutions. The goal is to enable real-time detection of and rapid response to potential security threats, providing visibility into our security posture and enabling proactive threat hunting.
• Ensuring compliance with relevant legal and regulatory frameworks, such as GDPR and any other applicable data privacy regulations, will be a crucial responsibility. You will work to embed these requirements into our operational processes and technical controls.
• Collaboration is fundamental to this role. You will work closely with DevOps engineers, product managers, software developers, and other stakeholders to ensure that security is not an afterthought but an integral part of every stage of the software development lifecycle, from initial concept to production deployment and ongoing maintenance.
• You will leverage your expertise to secure our extensive mobile application portfolio, addressing specific challenges related to mobile APIs, understanding and mitigating OWASP Mobile Top 10 risks, and promoting secure mobile development practices across our product teams.
• Your contributions will directly support Codeway's mission to build the next generation of consumer tech and reimagine what mobile apps can be, ensuring that our rapid growth is underpinned by a strong and resilient security foundation.

🎯 Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum 5-8 years of experience in cloud security engineering or a related DevSecOps role.
• Proven experience with public cloud platforms (Google Cloud, AWS) and strong understanding of Kubernetes security.
• Demonstrated experience in mobile application security, including securing mobile APIs, OWASP Mobile Top 10 risks, and mobile secure development practices.
• Familiarity with security tools and platforms (e.g., SIEM, IDS/IPS, vulnerability scanners) and proficiency in scripting and automation (e.g., Python, Bash).

🏖️ Benefits

• Accredited “BEST WORKPLACES” environment, ranked first among all workplaces.
• Competitive compensation package and meal compensation.
• Full health benefits including unlimited private health insurance and HPV vaccine coverage.
• Pet adoption support covering primary healthcare expenses, parasite vaccinations, and microchip costs for the first year.
• Comprehensive well-being support through Meditopia, offering free psychological counseling, dietitian, personal trainer, and more.
• Flexible schedule, unlimited vacations, and a top-notch office located at Ferko Signature, Istanbul.
• Training budget, unlimited Udemy subscription, and English course support.
• Cool tech stack including Macbook, iPhone 15 Pro, adjustable desk with 4K screen, and any other necessary gadgets.
• Support for sport activities (gym membership), public transportation, and a one-time grant for new parents.
• Unique office perks like Codebrew coffee shop, free breakfast, happy hours, gaming area, and a massage room.

Skills & Technologies

Python

AWS

GCP

Kubernetes

Terraform

Senior

Onsite

Degree Required

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Codeway Dijital Hizmetler Anonim Şirketi

Visit Website

About Codeway Dijital Hizmetler Anonim Şirketi

Codeway is a Turkish mobile app studio that develops and publishes consumer utility and entertainment applications. Founded in 2019 and headquartered in Istanbul, the company creates AI-driven tools, hyper-casual games and lifestyle apps distributed globally on iOS and Android. Its portfolio includes face animation, photo enhancement, chatbot and casual gaming titles that have reached hundreds of millions of downloads. Codeway handles end-to-end product development, growth marketing and data analytics in-house, operating a subscription-based revenue model across multiple apps while continuously testing new concepts and optimizing user engagement metrics.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.