DevSecOps Engineer

About SpotOn
 
We're not just building restaurant tech—we're giving independent restaurants the tools to compete and win. From our award-winning point-of-sale to AI-powered profit tools, everything we do helps operators boost profit, work smarter, and keep their best people. And every solution is backed by real humans who actually give a sh*t about helping restaurants succeed.

• Named the #1 Restaurant POS by G2 (Fall 2025), based on ratings from real users
• Rated the top-rated point-of-sale (POS) for restaurants, bars, retail, and small businesses by Capterra users
• Awarded Great Places to Work and Built In's Best Workplaces for multiple years running

We move fast, care hard, and fight for independent restaurant operators to do what they love, and love doing it. If you're looking to make an impact with heart and hustle, SpotOn is the place for you.

On a daily basis you will:

• Design, implement, and maintain AWS security controls and infrastructure using Terraform.
• Manage AWS Identity & Access Management (IAM) policies, roles, and permissions for least privilege. 
• Configure and monitor AWS-native security services (GuardDuty, Security Hub, WAF, CloudTrail). 
• Build and manage Zscaler configurations as code to enforce Zero Trust principles. 
• Build and manage Okta configurations as code for policies, groups, and application integrations. 
• Detect and remediate cloud misconfigurations, ensuring compliance with frameworks such as SOC 2 and PCI DSS. 
• Support incident response by providing visibility into AWS resources and logs.

What skill are we looking for?

• Strong experience with AWS services (IAM, VPC, EC2, S3, Lambda, WAF).
• Willing to come into our Kraków or Gdańsk office 2-3 times per week.
• Experience writing and maintaining infrastructure-as-code for AWS and Okta (Terraform Okta provider or similar). 
• Knowledge of cloud security best practices and compliance frameworks (SOC 2 and PCI). 
• Familiarity with monitoring/logging (CloudWatch, Grafana, SIEM).
• Experience managing Zscaler policies as part of enterprise security architecture. 
• Strong problem-solving skills and ability to collaborate with cross-functional teams. 
• Experience with automation and scripting (Python, Go, or similar).

Here's a bit about what we have to offer:

• Competitive pay: PLN net on B2B; PLN gross on CoE.
• Training budget 3500 PLN gross per year.
• Access to e-learning platforms (O'Reilly).
• Fully paid private healthcare in LuxMed.
• Access to the Worksmile platform with a monthly top-up.
• Subsidized access to breakfast and lunch through the vending machine in Kraków office, and lunches in Gdańsk office once a week.
• Group English classes with a native speaker.
• New Macbook Pro, 4K monitors or whatever tools you need.
• Flexible working hours.
• New, modern, bright and comfortable office space in the city centre.
• A lot of free parking spots around the office.
• Access to the company's library.
• Great working atmosphere.
• Chill out room with a PlayStation and games.
• Free snacks and beverages in a kitchen.
• Company parties and social activities.
• Employee referral program.
• Relocation Package within Poland.

The controller of your personal data included in your job offer and others collected during the recruitment process is SpotOn Poland spółka z ograniczoną odpowiedzialnością with its registered office in Kraków, Aleja 29 listopada 20, Kraków, e-mail address:
poland- We will process your personal data for the purpose of current or, if you voluntarily agree, also future recruitment processes. More information about how we proccess your data, including the basis for processing and your rights in relation to the processing, can be found on our website:

Administratorem podanych danych osobowych, w tym danych zawartych w dokumentach aplikacyjnych i zebranych w toku procesu rekrutacji, jest SpotOn Poland Sp. z o.o. z siedzibą w Krakowie (ul. Aleja 29 listopada 20, Kraków; adres e-mail do kontaktu:
poland- Dane osobowe będą przetwarzane w celu realizacji obecnych lub – jeżeli wyrazisz na to dobrowolną zgodę – także przyszłych procesów rekrutacji. Więcej informacji o tym, jak przetwarzamy Twoje dane, w tym także informacje o podstawach prawnych przetwarzania oraz o prawach przysługujących Ci w związku z przetwarzaniem danych, znajdziesz na stronie:

SpotOn is an equal employment opportunity employer. Qualified candidates are considered for employment without regard to race, religion, gender, gender identity, sexual orientation, national origin, age, military or veteran status, disability, or any other characteristic protected by applicable law.

SpotOn is an e-verify company.

---