Abuse & Compliance Manager

About the Role

We are seeking a highly skilled and proactive Abuse & Compliance Manager with a strong background in security, DevOps, and system administration. In this role, you will be responsible for identifying and responding to abuse incidents, ensuring compliance with relevant regulations and internal policies, and supporting the infrastructure with system-level knowledge.

This role requires both investigative and technical capabilities, allowing you to work across compliance, infrastructure, and operations.

Key Responsibilities

• Monitor, investigate, and resolve abuse reports such as spam, phishing, malware, copyright violations, and unauthorized usage.
• Analyze logs and conduct IP tracing, DNS queries, and reputation checks.
• Work with third-party abuse reporting platforms such as: Spamhaus – Anti-spam blocklist service, AbuseIPDB – Crowd-sourced malicious IP database, ARIN (American Registry for Internet Numbers) – IP and ASN registry
• Ensure compliance with: GDPR (General Data Protection Regulation) – EU data protection law, DMCA (Digital Millennium Copyright Act) – US copyright law, CAN-SPAM – US law regulating commercial emails, AUP (Acceptable Use Policy) – Internal service usage guidelines
• Utilize security tools and automation such as: Fail2ban – Intrusion prevention tool, CSF (ConfigServer Security & Firewall) – Server firewall and security suite, ModSecurity / WAF (Web Application Firewall) – Protection against web-based attacks
• Implement and maintain abuse response and mitigation processes.
• Create internal documentation and compliance reports.
• Train internal teams on abuse handling and compliance best practices.
• Write and maintain automation scripts (Bash, Python, or equivalent).
• Support incident response processes and forensic investigations when needed.

Requirements

• Proven experience in abuse handling, compliance, and/or trust & safety roles.
• Strong knowledge of:
• Internet protocols: DNS, HTTP, SMTP
• Server log analysis
• Abuse types: spam, phishing, port scanning, brute force
• Familiarity with international compliance and data protection laws.
• Solid experience with Linux systems, security tools, and DevOps pipelines.
• Excellent verbal and written communication in English.
• Strong attention to detail and analytical thinking.
• Experience in incident response or cyber threat intelligence.
• Excellent communication, documentation, and stakeholder management skills.

Nice to Have

• Previous experience in abuse handling at:

-Hosting providers (shared/VPS/cloud environments)

-Domain registrars or CDN providers

• Familiarity with web hosting environments and tools.
• Understanding of common abuse cases in hosting
• Use CI/CD tools (e.g., GitHub Actions, Jenkins, GitLab CI) to integrate automated security checks.
• Manage and monitor Linux-based systems and cloud infrastructure.
• Configure and manage firewalls, access controls, and server hardening techniques.
• Analyze system logs and metrics to proactively identify vulnerabilities or suspicious behavior.