דרושים » מחשבים ורשתות » Senior SecDevOps Engineer

We are seeking a highly motivated and experienced SecOps Engineer to join our dynamic security team. In this role, you will be responsible for ensuring and enhancing the overall security posture of our cloud-native environment. Your responsibilities will include monitoring security systems, detecting and responding to incidents, and automating key security operations tasks. You will collaborate closely with other members of the security team, as well as development and operations teams, to ensure a secure and resilient infrastructure.
What am I going to do?
Security Tool Management: Configure and optimize security tools to ensure maximum visibility and effectiveness.
Security Monitoring: Continuously monitor logs and alerts from security platforms (e.g., SIEM, IDS/IPS, EDR, and cloud monitoring tools) to identify potential incidents.
Threat Detection & Analysis:Investigate security events and alerts to identify threats and vulnerabilities, prioritizing remediation efforts.
Incident Response:Support the incident response process, including containment, eradication, and recovery, under the guidance of the Incident Response Manager.
Vulnerability Management (Infrastructure): Conduct vulnerability scans and coordinate the remediation of findings across infrastructure components, including servers, networks, and cloud services.
Cloud Security Monitoring: Oversee the security posture of cloud environments (AWS, GCP) and respond to cloud-specific security incidents.
Security Automation: Automate recurring security operations tasks such as vulnerability scanning, incident triage, and configuration management.
Cross-Team Collaboration: Partner with development, operations, and security stakeholders to implement and maintain effective security controls.
Security Processes: Develop and refine processes to keep the team updated on evolving cybersecurity threats, technologies, and best practices.
Tooling & Innovation: Research and integrate new security tools and technologies to enhance our overall security capabilities.

we are seeking a seasoned DevSecOps Engineer with deep expertise in AWS and GCP cloud infrastructure to join our growing security team. In this role, you will take the lead in safeguarding, designing, automating, and supporting the security of our companys cloud-native and IT environments.
As a key contributor to our cloud security strategy, you will conduct security assessments, manage vulnerabilities, and drive detection and response activities across our environments. You'll collaborate closely with our software development and DevOps teams to secure our CI/CD pipelines, production infrastructure, and core platform.
Additionally, you'll work alongside DevOps and IT teams to protect our companys scalable marketplace backend and massive data processing pipelinehandling billions of daily events and supporting hundreds of microservices.
What am I going to do?
CI/CD Security: Design, build, and maintain secure CI/CD pipelines with integrated automated security testing (e.g., SAST, DAST, SCA, container scanning) for our company's broad range of applications and services.
Threat Modeling & Risk Mitigation: Lead security reviews and threat modeling efforts across CI/CD and production environments, identifying and addressing risks to our companys products and supporting services.
Infrastructure as Code (IaC) Security: Define and implement best practices for secure IaC (e.g., Terraform, Ansible), including static analysis, misconfiguration detection, and compliance validation.
Container Security: Deploy and manage security solutions for containerized environments, focusing on secure image management, runtime protection, and policy enforcement.
Secrets Management: Establish and manage secure secrets management infrastructure (e.g., HashiCorp Vault or equivalent platform-agnostic solutions) across DevOps workflows.
Security Automation: Automate key security operations, including vulnerability scanning, compliance auditing, configuration checks, and incident response playbooks.
Cross-Functional Collaboration: Partner with DevOps and engineering teams to embed security into the development lifecycle, offering hands-on guidance and secure coding best practices.
Tooling & Innovation: Evaluate, implement, and maintain modern security tools to bolster our companys DevSecOps capabilities, with an emphasis on automation and operational efficiency.
Compliance & Governance: Ensure development and deployment workflows align with applicable security standards, corporate policies, and regulatory requirements.
Incident Handling: Contribute to security incident investigations and response activities.
Training & Enablement: Educate and train internal stakeholders on cloud infrastructure and IT security best practices.

We are seeking an experienced DevSecOps Engineer to secure and automate our cloud environments. In this role, youll ensure our production environment meets top security standards while integrating cutting-edge technologies. You'll implement security initiatives, drive automation in CI/CD pipelines, and collaborate with development and operations teams. Your expertise in AWS security services and DevSecOps practices will be crucial for enhancing our cloud security and managing incident response
Role:
Collaborate with a dynamic team of DevSecOps professionals to enhance and maintain robust platform security.
Assist in the design, implementation, and monitoring of comprehensive security solutions to protect our systems and data.
Contribute to the development and deployment of advanced solutions to automate security tool integration and enhance overall security posture.
Help implement robust information security controls and patterns to support risk assessments and the creation of secure architectures.
Collaborate with Product & Data Security, Engineering, and DevOps teams to define and execute security strategies and initiatives.
Participate in efforts to establish and enforce security best practices and standards across the development lifecycle.
Engage in learning opportunities and seek guidance from team members to foster professional growth and skill development.

We are looking for a Product Security Specialist with a strong background in cloud-native applications and DevOps practices to help secure our products throughout the software development lifecycle. You will partner with engineering and DevOps teams to identify risks, improve resilience, and embed security into every phase of the product pipeline.
This role is ideal for someone who thrives at the intersection of security and engineering and is passionate about securing modern, scalable applications.
Key Responsibilities:
Security Risk Analysis: Evaluate new features, services, and architectural changes for potential security risks in cloud-native environments (e.g., Kubernetes, serverless, microservices).
Threat Modeling: Lead and facilitate threat modeling sessions with engineering teams to identify potential risks and mitigation strategies early in the design process.
Security Review & Assessment: Conduct in-depth security reviews of cloud infrastructure, CI/CD pipelines, and application designs.
Vulnerability & Patch Management: Collaborate with DevOps and SRE teams to monitor vulnerabilities, manage security patches, and improve response times across containers, runtimes, and third-party libraries.
Security Automation & Scanning: Integrate and analyze results from automated security tools (e.g., SAST, DAST, SCA) in CI/CD pipelines, and guide teams on remediation.
DevSecOps Enablement: Champion secure coding and DevSecOps practices by working closely with developers and DevOps teams to implement security controls as code.

As a Senior DevSecOps Engineer, you'll tackle complex security challengesfrom securing our cloud infrastructure to optimizing security controlscrafting inventive strategies that drive operational efficiency across our expanding systems. You'll work closely with cross-functional teams to shape and implement security practices that ensure the safety and compliance of our business. If you thrive on ownership, collaboration, and pushing security boundaries in a dynamic environment, this role offers an opportunity to make a significant impact.

You will be responsible for:

Securing and optimizing our cloud services, with a primary focus on AWS, to ensure robust security and compliance.
Following alignment with industry security best practices for DevOps services and tools.
Supporting and enhancing our monitoring and alerting systems to detect and respond to threats together with our ProdSec team.
Developing and implementing threat detection strategies to identify and mitigate potential risks.
Automating the deployment of security controls to ensure consistent and scalable protection.
Acting as a focal point for security and compliance-related queries and strategies within the DevSecOps team in our DevOps group, driving smarter security decisions that align with business goals.

Required DevSecOps Solution Engineer
As the DevSecOps Solution Engineer, you will be instrumental in driving the security aspects of software development and distribution for some of the world's leading organizations. Your role will focus on delivering hands-on presales support and Proof of Concept (POC) implementations, ensuring that our clients can seamlessly integrate our security solutions into their DevSecOps practices. You will work closely with a dynamic team and collaborate across departments to enhance the security posture of our clientele.
As a DevSecOps Solution Engineer you will...
Deliver POCs and Hands-On Support:
Lead the technical delivery of security-focused POC projects, demonstrating the value and functionality of our security solutions.
Provide hands-on technical assistance to clients, ensuring successful integration and deployment of security features within their existing DevOps workflows.
Provide project management through the POC process, ensuring timely delivery and alignment with client expectations.
Technical Expertise and Guidance:
Act as a subject matter expert in DevSecOps, guiding clients and internal teams on best practices for integrating security into the software development lifecycle.
Develop and maintain standardization guides and documentation to ensure consistent implementation of security practices across projects.
Create and maintain a technical best practices repository, including security playbooks and implementation guides for both internal teams and clients.
Collaboration and Communication:
Work closely with the sales team to understand client requirements and tailor security solutions to meet their specific needs.
Collaborate with product management, R&D, and marketing teams to ensure alignment and support for our security solutions.
Strategize with Customer Success to ensure smooth customer onboarding
Gather and consolidate product feedback from clients and share insights with the product development team to drive continuous improvement.
Training and Enablement:
Provide training sessions and workshops for clients and internal teams to enhance their understanding of our security solutions and best practices in DevSecOps.
Develop and deliver enablement programs and materials, including a skills matrix, to ensure customers and partners are proficient in using our security features.
Create and maintain a demo repository to facilitate effective demonstrations and training.