דרושים » מחשבים ורשתות » SRE Security

Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

Our company is built around continuously improving our ability to introduce new customers to our products and wow them with exceptional experiences through the shopping and post-purchase journey. We love to use data and metrics to drive our decisions while keeping in mind that customers dont speak in numbers and that each one should be treated as a member of our family. Oh, and by the way, youll get to work with a diverse group of experts around the globe. You can expect a hard-working team of people who understand how to create meaningful connections and get great work done virtually - its in our nature!

What we do:

Our DevOps team is responsible for the Resident platforms end-to-end, from cloud infrastructure to production delivery. We build and operate the systems that enable engineering teams to move fast and safely, while ensuring high standards of reliability, security, performance, and scalability. Through automation, strong architecture, and secure-by-design practices, we continuously improve how we deploy, monitor, and protect our production environments.

What you will be doing:

As the sole DevSecOps owner within the DevOps team, you will take end-to-end responsibility for improving the security of our cloud and production environments. You will design and implement security controls across AWS/GCP- from hardening infrastructure and securing Kubernetes to ensure our platform stays secure as it scales.

You will work closely with cross-functional teams such as DevOps, R&D, Product, and Data to embed security into the way we build software. This role is ideal for someone who wants to make a real impact, takes ownership of cross-team initiatives, is curious and eager to learn, and enjoys driving improvements that raise the security bar across the company.

This is a hybrid role, requiring 2 days per week at our R&D site in Tel Aviv.

Responsibilities:
Architect, implement, and maintain a strong security posture across cloud environments (AWS / GCP), aligned with best practices (CIS Benchmarks, Well-Architected Framework)
Own and integrate automated security controls into CI/CD pipelines (SAST, DAST, SCA, container scanning), including tuning to reduce noise and enforce policy gates
Secure Infrastructure as Code (IaC) and harden servers, services, and Kubernetes clusters
Design and manage IAM, roles, policies, and secrets management to enforce Least Privilege
Lead security initiatives around emerging technologies, including AI models, LLM integrations, and data pipelines
Continuously monitor and drive remediation of vulnerabilities and security findings across the stack
Partner with Developers and Data Engineers to embed security into the SDLC and strengthen security culture
Support security operations, including incident response and root cause analysis

Required DevSecOps
About the Role:
As a DevSecOps engineer you will be a part of our DevOps group and play a critical role in designing and implementing application and infrastructure security programs that will make sure that our systems continue to be secure and compliant with our clients high bar.
You will work closely with developers and DevOps engineers to help identify and remediate application and infrastructure security issues.
What youll do:
Implement an application security program
Design and implement security automation and controls within CI/CD pipelines utilizing SAST, DAST and SCA tools
Collaborate on architecture reviews, threat modeling, and developer security training sessions to elevate AppSec maturity
Implement an infrastructure security program
Integrate and implement CSPM controls within a high scale cloud environment.
Own strategy for security in IAM, secret management and similar security-critical components
Own security training and review for DevOps teams.
Orchestrate execution of penetration testing on infrastructure and application and a bug bounty program
Own compliance processes within DevOps
Build and continuously improve SOC2 compliance processes and audit readiness tooling
Lead technical responses for internal and external audits, working closely with GRC, engineering, and cloud teams to resolve gaps and strengthen security posture.​

We are looking for a DevSecOps Engineer to join our amazing Security Cloud Engineering team. We are developing our revolutionary runtime engine and transforming the online experience for hundreds of millions of users. We are looking for people who are passionate about leading technology to the extreme.

As part of the Security Cloud Engineering team, youll do the following:
Promote a strong security culture using security-driven awareness and best practices for continual security improvement across the business.
Ensure that security countermeasures, mitigations, and containment strategies are implemented on both infrastructure and applications.
Leverage AI within the DevOps and DevSecOps landscapes to maximize security ROI while driving innovation across the global company.
Secure and optimize our cloud services, to ensure robust security and compliance.
Establish and enforce DevSecOps best practices within our CI/CD pipelines and automation processes.
Automate the deployment of security controls and processes to ensure consistent and scalable protection for all security layers.
Develop and implement strategies for proactive threat detection and risk mitigation.
Collaborate with Security, Engineering, and DevOps teams to define and execute security strategy.

As a DevOps Experience Manager at Fiverr, you will lead our DevEx team with a specific focus on optimizing the end-to-end journey of our software engineers. Your mission is to build and maintain a scalable, secure, and intuitive internal developer platform that minimizes friction and maximizes productivity. You will drive the adoption of modern DevEx practices, ensuring a seamless alignment between engineering workflows, developer satisfaction, and operational excellence. This leadership role requires a balance of hands-on technical expertise and strategic vision, empowering your team to deliver high-quality platform solutions in a fast-paced environment. You will shape Fiverr’s developer productivity strategy - optimizing the "inner loop," enhancing system reliability, and implementing innovative technologies, including Generative AI-driven automation , to provide developers with better self-service capabilities and insights.

What am I going to do?:
Lead and mentor a team of engineers dedicated to developer productivity, fostering a culture of ownership and continuous improvement. Design and implement scalable, secure, and cost-efficient developer platforms and architectures that simplify the path to production. Evaluate and adopt emerging tools and best practices to enhance the developer experience and overall product quality. Drive standards of Infrastructure as Code, comprehensive observability, and automated testing to create a "paved road" for development teams. Monitor productivity metrics and infrastructure reliability, providing data-driven insights to leadership on how to improve engineering velocity. Guide the team in applying GenAI-native tools to automate documentation, provide self-service support for developers, and optimize performance. Partner with cross-functional leaders to influence architecture and development workflows, ensuring the platform meets the needs of all engineering teams. Hire and continue to build the team Report to the VP of Cloud Engineering , contributing to Fiverr's long-term technology roadmap for developer empowerment.

Equal opportunities:
At Fiverr, we’re not about checklists. If you don’t meet 100% of the requirements for this role but still feel passionate about the position and think you have the right skills and qualifications to excel at it, we want to hear from you. At Fiverr, we prioritize diversity. We celebrate difference and embed it into every aspect of our workplace and product, as well as our community. Fiverr is proud and committed to providing equal opportunity employment to all individuals regardless of race, color, religion, sex, sexual orientation, citizenship, national origin, disability, Veteran status, or any other characteristic protected by law. In addition, Fiverr will provide accommodation to individuals with disabilities or a special need.

The DevOps Engineer builds, automates, and operates cloud‑native infrastructure across AWS and Red Hat OpenShift, enabling scalable, secure, and reliable application delivery. This role combines hands‑on platform engineering, CI/CD automation, container orchestration, and the integration of AI‑powered tools for observability, anomaly detection, and operational efficiency. The engineer collaborates closely with development, security, and SRE teams to streamline deployments and improve system resilience.
Core Responsibilities
Cloud & Platform Engineering
Design, deploy, and maintain cloud‑native infrastructure on AWS (EC2, VPC, IAM, EKS, S3, RDS, Lambda).
Operate and optimize Red Hat OpenShift clusters, including cluster upgrades, operator management, and workload orchestration.
Implement Infrastructure‑as‑Code using Terraform, CloudFormation, or Ansible.
Build secure, scalable network architectures including VPC design, load balancing, service mesh, and ingress/egress controls.
CI/CD & Automation
Develop and maintain CI/CD pipelines using GitHub Actions, GitLab CI, Jenkins, or Argo Workflows.
Automate build, test, and deployment workflows for microservices and containerized applications.
Implement GitOps practices using Argo CD or Flux.
Create reusable automation modules and scripts in Python, Bash, or Go.
Containers & Kubernetes
Manage containerized workloads using Docker, Kubernetes, and OpenShift Operators.
Configure namespaces, RBAC, secrets, ConfigMaps, and resource quotas.
Troubleshoot cluster performance, networking, and scheduling issues.
Support service mesh technologies (Istio, Linkerd) when applicable.
AI‑Driven Operations
Integrate AI/ML‑based tools for monitoring, anomaly detection, predictive scaling, and automated remediation.
Work with data and platform teams to operationalize AI/ML pipelines on Kubernetes or OpenShift.
Evaluate emerging AI‑Ops platforms and contribute to automation strategies.
Observability & Reliability
Implement monitoring, logging, and tracing using Prometheus, Grafana, ELK, Loki, CloudWatch, or Datadog.
Build alerting, dashboards, and SLO‑based reliability metrics.
Participate in on‑call rotations and incident response, driving root‑cause analysis and long‑term fixes.
Security & Compliance
Apply DevSecOps practices including image scanning, secrets management, and policy enforcement.
Work with security teams to implement IAM best practices, encryption, and compliance controls.
Integrate tools such as Vault, OPA/Gatekeeper, or Kyverno.

Required DevSecOps Engineer
as a DevSecOps Engineer in the company's internal platform engineering team (ipe), youll play a pivotal role in ensuring the company's infrastructure and applications are resilient, scalable, and secure.
in your day-to-day, you will:
build and set up infrastructure for various internal uses using iac (terraform, terragrunt)
automate and improve development, security, and ci/cd processes
work with cutting-edge technologies to enhance the company's infrastructure and security
build and maintain multi-k8s environments and microservices (using helm charts)
provide ai-based solutions for automation and monitoring resilience
at the company, we believe our best work happens together. our work model is fully in person, with 5 days a week from our office. flexibility remains a core value at the company and special requests are handled thoughtfully at the team level.
were the company's internal platform engineering team. were an innovative, dynamic team who are focused on security and available, scalable, and performant microservices. we use cutting-edge technologies such as opa, terraform, kubernetes, istio, and argo to solve complex problems related to distributed systems. were responsible for shaping the architecture of our backend microservices with a focus on complexity and security.