דרושים » מחשבים ורשתות » DevSecOps Engineer

We are seeking a talented Senior DevSecOps Engineer / Security Architect to act as the primary security owner and focal point for the Velocity R&D organization. The ideal candidate will possess a background in IT and security platforms, strong coding skills, the ability to independently learn new technologies, an unwavering commitment to quality, a collaborative work ethic, and a profound passion for securing complex infrastructures.
Main Responsibilities:
Security Strategy & Architecture
Own and continuously improve Velocitys overall security posture, including risk assessment, prioritization, and long-term planning.
Design and guide secure architectures for new and existing systems and features, aligned with best practices and compliance requirements.
Lead threat modeling efforts and drive proactive validation against emerging attack techniques.
Evaluate, introduce, and develop security solutions tailored to Velocitys environment.
Design and implement security controls for emerging technologies, including agentic AI systems, addressing risks such as misuse, data leakage, and adversarial manipulation.
Security Engineering & DevSecOps
Embed security across the development lifecycle, including CI/CD pipelines, infrastructure, and application layers.
Enhance logging, auditing, and detection capabilities, and design detection strategies tailored to the platform.
Own and optimize security tooling, ensuring strong integration, visibility, and coverage across systems.
Incident Response & Operations
Investigate and respond to security incidents and alerts, leveraging deep system understanding.
Perform root cause analysis and drive improvements to prevent recurrence.
Collaboration & Enablement
Partner closely with R&D, IT, Product, and the CISO to ensure secure design and day-to-day operations.
Support compliance initiatives (e.g., SOC 2) and security reviews with internal and external stakeholders.
Assist in customer-facing security processes, including questionnaires and evaluations.
Promote security awareness and provide guidance across the organization.

Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

Required DevSecOps Engineer
What we do:
Our DevOps team is responsible for the platforms end-to-end, from cloud infrastructure to production delivery. We build and operate the systems that enable engineering teams to move fast and safely, while ensuring high standards of reliability, security, performance, and scalability. Through automation, strong architecture, and secure-by-design practices, we continuously improve how we deploy, monitor, and protect our production environments.
What you will be doing:
As the sole DevSecOps owner within the DevOps team, you will take end-to-end responsibility for improving the security of our cloud and production environments. You will design and implement security controls across AWS/GCP- from hardening infrastructure and securing Kubernetes to ensure our platform stays secure as it scales.
You will work closely with cross-functional teams such as DevOps, R&D, Product, and Data to embed security into the way we build software. This role is ideal for someone who wants to make a real impact, takes ownership of cross-team initiatives, is curious and eager to learn, and enjoys driving improvements that raise the security bar across the company.
This is a hybrid role, requiring 2 days per week at our R&D site in Tel Aviv.
Responsibilities:
Architect, implement, and maintain a strong security posture across cloud environments (AWS / GCP), aligned with best practices (CIS Benchmarks, Well-Architected Framework)
Own and integrate automated security controls into CI/CD pipelines (SAST, DAST, SCA, container scanning), including tuning to reduce noise and enforce policy gates
Secure Infrastructure as Code (IaC) and harden servers, services, and Kubernetes clusters
Design and manage IAM, roles, policies, and secrets management to enforce Least Privilege
Lead security initiatives around emerging technologies, including AI models, LLM integrations, and data pipelines
Continuously monitor and drive remediation of vulnerabilities and security findings across the stack
Partner with Developers and Data Engineers to embed security into the SDLC and strengthen security culture
Support security operations, including incident response and root cause analysis.

Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

we are on a mission to bring identity security everywhere - to every human, machine, and AI agent, both on-prem and in the cloud. Our unique technology secures identities & access at runtime, in ways that werent possible before. With the broadest identity security platform in the market, trusted by more than 1,000 customers including many Fortune 100 companies, we are uniquely positioned to lead the fast-growing identity security category.
Joining our company means becoming part of a fast-moving team with a culture of innovation and collaboration, that goes above and beyond to help our customers and each other, on a journey to reshape the future of identity security.
As a DevOps Engineer, youll design and implement a full CI/CD solution on AWS and Azure with Kubernetes, while supporting and scaling our cloud infrastructure using Infrastructure as Code.
Responsibilities
Design and implement robust, scalable, and highly available cloud solutions to ensure seamless service delivery and support rapid business growth
Focus on cross-service integrations and components within the SaaS stack, adhering to DevOps best practices
Develop, enhance, and maintain CI/CD pipelines using a GitOps-driven approach, ensuring efficient and secure deployment workflows
Streamline processes through automation, focusing on scalability, security, metric collection, and enhanced visibility across environments
Partner with developers to optimize service reliability, performance, failover strategies, and scalability
Work as part of an innovative and high-performing team, leveraging modern tools and technologies.

Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

At our company, we believe people are capable of more than a single job description. Youre not hired just to fill a position- youre empowered to shape it, grow it, and make it your own.
We call this being Positionless.
And Positionless isnt just our culture. Its our product.
we are the creator of Positionless Marketing, an AI-powered platform that gives every marketer the power to analyze, create, launch, and optimize independently. The result is faster execution, deeper personalization, and 88% greater campaign efficiency.
Recognized as a Visionary in Gartners Magic Quadrant, we partner with leading brands like Sephora, Staples, and Entain. Today, more than 550 our company's across NYC, London, Tel Aviv, Scotland, Brazil, Estonia, and beyond are building the future of marketing together, in an environment that actively encourages ownership and growth, with two out of every three managers promoted from within.
If youre looking for a place where you can do more, be more, come grow with us.
Are you passionate about ensuring system reliability, scalability, and performance? Do you thrive in a dynamic environment where automation and operational excellence are key?
we are looking for a Site Reliability Engineer (SRE) to join our team and play a crucial role in designing, implementing, and maintaining our cloud-based infrastructure. In this role, you will collaborate across teams to drive automation, improve system resilience, and optimize performance while fostering a culture of reliability.
Responsibilities:
System Reliability- Ensure high availability and performance of services through effective monitoring, incident management, and root cause analysis.
Automation & Tooling- Develop and maintain automation for infrastructure provisioning, configuration management, and application deployment.
Performance Optimization- Analyze and enhance system performance, including load balancing, caching, and database tuning. Conduct regular capacity planning.
Incident Response & Troubleshooting- Lead incident response efforts, participate in on-call rotations, and troubleshoot complex infrastructure issues.
Security & Compliance- Collaborate with security teams to implement best practices and ensure compliance with relevant standards (ISO 27001, SOC 2, etc.).
Collaboration & Mentorship- Work closely with developers, DevOps, Support, and product teams to enhance application reliability and implement SRE best practices.

We're on a mission to redefine vehicle safety and reliability on a global scale. Founded in 2016, we have pioneered the world's first fully automated suite of vehicle inspection systems. At the heart of this innovation lies our advanced AI-centric technology, representing the pinnacle of computer vision, Machine Learning, and generative AI within the automotive sector.
With over $380M in funding and strategic partnerships with industry giants such as Toyota, Amazon, General Motors, Volvo, and Hertz, our technology is utilized in manufacturing plants, dealerships, wholesale auctions, delivery fleets, seaports, and more. Our growing global team of over 200 employees is committed to creating a workplace that celebrates diversity, encourages teamwork, and strives for excellence.
We seek a dedicated and proactive Senior SecOps Engineer to join our InfoSec team and take ownership of all security-related tasks across the organization. In this role, you will be key in aligning security goals with infrastructure, R&D and IT requirements. You will be responsible for integrating security into our CI/CD pipelines, managing cloud infrastructure security, ensuring compliance with security standards, and protecting our infrastructure from vulnerabilities.
A day in the life and how youll make an impact:
* Implement and manage security tools such as static code analysis, cloud posture monitoring, and penetration testing tools.
* Embed security into the DevOps lifecycle, including CI/CD pipelines, IaC (Infrastructure as Code), and software development workflows.
* Design and enforce security policies for cloud architecture, ensuring secure configurations and monitoring.
* Lead incident response activities, vulnerability management, and forensic investigations to mitigate threats.
* Drive compliance efforts (ISO 27001, SOC 2, GDPR, etc.) and audit readiness for the organization.
* Work closely with stakeholders ( CISO, COO, system Architects, DevOps, IT, Finance, HR, etc) to identify requirements and prioritize security needs.
* Continuously monitor systems and infrastructure for vulnerabilities, intrusions, and misconfiguration.
* Perform or manage penetration testing initiatives to identify security weaknesses.

Required DevSecOps
About the Role:
As a DevSecOps engineer you will be a part of our DevOps group and play a critical role in designing and implementing application and infrastructure security programs that will make sure that our systems continue to be secure and compliant with our clients high bar.
You will work closely with developers and DevOps engineers to help identify and remediate application and infrastructure security issues.
What youll do:
Implement an application security program
Design and implement security automation and controls within CI/CD pipelines utilizing SAST, DAST and SCA tools
Collaborate on architecture reviews, threat modeling, and developer security training sessions to elevate AppSec maturity
Implement an infrastructure security program
Integrate and implement CSPM controls within a high scale cloud environment.
Own strategy for security in IAM, secret management and similar security-critical components
Own security training and review for DevOps teams.
Orchestrate execution of penetration testing on infrastructure and application and a bug bounty program
Own compliance processes within DevOps
Build and continuously improve SOC2 compliance processes and audit readiness tooling
Lead technical responses for internal and external audits, working closely with GRC, engineering, and cloud teams to resolve gaps and strengthen security posture.​