לוח משרות דרושים DevSecOps Engineer במרכז

You will join our Cyber Security Operations team and play a key role in protecting our cloud-native and enterprise environments. In this hands-on role, youll design, implement, and operate security controls across AWS, Kubernetes, CI/CD pipelines, and identity systems.
Youll lead incident response efforts, build security automation, and drive continuous improvement of our detection and prevention capabilities in a fast-paced, highly technical environment.
The day-to-day:
Own and enhance security for large-scale AWS environments (IAM, VPC, CloudTrail, GuardDuty, EKS, S3).
Build and operate threat detection, incident response, and DFIR processes across cloud, Kubernetes, identity, and SaaS platforms.
Design and implement security automation for access control, cloud hygiene, incident response, and SIEM workflows.
Drive DevSecOps initiatives, securing CI/CD pipelines and enabling shift-left security.
Develop and tune SIEM detections, threat hunting queries, and automated remediation pipelines.
Manage identity, access, and Zero Trust / ZTNA architectures using IdP, SSO, RBAC, and federation.
Simulate real-world attacks and perform vulnerability discovery to validate security controls.

We are seeking a skilled DevSecOps Engineer to integrate security practices within our software development lifecycle (SDLC) while ensuring seamless CI/CD pipeline implementation and automation. The ideal candidate will have proven experience in DevSecOps or a similar role, with a deep understanding of both development and security principles.
Place of employment: central.
Scope of hours: full-time job.

Required DevSecOps Engineer
What we do:
Our DevOps team is responsible for the platforms end-to-end, from cloud infrastructure to production delivery. We build and operate the systems that enable engineering teams to move fast and safely, while ensuring high standards of reliability, security, performance, and scalability. Through automation, strong architecture, and secure-by-design practices, we continuously improve how we deploy, monitor, and protect our production environments.
What you will be doing:
As the sole DevSecOps owner within the DevOps team, you will take end-to-end responsibility for improving the security of our cloud and production environments. You will design and implement security controls across AWS/GCP- from hardening infrastructure and securing Kubernetes to ensure our platform stays secure as it scales.
You will work closely with cross-functional teams such as DevOps, R&D, Product, and Data to embed security into the way we build software. This role is ideal for someone who wants to make a real impact, takes ownership of cross-team initiatives, is curious and eager to learn, and enjoys driving improvements that raise the security bar across the company.
This is a hybrid role, requiring 2 days per week at our R&D site in Tel Aviv.
Responsibilities:
Architect, implement, and maintain a strong security posture across cloud environments (AWS / GCP), aligned with best practices (CIS Benchmarks, Well-Architected Framework)
Own and integrate automated security controls into CI/CD pipelines (SAST, DAST, SCA, container scanning), including tuning to reduce noise and enforce policy gates
Secure Infrastructure as Code (IaC) and harden servers, services, and Kubernetes clusters
Design and manage IAM, roles, policies, and secrets management to enforce Least Privilege
Lead security initiatives around emerging technologies, including AI models, LLM integrations, and data pipelines
Continuously monitor and drive remediation of vulnerabilities and security findings across the stack
Partner with Developers and Data Engineers to embed security into the SDLC and strengthen security culture
Support security operations, including incident response and root cause analysis.

We are seeking a skilled and motivated DevSecOps Engineer to integrate security practices into our DevOps pipeline, ensuring secure software development, deployment, and infrastructure.
You will automate and own security tooling, Integrate SAST, DAST, container/IaC scans, and secret detection into our CI/CD, continuously improving the stack. Harden application security, embed secure-coding best practices, OWASP Top-10 defenses, and threat modeling throughout the SDLC. Raise cloud security standards, keep our cloud environments aligned with best practice to mitigate any risk.
Key Responsibilities:
Secure CI/CD Pipelines: Integrate security into continuous integration and delivery workflows (CI/CD).
Automation & Tooling: Implement and manage tools for static and dynamic code analysis (SAST, DAST), software composition analysis (SCA), and secrets management.
Cloud Security: Ensure infrastructure-as-code (IaC) and cloud deployments (e.g., AWS, Azure, GCP) are secure and compliant.
Monitoring & Incident Response: Set up security monitoring and logging; support incident response and forensic analysis.
Policy & Compliance: Work with compliance teams to enforce standards such as ISO 27001, SOC 2, NIST, or HIPAA, depending on your environment.
Collaboration: Serve as a bridge between development, operations, and security to ensure alignment and shared responsibility for security.

Our Security team is looking for a highly skilled and security-savvy Application Security Engineer to lead our product and application security efforts. In this role, you will drive security design, ensure secure coding practices, and validate our services and environments against the highest security standards.

You will work closely with our R&D and Product teams to identify, mitigate, and prevent security risks throughout the software development lifecycle (SDLC). As a senior engineer, you will own security initiatives, mentor developers on security best practices, and play a key role in shaping the security posture of our products.

The ideal candidate is highly motivated, eager to learn, and has a security by design mindset. This role provides career growth opportunities, enabling you to deepen your expertise in AppSec, DevSecOps, and cloud security.

What you'll do:
Partner with development and product teams to integrate security best practices into the SDLC.
Lead threat modeling and architecture security reviews to proactively identify and mitigate risks.
Conduct security assessments, including code reviews, vulnerability scans, penetration testing, and secure product design reviews.
Stay up to date with emerging security threats, vulnerabilities, and industry trends, ensuring we remain ahead of evolving risks.
Support and contribute to security incident response activities, including root cause analysis and post-incident improvements.
Automate security processes and integrate security tools within CI/CD pipelines.
Develop and deliver secure coding training to engineering teams.

Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

Required DevSecOps
About the Role:
As a DevSecOps engineer you will be a part of our DevOps group and play a critical role in designing and implementing application and infrastructure security programs that will make sure that our systems continue to be secure and compliant with our clients high bar.
You will work closely with developers and DevOps engineers to help identify and remediate application and infrastructure security issues.
What youll do:
Implement an application security program
Design and implement security automation and controls within CI/CD pipelines utilizing SAST, DAST and SCA tools
Collaborate on architecture reviews, threat modeling, and developer security training sessions to elevate AppSec maturity
Implement an infrastructure security program
Integrate and implement CSPM controls within a high scale cloud environment.
Own strategy for security in IAM, secret management and similar security-critical components
Own security training and review for DevOps teams.
Orchestrate execution of penetration testing on infrastructure and application and a bug bounty program
Own compliance processes within DevOps
Build and continuously improve SOC2 compliance processes and audit readiness tooling
Lead technical responses for internal and external audits, working closely with GRC, engineering, and cloud teams to resolve gaps and strengthen security posture.​

Required DevSecOps Engineer
as a DevSecOps Engineer in the company's internal platform engineering team (ipe), youll play a pivotal role in ensuring the company's infrastructure and applications are resilient, scalable, and secure.
in your day-to-day, you will:
build and set up infrastructure for various internal uses using iac (terraform, terragrunt)
automate and improve development, security, and ci/cd processes
work with cutting-edge technologies to enhance the company's infrastructure and security
build and maintain multi-k8s environments and microservices (using helm charts)
provide ai-based solutions for automation and monitoring resilience
at the company, we believe our best work happens together. our work model is fully in person, with 5 days a week from our office. flexibility remains a core value at the company and special requests are handled thoughtfully at the team level.
were the company's internal platform engineering team. were an innovative, dynamic team who are focused on security and available, scalable, and performant microservices. we use cutting-edge technologies such as opa, terraform, kubernetes, istio, and argo to solve complex problems related to distributed systems. were responsible for shaping the architecture of our backend microservices with a focus on complexity and security.

We are looking for a Junior IT SecOps Specialist with at least 1-2 years of hands‑on experience in security operations or IT security. The role is ideal for someone who already has foundational security skills and wants to grow into advanced SecOps responsibilities while working alongside experienced specialists within our global hybrid environment.
This position aligns with the responsibilities defined for the SecOps team, including monitoring, incident response, and implementation of security technologies
What will you do?
Security Platforms & Daily Operations:
Assist in operating and maintaining security solutions such as EDR/EPP, MFA, NAC, IPS, and secure DNS platforms.
Support onboarding and configuration tasks for new or existing security tools.
Perform routine health checks on security systems and escalate anomalies as needed.
Monitoring, Detection & Incident Handling:
Monitor alerts and events from our security platforms.
Perform first‑level triage, document findings, and escalate incidents to senior SecOps members
Participate in remediation activities with guidance (e.g., addressing misconfigurations or legacy system exposures similar to past findings)
Infrastructure Hardening & Compliance Support:
Assist in applying IT security standards and guidelines across systems and environments.
Support the implementation of secure configurations for endpoints, servers, and cloud workloads under supervision.
Team Collaboration:
Work closely with the CISO and senior SecOps team to support ongoing security initiatives and improvements
Collaborate with IT Infrastructure, Network, and Cloud teams to troubleshoot and secure operational environments.

We are looking for a DevSecOps Engineer to join our amazing Security Cloud Engineering team. We are developing our revolutionary runtime engine and transforming the online experience for hundreds of millions of users. We are looking for people who are passionate about leading technology to the extreme.

As part of the Security Cloud Engineering team, youll do the following:
Promote a strong security culture using security-driven awareness and best practices for continual security improvement across the business.
Ensure that security countermeasures, mitigations, and containment strategies are implemented on both infrastructure and applications.
Leverage AI within the DevOps and DevSecOps landscapes to maximize security ROI while driving innovation across the global company.
Secure and optimize our cloud services, to ensure robust security and compliance.
Establish and enforce DevSecOps best practices within our CI/CD pipelines and automation processes.
Automate the deployment of security controls and processes to ensure consistent and scalable protection for all security layers.
Develop and implement strategies for proactive threat detection and risk mitigation.
Collaborate with Security, Engineering, and DevOps teams to define and execute security strategy.