DevSecOps Engineer
Tel Aviv-Yafo, Tel Aviv District, IL
XM Cyber
Illuminate and disrupt the attack paths leading to your critical assets, in the cloud or on-premises.Description
XM Cyber is the leader in hybrid-cloud security posture management, using the attacker’s perspective to find and remediate critical attack paths across on-premises and multi-cloud networks.
We are seeking a skilled DevSecOps Engineer to join our team and help integrate security practices into our software development and operations processes. The ideal candidate will have a strong background in both development and security, with the ability to bridge the gap between these disciplines and operations.
- Responsibilities:
- Implement and maintain security measures throughout the software development lifecycle
- Lead security product evaluations, from initial testing to full organizational deployment
- Develop and enforce security policies and best practices across development and operations teams
- Perform regular security assessments and vulnerability scans
- Implement and manage security tools for monitoring, logging, and alerting
- Collaborate with development teams to address security issues and provide guidance on secure coding practices
- Conduct security training and awareness programs for development and operations teams
- Manage incident response processes and participate in security incident investigations
- Stay up-to-date with the latest security threats, vulnerabilities, and mitigation techniques
- Identity and access management (IAM) for cloud platforms and database infrastructure
Requirements
Requirements:
3+ years of experience in DevOps, security engineering, or a similar role
Strong knowledge of secure coding practices and common security vulnerabilities (e.g., OWASP Top 10)
Knowledge of cloud security principles and experience with major cloud platforms (AWS, Azure and GCP) - MUST!
Experience with security tools such as Zero Trust, EASM and CSPM -MUST!
Proficiency in scripting languages such as Python or Bash
Familiarity with microservices architecture and API security
Experience with CI/CD tools (e.g., Jenkins, ArgoCD, Pulumi).
Familiarity with containerization and orchestration technologies (e.g., Docker, Kubernetes).
Understanding of network security concepts and protocols.
Excellent problem-solving and communication skills.
Strong Security tooling, processes expertise, including KMS, GuardDuty, Cloudtrail, SSO and etc .
Experience in triaging security alerts and executing incident response.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs AWS Azure Bash CI/CD Cloud CSPM DevOps DevSecOps Docker GCP IAM Incident response Jenkins Kubernetes Microservices Monitoring Network security OWASP Python Scripting SDLC Security assessment SSO Vulnerabilities Vulnerability scans Zero Trust
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.