DevSecOps Engineer

Description:

Fiverr is seeking a seasoned DevSecOps Engineer with deep expertise in AWS and GCP cloud infrastructure to join our growing security team. In this role, you will take the lead in safeguarding, designing, automating, and supporting the security of Fiverr’s cloud-native and IT environments.

As a key contributor to our cloud security strategy, you will conduct security assessments, manage vulnerabilities, and drive detection and response activities across our environments. You'll collaborate closely with our software development and DevOps teams to secure our CI/CD pipelines, production infrastructure, and core platform.

Additionally, you'll work alongside DevOps and IT teams to protect Fiverr’s scalable marketplace backend and massive data processing pipeline—handling billions of daily events and supporting hundreds of microservices.

• CI/CD Security: Design, build, and maintain secure CI/CD pipelines with integrated automated security testing (e.g., SAST, DAST, SCA, container scanning) for Fiverr's broad range of applications and services.
• Threat Modeling & Risk Mitigation: Lead security reviews and threat modeling efforts across CI/CD and production environments, identifying and addressing risks to Fiverr’s products and supporting services.
• Infrastructure as Code (IaC) Security: Define and implement best practices for secure IaC (e.g., Terraform, Ansible), including static analysis, misconfiguration detection, and compliance validation.
• Container Security: Deploy and manage security solutions for containerized environments, focusing on secure image management, runtime protection, and policy enforcement.
• Secrets Management: Establish and manage secure secrets management infrastructure (e.g., HashiCorp Vault or equivalent platform-agnostic solutions) across DevOps workflows.
• Security Automation: Automate key security operations, including vulnerability scanning, compliance auditing, configuration checks, and incident response playbooks.
• Cross-Functional Collaboration: Partner with DevOps and engineering teams to embed security into the development lifecycle, offering hands-on guidance and secure coding best practices.
• Tooling & Innovation: Evaluate, implement, and maintain modern security tools to bolster Fiverr’s DevSecOps capabilities, with an emphasis on automation and operational efficiency.
• Compliance & Governance: Ensure development and deployment workflows align with applicable security standards, corporate policies, and regulatory requirements.
• Incident Handling: Contribute to security incident investigations and response activities.
• Training & Enablement: Educate and train internal stakeholders on cloud infrastructure and IT security best practices.

• 5+ years of experience in DevSecOps or Cloud Security roles.
• Bachelor's degree in Computer Science, Information Technology, or a related discipline;
• Relevant certifications such as CISSP, CISM, GIAC are preferred.
• Security certifications such as AWS Security Specialty, CKS, or CCSP are a strong advantage.
• Deep hands-on experience securing cloud infrastructure, with an emphasis on AWS.
• Proven expertise in CI/CD pipelines
• Development lifecycle tools.
• Strong knowledge of security tools and practices, including KMS, GuardDuty, CloudTrail, and CSPM/DSPM platforms.
• Proficient in scripting, automation, and Infrastructure as Code technologies.
• Solid understanding of network security concepts and principles.
• Familiarity with regulatory compliance frameworks and their implications for security and privacy.
• Excellent grasp of information security standards and methodologies.
• Highly self-driven with a strong sense of ownership and accountability.
• Strong organizational skills, attention to detail, and the ability to prioritize effectively.
• Excellent command of English, both written and verbal.

At Fiverr, we’re not about checklists. If you don’t meet 100% of the requirements for this role but still feel passionate about the position and think you have the right skills and qualifications to excel at it, we want to hear from you.