DevSecOps Engineer

Description:

monday.com is seeking a skilled DevSecOps Engineer to join our growing team. This role requires a keen understanding of security practices integrated within the software development lifecycle. The ideal candidate will play a crucial role in securing our CI/CD pipelines, working with Web Application Firewalls (WAFs), and managing our Cloud Security Posture.

A person in this role will be a part of the team serving a key entity in communication and synchronization between the several groups of stakeholders (Infrastructure, Development, Security), fostering a culture of security awareness and collaboration across all the teams.

Securing CI/CD Pipelines:

• Implement and manage security controls for CI/CD pipelines.
• Automate security testing and vulnerability management within the CI/CD process using tools like Terraform.
• Collaborate with development teams to integrate security best practices and policies.

Working with WAFs:

• Configure and manage Web Application Firewalls (WAFs) such as Cloudflare to protect web applications from security threats.
• Monitor and update WAF rules to respond to new vulnerabilities and attack vectors.
• Conduct regular security assessments and audits of WAF configurations.

Cloud Security Posture Management:

• Develop and implement cloud security best practices and policies.
• Continuously monitor cloud environments using tools like AWS Guard Duty, Wiz, Orca, WAF, Cloudflare and similar to ensure compliance with security standards.
• Collaborate with cloud operations teams to identify and remediate security risks.
• Managing security cloud configuration with tools like Terraform and CDK

Implementing Security Self Service approach:

• Development security tools in the organization IDP
• Testing/performing PoC of new security tools to increase efficiency development practices in the security context and foster Secure by Design principle.

• 3+ years of experience in DevOps/DevSecOps or related roles.
• Passion for keeping systems secure
• Proficiency in any of languages Python/Go/Typescript 
• Expertise implementing Shift Left/Secure by Design inside CI/CD pipelines using tools such SonarQube, Dependabot alert, Wiz and others.
• Experience with configuring and managing Web Application Firewalls (WAFs) such as AWS WAF, Cloudflare, or similar.
• Excellent problem-solving and communication skills.