DevSecOps Engineer

Description:

Coralogix is a modern, full-stack observability platform transforming how businesses process and understand their data. Our unique architecture powers in-stream analytics without reliance on expensive indexing or hot storage. We specialize in comprehensive monitoring of logs, metrics, trace and security events with features such as APM, RUM, SIEM, Kubernetes monitoring and more, all enhancing operational efficiency and reducing observability spend by up to 70%.

We are seeking a skilled and motivated DevSecOps Engineer to integrate security practices into our DevOps pipeline, ensuring secure software development, deployment, and infrastructure. 

You will automate and own security tooling, Integrate SAST, DAST, container/IaC scans, and secret detection into our CI/CD, continuously improving the stack. Harden application security, embed secure-coding best practices, OWASP Top-10 defenses, and threat modeling throughout the SDLC. Raise cloud security standards, keep our cloud environments aligned with best practice to mitigate any risk.

Key Responsibilities:

• Secure CI/CD Pipelines: Integrate security into continuous integration and delivery workflows (CI/CD).
• Automation & Tooling: Implement and manage tools for static and dynamic code analysis (SAST, DAST), software composition analysis (SCA), and secrets management.
• Cloud Security: Ensure infrastructure-as-code (IaC) and cloud deployments (e.g., AWS, Azure, GCP) are secure and compliant.
• Monitoring & Incident Response: Set up security monitoring and logging; support incident response and forensic analysis.
• Policy & Compliance: Work with compliance teams to enforce standards such as ISO 27001, SOC 2, NIST, or HIPAA, depending on your environment.
• Collaboration: Serve as a bridge between development, operations, and security to ensure alignment and shared responsibility for security.

Technical Skills:

• 3+ years of experience in DevOps, Security Engineering, or related roles.
• Strong experience with CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions ).
• Proficiency in scripting (e.g., Python, Bash)
• Hands-on experience with container security (Docker, Kubernetes) - trivy advantag
• Familiarity with SAST, DAST, SCA tools (e.g., SonarQube, Checkmarx, Veracode, Aqua, Snyk).
• Knowledge of cloud platforms (AWS, GCP) and cloud security..
• Strong problem-solving and analytical skills.
• Ability to work collaboratively across multiple teams and custommers.
• Excellent communication and documentation abilities.

Advantage:

• Security certifications such as CISSP, CEH, OSCP, or AWS Security Specialty.
• Experience with zero-trust architecture or security in microservices.
• Background in secure software development lifecycle (SSDLC) practices.

Cultural Fit:

We’re seeking candidates who are hungry, humble, and smart. Coralogix fosters a culture of innovation and continuous learning, where team members are encouraged to challenge the status quo and contribute to our shared mission. If you thrive in dynamic environments and are eager to shape the future of observability solutions, we’d love to hear from you.

Coralogix is an equal opportunity employer and encourages applicants from all backgrounds to apply.