DevSecOps Engineer

About the position

We are seeking an experienced DevOps Engineer with a strong security background to join our company. As a DevSecOps Engineer, you will be responsible for designing and implementing DevOps processes and tools, and ensuring the reliability, scalability and security of our software infrastructure. You will work closely with our development and operations teams to build and deploy high-quality software products and services.

Responsibilities:

• Develop and implement DevOps processes and tools to automate and streamline our software development and deployment workflows.
• Build and maintain our continuous integration and deployment (CI/CD) pipelines using technologies such as Bitbucket Pipelines, AWS CodePipeline and ArgoCD.
• Implement DevSecOps practices and integrate security into the development pipeline - Static Application Security Testing (SAST), Software Composition Analysis (SCA), container security and Infrastructure as Code (IaC) scanning.
• Perform security architecture and design reviews. Review network architecture, identity and access management, encryption, application security, integration with third parties, and ensure integration of relevant controls.
• Ensure the reliability and scalability of our systems by monitoring and improving system performance using tools such as Cloudwatch, Prometheus and Grafana.
• Define security standards and best practices for system/product development. This includes establishing coding guidelines and secure design patterns.
• Stay up to date with the latest DevOps and security tools and technologies and share knowledge with the team.
• Perform penetration testing for sensitive projects to identify and address potential vulnerabilities.
• Strong communication skills with the ability to deliver security and DevOps training sessions and effectively communicate security and DevOps concepts to stakeholders.

Qualifications

• 3+ years of experience in DevOps or related fields, preferably in an enterprise environment.
• Strong knowledge of DevOps best practices, including continuous integration and deployment (CI/CD), configuration management, and infrastructure as code.
• Previous experience of integrating code scanning tools and libraries into development projects, contributing to DevSecOps workflows (SAST, SCA, IAST, container scanning, infrastructure as code scanning).
• 1+ years of experience with containers and container orchestration/management tools (EKS/AKS, Vanilla Kubernetes, ArgoCD, etc).
• 1+ years of experience with IaC technologies (e.g. Terraform, Cloudformation).
• Ability to conduct security design reviews, assessing network architecture, encryption, and authentication protocols. 
• Proficiency in at least one programming language (JS/Python). Experience in conducting code reviews.
• Security related certification (e.g. CompTIA Security+, Certified Ethical Hacker - CEH, ISC2 Certified in Cybersecurity - CC, etc) - advantage.
• Experience with Penetration Testing - advantage.

If interested, please send your C.V to reuts@moveo.co.il