DevSecOps Engineer New

Who we are:

Resident is an industry leader in the Direct-to-Consumer (e-commerce) space. While our customers are primarily based in the US, our R&D, Product, and Data teams have been operating out of Tel Aviv since our founding. Our mission is simple: we are building a best-in-class e-commerce platform that leverages data and technology to create a competitive advantage for our brands. Starting from the marketing acquisition funnel and continuing through each customer’s journey, our tools and technology enable us to go the extra step to deliver a world-class customer experience.

Our company is built around continuously improving our ability to introduce new customers to our products and wow them with exceptional experiences through the shopping and post-purchase journey. We love to use data and metrics to drive our decisions while keeping in mind that customers don’t speak in numbers and that each one should be treated as a member of our family. Oh, and by the way, you’ll get to work with a diverse group of experts around the globe. You can expect a hard-working team of people who understand how to create meaningful connections and get great work done virtually - it’s in our nature!

What we do:

Our DevOps team is responsible for the Resident platforms end-to-end, from cloud infrastructure to production delivery. We build and operate the systems that enable engineering teams to move fast and safely, while ensuring high standards of reliability, security, performance, and scalability. Through automation, strong architecture, and secure-by-design practices, we continuously improve how we deploy, monitor, and protect our production environments.

What you will be doing:

As the sole DevSecOps owner within the DevOps team, you will take end-to-end responsibility for improving the security of our cloud and production environments. You will design and implement security controls across AWS/GCP- from hardening infrastructure and securing Kubernetes to ensure our platform stays secure as it scales.

You will work closely with cross-functional teams such as DevOps, R&D, Product, and Data to embed security into the way we build software. This role is ideal for someone who wants to make a real impact, takes ownership of cross-team initiatives, is curious and eager to learn, and enjoys driving improvements that raise the security bar across the company.

This is a hybrid role, requiring 2 days per week at our R&D site in Tel Aviv.

Responsibilities:
Architect, implement, and maintain a strong security posture across cloud environments (AWS / GCP), aligned with best practices (CIS Benchmarks, Well-Architected Framework)
Own and integrate automated security controls into CI/CD pipelines (SAST, DAST, SCA, container scanning), including tuning to reduce noise and enforce policy gates
Secure Infrastructure as Code (IaC) and harden servers, services, and Kubernetes clusters
Design and manage IAM, roles, policies, and secrets management to enforce Least Privilege
Lead security initiatives around emerging technologies, including AI models, LLM integrations, and data pipelines
Continuously monitor and drive remediation of vulnerabilities and security findings across the stack
Partner with Developers and Data Engineers to embed security into the SDLC and strengthen security culture
Support security operations, including incident response and root cause analysis
Qualifications:
3+ years of hands-on experience in DevOps, SRE, DevSecOps, or Cloud Security roles in production environments
Strong ownership mindset with proven ability to lead initiatives end-to-end with minimal supervision
Strong cloud security expertise (AWS or GCP preferred), including IAM, networking, and managed services
Strong Linux fundamentals and hardening experience; scripting/automation skills in Python and/or Bash
Solid experience with CI/CD pipelines (GitHub Actions, Jenkins, etc.) and container platforms (Docker, Kubernetes)
Strong understanding of system architecture, REST APIs, and networking fundamentals (DNS, TCP/IP, load balancing)
Strong knowledge of authentication and authorization mechanisms (OAuth, OIDC, SAML) and secure token/secret handling
Hands-on experience implementing security scanning tools (SAST/DAST/SCA), including tuning and enforcing build-blocking when required
Familiarity with security standards and best practices (OWASP Top 10, NIST, CIS)
Exposure to AI/ML security and securing LLM integrations - major plus
Strong English communication skills, with the ability to explain risk clearly to both technical and non-technical stakeholders
Analytical thinker, with a proactive approach, who can prioritize effectively in a fast-paced environment