DevSecOps Engineer

Oddity Tech (NASDAQ: ODD) is a consumer-tech company transforming beauty and wellness through a digital-first, direct-to-consumer platform. Operating IL MAKIAGE, SpoiledChild, and METHODIQ, the company uses proprietary AI, computer vision, and molecular discovery to serve over 60 million users.

Role Overview

We are seeking a DevSecOps Engineer who will be responsible for embedding security into every stage of our software delivery lifecycle, from code commit through build, deployment, and runtime.

This role is hands-on, combining security engineering, automation, and cloud infrastructure expertise to build secure-by-default pipelines and guardrails that scale with our engineering teams.

This individual must be familiar with our platforms, architecture, and delivery workflows. Understanding how the platform is built, deployed, and operated, along with the broader business context, is crucial to automating security controls, prioritizing mitigations, and enabling teams to ship securely and quickly.

Key Responsibilities

• Build and maintain secure CI/CD pipelines, integrating security controls as code without slowing delivery.

• Implement and automate "shift-left" security tooling across the SSDLC (SAST, DAST, SCA, secrets detection, and container/image scanning).

• Secure cloud infrastructure (AWS and GCP) and codify security and compliance controls using Infrastructure as Code and policy-as-code.

• Design and build SIEM or centralized log aggregation platforms, including log pipelines and detection rule development.

• Support incident response and continuous monitoring of cloud and application security posture.

Required Skills & Experience

• 4+ years in DevOps, security engineering, or SRE, with at least 2 years in a DevSecOps or cloud

security role.

• Hands-on experience securing AWS and/or GCP workloads (IAM, networking, KMS/encryption, logging) and applying cloud security best practices (CIS Benchmarks).

• Proven experience building CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins, or Argo).

• Practical knowledge of "shift-left" security tooling: SAST, DAST, SCA, secrets detection, and container/image scanning (e.g., Snyk, Trivy, Semgrep, Checkmarx).

• Proficiency with Infrastructure as Code (Terraform, CloudFormation, or Pulumi) and IaC security scanning (e.g., Checkov, tfsec).

• Strong scripting/automation skills in at least one language (Python, Go, or Bash).

• Understanding of containerization and orchestration security (Docker, Kubernetes, admission controls, runtime protection).

• Hands-on experience building SIEM or log aggregation platforms (e.g., Splunk, ELK, Datadog, or cloud-native equivalents), including log pipelines and detection rules.

• Familiarity with OWASP Top 10, NIST, and CIS Controls.

• Understanding of data protection (GDPR, PCI DSS).

Bonus Points

• Experience implementing security and compliance controls for GDPR, HIPAA, and/or PCI DSS in cloud environments.

• Experience with CSPM/CNAPP tooling (Wiz, Prisma Cloud, Orca, AWS Security Hub, GCP SCC).

• Experience with policy-as-code (OPA/Rego, Sentinel) and automated guardrails.

• Knowledge of secrets management platforms (HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager).

• Relevant certifications such as AWS/GCP Security Specialty, CKS or OSCP.