Security DevOps Engineer

Realize your potential by joining the leading performance-driven advertising company!

The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).

This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.

To thrive in this role you'll need:

Deep DevSecOps Expertise: 5+ years of experience in a senior DevSecOps or Application/Product Security role, with a strong, working knowledge of DevSecOps principles and the modern application threat landscape (e.g., OWASP Top 10).
DevSecOps Focus: Proven ability to "shift left" security by embedding automated security controls (SAST, DAST, SCA, IAST) into CI/CD pipelines.
Open Source Security & Supply Chain Mastery: Deep, hands-on experience managing and hardening open-source software dependencies.
Key Focus: Expertise in utilizing Software Composition Analysis (SCA) tools (e.g., Dependency-Check, Snyk, Black Duck) to maintain an accurate Software Bill of Materials (SBOM) for all products.
Vulnerability & Risk Management Pro: Proven ability to establish and own a continuous CVE tracking and remediation process.
Key Focus: Expertise in risk-rating vulnerabilities based on exploitability and business impact, and driving engineering teams to remediate security risks efficiently using automation and clear Service Level Objectives (SLOs).
Audit & Compliance Automation: Proven, hands-on experience managing security audits and certification programs (e.g., SOC 2, ISO 27001) by leveraging "security as code" principles and automating evidence collection to demonstrate compliance across the pipeline.

Leadership & Influence: Strong leadership skills with the ability to build consensus and partner with R&D, Platform Engineering, and IT teams to embed security practices without being a bottleneck.

How you'll make an impact:

As the DevSecOps Leader / Program Manager, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:

Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the company's comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure program's triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.

Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

Why Taboola?

If you ask Taboolars what they love about working here, they'll tell you that they've been empowered to realize their full potential while growing and learning from and with smart and talented people. They'll also share more about:

Adam Singolda, Taboola Founder and CEO says; "You can copy anything from another business but you can't copy a company's culture".
Flexibility: We offer a hybrid work schedule with 3 days in-office with an option to come in more often if desired.
Work with some of the biggest names: We work with some of the biggest names in the business. Our publisher partners include Yahoo, Conde Nast, Fox Sports, NBCU, ESPN, CBS, and E! Online. Our advertiser clients include Wells Fargo, Honda, Pinterest, Expedia and Honda.

Ready to realize your potential?

Taboola is an equal opportunity employer and we value diversity in all forms. We are committed to creating an inclusive environment for all employees and believe such an environment is critical for success. Employment is decided on the basis of qualifications, merit, and business need.

Learn more about #TaboolaLife on LinkedIn, Facebook, Instagram, X, YouTube, & the Taboola Life Blog.

About Taboola

Taboola empowers businesses to grow through performance advertising technology that goes beyond search and social and delivers measurable outcomes at scale.

Taboola works with thousands of businesses who advertise directly on Realize, Taboola's powerful ad platform, reaching approximately 600M daily active users across some of the best publishers in the world. Publishers like NBC News, Yahoo, and OEMs such as Samsung, Xiaomi and others use Taboola's technology to grow audience and revenue, enabling Realize to offer unique data, specialized algorithms, and unmatched scale.

By submitting your application/CV, any personal information you provide will be subject to Taboola's Candidates Data Policy. Please review our policy carefully before submitting any of your personal information. You may contact us at [email protected] with any questions about how we collect or use your personal information, or your applicable rights.

#LI-Hybrid

#LI-SRM1