DevSecOps Engineer

XM Cyber is the leader in hybrid-cloud security posture management, using the attacker’s perspective to find and remediate critical attack paths across on-premises and multi-cloud networks.

We are seeking a skilled DevSecOps Engineer to join our team and help integrate security practices into our software development and operations processes. The ideal candidate will have a strong background in both development and security, with the ability to bridge the gap between these disciplines and operations.

Responsibilities:
Implement and maintain security measures throughout the software development lifecycle
Lead security product evaluations, from initial testing to full organizational deployment
Develop and enforce security policies and best practices across development and operations teams
Perform regular security assessments and vulnerability scans
Implement and manage security tools for monitoring, logging, and alerting
Collaborate with development teams to address security issues and provide guidance on secure coding practices
Conduct security training and awareness programs for development and operations teams
Manage incident response processes and participate in security incident investigations
Stay up-to-date with the latest security threats, vulnerabilities, and mitigation techniques
Identity and access management (IAM) for cloud platforms and database infrastructure

Requirements:

Requirements:

3+ years of experience in DevOps, security engineering, or a similar role

Strong knowledge of secure coding practices and common security vulnerabilities (e.g., OWASP Top 10)

Knowledge of cloud security principles and experience with major cloud platforms (AWS, Azure and GCP) - MUST!

Experience with security tools such as Zero Trust, EASM and CSPM -MUST!

Proficiency in scripting languages such as Python or Bash

Familiarity with microservices architecture and API security

Experience with CI/CD tools (e.g., Jenkins, ArgoCD, Pulumi).

Familiarity with containerization and orchestration technologies (e.g., Docker, Kubernetes).

Understanding of network security concepts and protocols.

Excellent problem-solving and communication skills.

Strong Security tooling, processes expertise, including KMS, GuardDuty, Cloudtrail, SSO and etc .

Experience in triaging security alerts and executing incident response.