Plus
Π’ΠΊΠ»ΡŽΡ‡ΠΈΡ‚ΡŒ Plus
Назад
Company hidden
2 мСсяца Π½Π°Π·Π°Π΄

DevSecOps (Cybersecurity)

Π’ΠΈΠΏ Ρ€Π°Π±ΠΎΡ‚Ρ‹
fulltime
Π“Ρ€Π΅ΠΉΠ΄
middle
Английский
b2
Π‘Ρ‚Ρ€Π°Π½Π°
Israel
Вакансия ΠΈΠ· списка Hirify.GlobalВакансия ΠΈΠ· Hirify Global, списка ΠΌΠ΅ΠΆΠ΄ΡƒΠ½Π°Ρ€ΠΎΠ΄Π½Ρ‹Ρ… tech-ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΉ
Для мэтча ΠΈ ΠΎΡ‚ΠΊΠ»ΠΈΠΊΠ° Π½ΡƒΠΆΠ΅Π½ Plus

ΠœΡΡ‚Ρ‡ & Π‘ΠΎΠΏΡ€ΠΎΠ²ΠΎΠ΄

Для мэтча с этой вакансиСй Π½ΡƒΠΆΠ΅Π½ Plus

ОписаниС вакансии

ВСкст:
/

TL;DR

DevSecOps Engineer (Cybersecurity): Designing and implementing application and infrastructure security programs for a secure digital identity platform with an accent on security automation, compliance, and risk remediation. Focus on integrating SAST/DAST/SCA tools into CI/CD pipelines and managing SOC2/ISO 27001 audit readiness.

Location: Tel Aviv-Yafo, Israel

Company

hirify.global provides modern tools for secure, trusted, and end-to-end digital identity journeys via its xCIAM platform.

What you will do

  • Design and implement security automation and controls within CI/CD pipelines utilizing SAST, DAST, and SCA tools.
  • Develop infrastructure security programs, including integrating CSPM controls within high-scale cloud environments.
  • Own the strategy for security in IAM, secret management, and other security-critical components.
  • Orchestrate penetration testing on infrastructure and applications and manage a bug bounty program.
  • Build and continuously improve SOC2 compliance processes and audit readiness tooling.
  • Lead technical responses for internal and external audits, collaborating with GRC, engineering, and cloud teams.

Requirements

  • At least 3 years of experience in Application and Infrastructure Security within a SaaS company operating in regulated markets (finance, healthcare, crypto, security).
  • Proven experience managing SoC2 or ISO 27001 certifications.
  • Strong software development capabilities and deep application security knowledge.
  • Expertise in security best practices for AWS, Google Cloud, and Azure.
  • Hands-on experience with CI/CD, IaC, and artifact repositories (GitHub Actions, Jenkins, ArgoCD, JFrog, Terraform, CloudFormation).
  • Proficiency with CSPM, SCA, SAST, and secret scanning tools (e.g., ORCA, Veracode).

Π‘ΡƒΠ΄ΡŒΡ‚Π΅ остороТны: Ссли Ρ€Π°Π±ΠΎΡ‚ΠΎΠ΄Π°Ρ‚Π΅Π»ΡŒ просит Π²ΠΎΠΉΡ‚ΠΈ Π² ΠΈΡ… систСму, ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΡ iCloud/Google, ΠΏΡ€ΠΈΡΠ»Π°Ρ‚ΡŒ ΠΊΠΎΠ΄/ΠΏΠ°Ρ€ΠΎΠ»ΡŒ, Π·Π°ΠΏΡƒΡΡ‚ΠΈΡ‚ΡŒ ΠΊΠΎΠ΄/ПО, Π½Π΅ Π΄Π΅Π»Π°ΠΉΡ‚Π΅ этого - это мошСнники. ΠžΠ±ΡΠ·Π°Ρ‚Π΅Π»ΡŒΠ½ΠΎ ΠΆΠΌΠΈΡ‚Π΅ "ΠŸΠΎΠΆΠ°Π»ΠΎΠ²Π°Ρ‚ΡŒΡΡ" ΠΈΠ»ΠΈ ΠΏΠΈΡˆΠΈΡ‚Π΅ Π² ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΡƒ. ΠŸΠΎΠ΄Ρ€ΠΎΠ±Π½Π΅Π΅ Π² Π³Π°ΠΉΠ΄Π΅ β†’