DevSecOps (Cybersecurity)

TL;DR

DevSecOps Engineer (Cybersecurity): Designing and implementing application and infrastructure security programs for a secure digital identity platform with an accent on security automation, compliance, and risk remediation. Focus on integrating SAST/DAST/SCA tools into CI/CD pipelines and managing SOC2/ISO 27001 audit readiness.

Location: Tel Aviv-Yafo, Israel

Company

hirify.global provides modern tools for secure, trusted, and end-to-end digital identity journeys via its xCIAM platform.

What you will do

• Design and implement security automation and controls within CI/CD pipelines utilizing SAST, DAST, and SCA tools.
• Develop infrastructure security programs, including integrating CSPM controls within high-scale cloud environments.
• Own the strategy for security in IAM, secret management, and other security-critical components.
• Orchestrate penetration testing on infrastructure and applications and manage a bug bounty program.
• Build and continuously improve SOC2 compliance processes and audit readiness tooling.
• Lead technical responses for internal and external audits, collaborating with GRC, engineering, and cloud teams.

Requirements

• At least 3 years of experience in Application and Infrastructure Security within a SaaS company operating in regulated markets (finance, healthcare, crypto, security).
• Proven experience managing SoC2 or ISO 27001 certifications.
• Strong software development capabilities and deep application security knowledge.
• Expertise in security best practices for AWS, Google Cloud, and Azure.
• Hands-on experience with CI/CD, IaC, and artifact repositories (GitHub Actions, Jenkins, ArgoCD, JFrog, Terraform, CloudFormation).
• Proficiency with CSPM, SCA, SAST, and secret scanning tools (e.g., ORCA, Veracode).