Plus
Включить Plus
Назад
Company hidden
1 день назад

DevSecOps Engineer (Adtech)

Формат работы
hybrid
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
Israel
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

DevSecOps Engineer (Cybersecurity): Developing and implementing a comprehensive Secure SDLC strategy for a high-scale advertising platform with an accent on automated security controls and supply chain hardening. Focus on operationalizing CVE tracking, maturing the security tools stack, and establishing Zero Trust IAM frameworks.

Location: Hybrid (Tel Aviv, Israel) — 3 days in-office required

Company

hirify.global is a leading performance-driven advertising company that empowers businesses to grow through specialized algorithms and global scale.

What you will do

  • Develop and execute the company’s comprehensive DevSecOps strategy to manage security at scale from code check-in to production.
  • Mature the security tools stack, including the implementation of WAF and automation of SCA/SAST tools.
  • Own the triage and remediation tracking for the bug bounty and responsible disclosure programs.
  • Enhance the Identity and Access Management (IAM) framework using Just-In-Time (JIT) and Zero Trust principles.
  • Design and implement a scalable system for discovering, tracking, and prioritizing CVEs in third-party and custom code.
  • Develop and maintain DevSecOps metrics (MTTD/MTTR) to measure the effectiveness of automated controls.

Requirements

  • 5+ years of experience in a senior DevSecOps or Application/Product Security role.
  • Deep knowledge of DevSecOps principles and the modern application threat landscape (OWASP Top 10).
  • Proven ability to embed automated security controls (SAST, DAST, SCA, IAST) into CI/CD pipelines.
  • Hands-on experience managing open-source dependencies and maintaining SBOM using tools like Snyk or Black Duck.
  • Experience managing security audits and certifications such as SOC 2 and ISO 27001 using security-as-code.
  • Strong leadership skills to partner with R&D, Platform Engineering, and IT teams.

Culture & Benefits

  • Hybrid work schedule with 3 days in-office.
  • Opportunity to grow and learn from highly talented people in a high-performance environment.
  • Collaboration with world-renowned publisher partners like Yahoo, NBCU, and ESPN.
  • Inclusive environment committed to diversity and equal opportunity.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →