DevSecOps Engineer

Описание вакансии

Who we are:

Resident is an industry leader in the Direct-to-Consumer (e-commerce) space. While our customers are primarily based in the US, our R&D, Product, and Data teams have been operating out of Tel Aviv since our founding. Our mission is simple: we are building a best-in-class e-commerce platform that leverages data and technology to create a competitive advantage for our brands.  Starting from the marketing acquisition funnel and continuing through each customer’s journey, our tools and technology enable us to go the extra step to deliver a world-class customer experience.

Our company is built around continuously improving our ability to introduce new customers to our products and wow them with exceptional experiences through the shopping and post-purchase journey.  We love to use data and metrics to drive our decisions while keeping in mind that customers don’t speak in numbers and that each one should be treated as a member of our family. Oh, and by the way, you’ll get to work with a diverse group of experts around the globe. You can expect a hard-working team of people who understand how to create meaningful connections and get great work done virtually - it’s in our nature!

What we do:

Our DevOps team is responsible for the Resident platforms end-to-end, from cloud infrastructure to production delivery. We build and operate the systems that enable engineering teams to move fast and safely, while ensuring high standards of reliability, security, performance, and scalability. Through automation, strong architecture, and secure-by-design practices, we continuously improve how we deploy, monitor, and protect our production environments.

What you will be doing:

As the sole DevSecOps owner within the DevOps team, you will take end-to-end responsibility for improving the security of our cloud and production environments. You will design and implement security controls across AWS/GCP- from hardening infrastructure and securing Kubernetes to ensure our platform stays secure as it scales.

You will work closely with cross-functional teams such as DevOps, R&D, Product, and Data to embed security into the way we build software. This role is ideal for someone who wants to make a real impact, takes ownership of cross-team initiatives, is curious and eager to learn, and enjoys driving improvements that raise the security bar across the company.

This is a hybrid role, requiring 2 days per week at our R&D site in Tel Aviv.

Responsibilities:

• Architect, implement, and maintain a strong security posture across cloud environments (AWS / GCP), aligned with best practices (CIS Benchmarks, Well-Architected Framework)
• Own and integrate automated security controls into CI/CD pipelines (SAST, DAST, SCA, container scanning), including tuning to reduce noise and enforce policy gates
• Secure Infrastructure as Code (IaC) and harden servers, services, and Kubernetes clusters
• Design and manage IAM, roles, policies, and secrets management to enforce Least Privilege
• Lead security initiatives around emerging technologies, including AI models, LLM integrations, and data pipelines
• Continuously monitor and drive remediation of vulnerabilities and security findings across the stack
• Partner with Developers and Data Engineers to embed security into the SDLC and strengthen security culture
• Support security operations, including incident response and root cause analysis

Qualifications:

• 3+ years of hands-on experience in DevOps, SRE, DevSecOps, or Cloud Security roles in production environments
• Strong ownership mindset with proven ability to lead initiatives end-to-end with minimal supervision
• Strong cloud security expertise (AWS or GCP preferred), including IAM, networking, and managed services
• Strong Linux fundamentals and hardening experience; scripting/automation skills in Python and/or Bash
• Solid experience with CI/CD pipelines (GitHub Actions, Jenkins, etc.) and container platforms (Docker, Kubernetes)
• Strong understanding of system architecture, REST APIs, and networking fundamentals (DNS, TCP/IP, load balancing)
• Strong knowledge of authentication and authorization mechanisms (OAuth, OIDC, SAML) and secure token/secret handling
• Hands-on experience implementing security scanning tools (SAST/DAST/SCA), including tuning and enforcing build-blocking when required
• Familiarity with security standards and best practices (OWASP Top 10, NIST, CIS)
• Exposure to AI/ML security and securing LLM integrations - major plus
• Strong English communication skills, with the ability to explain risk clearly to both technical and non-technical stakeholders
• Analytical thinker, with a proactive approach, who can prioritize effectively in a fast-paced environment