large enterprises and startups with proactive, end-to-end cybersecurity
services.
Through its most popular offering, CISO-as-a-Service, IPV has an exciting
opening for a DevSecOps position.
Responsibilities:
* Address cloud infrastructure security issues and their validity by identifying root cause and propose resolution
* Assess the critical assets and integrate them into the security defense layers
* Evaluate and research alerts in real time
* Adjust defense layers configuration accordingly as needed
* Scan open-source code for vulnerabilities, develop a prioritized report, and advise development how to mitigate
* Conduct and review Infra scans (both cloud and machine configurations/CVEs), develop report and advise development how to mitigate
* Maintain (including writing software) the WAF implementation process
* Product management: Be the focal point to advice on new product / features security aspects
* Manage, maintain, follow up R&D security board
Job Requirements:
* Review software design in multiple languages and deduce critical aspects of the code (security wise) as well as how to mitigate them
* Know-how regarding DB security and optimization (MySQL/PostgreSQL/ElasticSearch/Redis)
* In depth (hands-on) knowledge of all critical AWS services such as EC2, RDS, S3, Route53 etc
* Deep understanding of k8s security, the risks it poses and mitigations (RBAC, OPA and etc)
* OWASP Top 10, CVEs, CIS Benchmarks (k8s/linux/etc), CI/CD, git, ELK, etc.
* Docker, Helm, Terraform, Chef, Ansible, Jenkins, etc
* Able to conduct PoCs between different solutions, excellent verbal & written skills in English as well as Hebrew
