Devops Engineer • Senior

Who you are

You have over 5 years of experience in a senior DevSecOps or Application/Product Security role, demonstrating a strong working knowledge of DevSecOps principles and the modern application threat landscape, including the OWASP Top 10. Your expertise in balancing rapid innovation with robust security practices is essential for success in this role. You are adept at embedding automated security controls into CI/CD pipelines, ensuring that security is integrated seamlessly into the software development lifecycle.

Your deep understanding of open-source security and supply chain management allows you to manage and harden open-source software dependencies effectively. You have hands-on experience utilizing Software Composition Analysis (SCA) tools such as Dependency-Check, Snyk, and Black Duck to maintain an accurate Software Bill of Materials (SBOM) for all products. You excel in vulnerability and risk management, establishing and owning a continuous CVE tracking and remediation process.

You are skilled in risk-rating vulnerabilities based on exploitability and business impact, driving engineering teams to remediate security risks efficiently through automation. Your ability to communicate complex security concepts to technical and non-technical stakeholders makes you a valuable asset to any team. You thrive in collaborative environments and are committed to empowering teams to deliver exceptional value while upholding security standards.

Desirable

Experience with cloud security practices and familiarity with various cloud platforms will be advantageous. Knowledge of compliance frameworks and regulations related to security will also be beneficial. You are encouraged to apply even if your experience doesn't match every requirement, as we value curiosity and a growth mindset.

What you'll do

In this role, you will be a critical enabler for teams, empowering them to move swiftly while ensuring that security standards are upheld throughout the software development lifecycle. You will work closely with engineering teams to integrate security practices into their workflows, ensuring that security is not an afterthought but a fundamental aspect of the development process. Your responsibilities will include designing and implementing automated security controls within CI/CD pipelines, enabling teams to shift left and address security concerns early in the development cycle.

You will lead initiatives to enhance the security posture of the organization by implementing best practices for vulnerability management and risk assessment. This includes establishing a continuous CVE tracking and remediation process, as well as providing guidance on risk-rating vulnerabilities based on their exploitability and business impact. You will collaborate with cross-functional teams to ensure that security considerations are integrated into product development from the outset.

Your role will also involve conducting security assessments and audits of open-source software dependencies, ensuring that they are managed and hardened effectively. You will leverage your expertise in SCA tools to maintain an accurate SBOM for all products, providing visibility into the security of the software supply chain. Additionally, you will stay up-to-date with the latest security trends and threats, continuously improving the organization's security practices and tools.

What we offer

At Taboola, we offer a dynamic work environment where innovation and security go hand in hand. You will have the opportunity to work with cutting-edge technologies and collaborate with talented professionals who are passionate about delivering exceptional value to clients. We provide a hybrid work model that allows for flexibility while fostering collaboration and teamwork. Our commitment to professional development means you will have access to resources and training to enhance your skills and advance your career in the field of security and DevOps.

Join us at Taboola and be part of a team that is dedicated to pushing the boundaries of performance-driven advertising while maintaining the highest security standards. We look forward to your application.