Security Engineer • Senior

Who you are

You have 5+ years of experience in a senior DevSecOps or Application/Product Security role, demonstrating deep expertise in DevSecOps principles and a strong understanding of the modern application threat landscape, including the OWASP Top 10. Your proven ability to 'shift left' security by embedding automated security controls such as SAST, DAST, SCA, and IAST into CI/CD pipelines is essential for this role. You possess hands-on experience managing and hardening open-source software dependencies, showcasing your mastery in open source security and supply chain management.

Your expertise in utilizing Software Composition Analysis (SCA) tools like Dependency-Check, Snyk, and Black Duck allows you to maintain an accurate Software Bill of Materials (SBOM) for all products. You are a vulnerability and risk management pro, capable of establishing and owning a continuous CVE tracking and remediation process. Your ability to risk-rate vulnerabilities based on exploitability and business impact drives engineering teams to efficiently remediate security risks using automation.

What you'll do

In this role, you will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC). You will empower teams to move swiftly while upholding the required security standards, ensuring that security practices are integrated into the development process. Your contributions will be critical in balancing rapid innovation with robust security practices, enabling the company to deliver exceptional value to clients.

You will collaborate closely with engineering teams to embed security controls into CI/CD pipelines, ensuring that security is a fundamental aspect of the development process. Your role will involve continuous monitoring and improvement of security practices, as well as educating teams on security best practices and the importance of maintaining a secure development environment.

What we offer

At Taboola, you will be part of a leading performance-driven advertising company that values innovation and security. We encourage you to apply even if your experience doesn't match every requirement. Join us in our mission to empower teams and deliver exceptional value to our clients while maintaining the highest security standards.