DevSecOps Engineer

Who we are:

Resident is an industry leader in the Direct-to-Consumer (e-commerce) space. While our customers are primarily based in the US our R&D Product and Data teams have been operating out of Tel Aviv since our founding. Our mission is simple: we are building a best-in-class e-commerce platform that leverages data and technology to create a competitive advantage for our brands. Starting from the marketing acquisition funnel and continuing through each customers journey our tools and technology enable us to go the extra step to deliver a world-class customer experience.

Our company is built around continuously improving our ability to introduce new customers to our products and wow them with exceptional experiences through the shopping and post-purchase journey. We love to use data and metrics to drive our decisions while keeping in mind that customers dont speak in numbers and that each one should be treated as a member of our family. Oh and by the way youll get to work with a diverse group of experts around the globe. You can expect a hard-working team of people who understand how to create meaningful connections and get great work done virtually - its in our nature!

What we do:

Our DevOps team is responsible for the Resident platforms end-to-end from cloud infrastructure to production delivery. We build and operate the systems that enable engineering teams to move fast and safely while ensuring high standards of reliability security performance and scalability. Through automation strong architecture and secure-by-design practices we continuously improve how we deploy monitor and protect our production environments.

What you will be doing:

As the sole DevSecOps owner within the DevOps team you will take end-to-end responsibility for improving the security of our cloud and production environments. You will design and implement security controls across AWS/GCP- from hardening infrastructure and securing Kubernetes to ensure our platform stays secure as it scales.

You will work closely with cross-functional teams such as DevOps R&D Product and Data to embed security into the way we build software. This role is ideal for someone who wants to make a real impact takes ownership of cross-team initiatives is curious and eager to learn and enjoys driving improvements that raise the security bar across the company.

This is a hybrid role requiring 2 days per week at our R&D site in Tel Aviv.

Responsibilities:

• Architect implement and maintain a strong security posture across cloud environments (AWS / GCP) aligned with best practices (CIS Benchmarks Well-Architected Framework)
• Own and integrate automated security controls into CI/CD pipelines (SAST DAST SCA container scanning) including tuning to reduce noise and enforce policy gates
• Secure Infrastructure as Code (IaC) and harden servers services and Kubernetes clusters
• Design and manage IAM roles policies and secrets management to enforce Least Privilege
• Lead security initiatives around emerging technologies including AI models LLM integrations and data pipelines
• Continuously monitor and drive remediation of vulnerabilities and security findings across the stack
• Partner with Developers and Data Engineers to embed security into the SDLC and strengthen security culture
• Support security operations including incident response and root cause analysis

Qualifications:

• 3 years of hands-on experience in DevOps SRE DevSecOps or Cloud Security roles in production environments
• Strong ownership mindset with proven ability to lead initiatives end-to-end with minimal supervision
• Strong cloud security expertise (AWS or GCP preferred) including IAM networking and managed services
• Strong Linux fundamentals and hardening experience; scripting/automation skills in Python and/or Bash
• Solid experience with CI/CD pipelines (GitHub Actions Jenkins etc.) and container platforms (Docker Kubernetes)
• Strong understanding of system architecture REST APIs and networking fundamentals (DNS TCP/IP load balancing)
• Strong knowledge of authentication and authorization mechanisms (OAuth OIDC SAML) and secure token/secret handling
• Hands-on experience implementing security scanning tools (SAST/DAST/SCA) including tuning and enforcing build-blocking when required
• Familiarity with security standards and best practices (OWASP Top 10 NIST CIS)
• Exposure to AI/ML security and securing LLM integrations - major plus
• Strong English communication skills with the ability to explain risk clearly to both technical and non-technical stakeholders
• Analytical thinker with a proactive approach who can prioritize effectively in a fast-paced environment