Senior DevSecOps Engineer
Monday.com
Job Overview
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.
Job Description
Description
We are monday.com, a global software company transforming how businesses run. Our product suite can adapt to the needs of diverse industries and use cases within one powerful platform, empowering ~250,000 customers worldwide to reimagine how work gets done, drive greater efficiency, and scale like never before.
With over 3,000 employees across the globe, we grow by prioritizing transparency and knowledge sharing. We care about the impact you make, not the hours you clock, so we encourage initiative, ownership, and fresh thinking. We back our people with flexible work, wellness and mental health support, and a work environment built on collaboration.
We're looking for a Senior DevSecOps Engineer to join our team, where you’ll have the chance to grow your career while solving impactful, high-scale problems. This role requires a keen understanding of security practices integrated within the software development lifecycle. The ideal candidate will play a crucial role in securing our CI/CD pipelines, working with Web Application Firewalls, and managing our Cloud Security Posture. A person in this role will be a part of the team serving a key entity in communication and synchronization between the several groups of stakeholders (Infrastructure, Development, Security), fostering a culture of security awareness and collaboration across all the teams.
We fully embrace the AI revolution and we equip you with AI-powered IDEs, customizable agent rules, prompt engineering tools to streamline your workflow and AI-infused CI/CD pipelines designed to boost speed and reliability. You'll also tap into AI-driven insights, helping you make smarter decisions, faster.
Role
The role is based in our Warsaw office - established in 2022, it is a growing hub for engineers who love solving impactful problems. Teams here work on a broad range of challenges that push the boundaries of our products and infrastructure. Dive into these blog posts to discover the kind of work that could be waiting for you:
- Detecting traffic anomalies at scale
- Managing Trace Volume at monday.com
- How we mastered Content Security Policy
- Guarding the herd – managing database servers at scale
About The Role
Securing CI/CD Pipelines:
- Implement and manage security controls for CI/CD pipelines.
- Automate security testing and vulnerability management within the CI/CD process using tools like Terraform.
- Collaborate with development teams to integrate security best practices and policies.
Working With WAFs
- Configure and manage Web Application Firewalls (WAFs) such as Cloudflare to protect web applications from security threats.
- Monitor and update WAF rules to respond to new vulnerabilities and attack vectors.
- Conduct regular security assessments and audits of WAF configurations.
Cloud Security Posture Management
- Develop and implement cloud security best practices and policies.
- Continuously monitor cloud environments using tools like AWS Guard Duty, Wiz, Orca, DataDog and similar to ensure compliance with security standards.
- Collaborate with cloud operations teams to identify and remediate security risks.
- Managing security cloud configuration with tools like Terraform and CDK.
Implementing Security Self Service Approach
- Development security tools in the organization IDP
- Testing/performing PoC of new security tools to increase efficiency development practices in the security context and foster Secure by Design principle.
Requirements
- 5+ years of experience in DevOps/DevSecOps or related roles.
- Passion for keeping systems secure.
- Proficiency in any of languages Python/Go/Typescript.
- Experience with Kubernetes.
- Strong understanding of operating systems and networking.
- Expertise implementing Shift Left/Secure by Design inside CI/CD pipelines using SAST/DAST tools such SonarQube, Dependabot alert, Wiz and others.
- Experience with configuring and managing Web Application Firewalls (WAFs) such as AWS WAF, Cloudflare, or similar.
- Excellent problem-solving and communication skills.
Key skills/competency
- DevSecOps
- Cloud Security
- CI/CD Security
- Web Application Firewalls (WAFs)
- Kubernetes
- Terraform
- Python/Go/Typescript
- Vulnerability Management
- Secure by Design
- AWS Guard Duty
How to Get Hired at Monday.com
- Research monday.com's culture: Study their mission, values, recent news, and employee testimonials on LinkedIn and Glassdoor. Understand their emphasis on transparency, ownership, and collaboration.
- Tailor your resume for DevSecOps: Customize your application to highlight experience in CI/CD security, cloud security posture management, WAF configuration, and relevant programming languages like Python/Go/Typescript. Use keywords from the job description.
- Showcase technical expertise: Be prepared to discuss your practical experience with tools like Terraform, Kubernetes, Cloudflare, AWS Guard Duty, Wiz, SonarQube, and Dependabot. Emphasize your ability to implement Shift Left and Secure by Design principles.
- Prepare for behavioral questions: Focus on demonstrating your problem-solving skills, communication abilities, and experience fostering a culture of security awareness across different stakeholder groups. Provide specific examples of impactful security solutions you've delivered.
- Understand monday.com's AI integration: Be aware of their embrace of AI-powered tools in development and CI/CD. Consider how you could leverage or contribute to AI-driven insights in a DevSecOps context.
Frequently Asked Questions
Find answers to common questions about this job opportunity
Explore similar opportunities that match your background