DevSecOps Engineer

Responsibilities

• Serve as Cloud Security Subject Matter Expert (SME), actively supporting R&D and product teams in developing secure solutions.
• Design secure cloud architectures and implement practical, automated, and scalable controls across services in partnership with DevOps, R&D, and Product teams.
• Continuously assess cloud security posture, identifying gaps and opportunities to reduce risk and adopt best practices.
• Implement, mature, and automate end-to-end cloud security controls across AWS, Kubernetes, CI/CD pipelines, and self-managed systems.
• Lead and improve vulnerability management workflows; communicate vulnerabilities and mitigation strategies to stakeholders, balancing business agility and security.
• Own the full lifecycle of security initiatives from proof of concept (POC) and design to deployment and operation while promoting a security-first mindset.
• Maintain and develop the team knowledge base.
• Stay curious and enjoy working with modern security tools and technologies.

Requirements

• 5+ years of hands-on experience as Cloud Security Engineer, DevSecOps, or similar roles within an AWS environment.
• Expertise in managing cloud security controls (IAM, Security Groups/ACLs, WAF, IDS/IPS, load balancing, proxies, VMs, serverless).
• Experience securing Kubernetes and containerized workloads.
• Proficiency with Python/Bash scripting and automation.
• Experience with Infrastructure-as-Code (IaC), preferably Terraform, and CI/CD tooling (e.g., GitHub Actions).
• Strong communication skills to influence and guide teams as a cloud security SME.
• Excellent problem-solving skills for high-complexity environments.
• Excellent written and verbal English.
• Preferred Qualifications (Nice to Have):
• AWS certifications (AWS Certified Solutions Architect, AWS Certified DevOps Engineer, AWS Certified Security - Specialty).
• Experience with CSPM, CNAPP, CWPP, and EDR solutions.
• Familiarity with security standards and frameworks (ISO, TSC, NIST) and their application to cloud environments.
• Team Culture:

Benefits

Additional Information

Yotpo is leading the next era of trust and loyalty in eCommerce. With AI-powered Reviews and Loyalty solutions, we help brands turn browsers into customers and customers into advocates. Through deep integrations across the eCommerce ecosystem and the trust of over 30,000 global brands, Yotpo delivers seamless omnichannel experiences that increase conversion, strengthen customer relationships, and drive profitable, long-term growth. At Yotpo, we are committed to creating secure, reliable, and innovative solutions for our customers. The Security Team is a core part of every aspect of Yotpo's business - from customers to backend systems and everything in between. As a Senior Cloud Security Engineer, you will play an integral role in designing, maturing, and automating our cloud security controls. You will also contribute to other security domains and initiatives such as Incident Response, Security Monitoring and Risk Management. You will work in close partnership with our DevOps, R&D and Product teams to help strengthen our security posture and our platform. Why Join Us: Engineers will immerse themselves in a complex, large-scale environment that offers the chance to work with diverse technologies. This unique setting is an exceptional opportunity for growth that not every company can provide. Be at the forefront of cybersecurity, tackling complex and emerging challenges. Freedom to innovate and implement impactful solutions that directly enhance Yotpo's overall security posture. Engage with a wide range of projects to develop deep knowledge across multiple security domains.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at yotpo? Share your experience