At Cyolo, security is part of the product.

We are looking for a motivated and results-driven DevSecOps Engineer to take ownership of securing our platform, drive improvements across our CI/CD pipelines and cloud infrastructure, and strengthen Cyolo’s security posture while enabling fast, safe delivery for our customers.

You will work closely with R&D teams, embedding security into code, pipelines, and infrastructure while keeping engineering velocity high. You will take on high-scale security challenges, implement automations and improvements in our security tooling, and drive solutions that keep our platform safe and reliable.

As the DevSecOps Engineer, you will:

• Be hands-on, end-to-end, securing Cyolo’s applications and cloud infrastructure
• Implement and operate application security controls across the SDLC
• Build, integrate, and maintain security automation inside CI/CD pipelines
• Actively review code, IaC, and architecture from a security perspective
• Perform threat modeling and guide engineers toward secure design decisions
• Identify, triage, and remediate application and infrastructure vulnerabilities
• Own IAM architecture, permissions, access policies, and secrets management
• Execute and manage penetration testing, vulnerability scans, and bug bounty findings
• Be hands-on in implementing SOC controls and evidence collection
• Support internal and external audits with strong technical ownership
• Improve security monitoring, alerting, and incident response capabilities
  
  

As the DevSecOps Engineer, you should have:

• 5+ years of hands-on experience in DevOps, Application Security, and Infrastructure Security
• Proven experience working on production SaaS systems
• Strong software engineering skills with solid application security expertise
• Strong hands-on experience securing cloud environments (AWS / GCP / Azure)
• Practical experience with CI/CD, IaC, and DevOps tooling (GitHub Actions, Terraform, CloudFormation, etc.)
• Hands-on experience with security tools such as CSPM, SAST, SCA, and secret scanning (Orca, Veracode, or similar)
• Experience building automations and integrations around security tooling
• Familiarity with security frameworks such as SOC 2