Allot Careers

Join our team to realize your potential.

Join Us at Allot

Madrid , Spain ● Full time
DevSecOps Engineer

Job Description :

Who we are:

Allot is an industry leader in network security and visibility. A global growing company in cyber-security with a strong Tier1 customer base. We embrace an Agile way of working, priding ourselves on being fast, diverse, and dynamic. We are real team players who are ready to go the extra mile to succeed. We believe that anyone can make an impact and together our team spirit makes all the difference. This is your opportunity to develop, professionally, and personally.

What we’re looking for:

We are looking for an DevSecOps to join our AppSec team. Application security (AppSec) is an integral part of Allot products’ security. In this role, you will work closely with development and DevOps teams to ensure the security of our applications.

What you’ll do:

  • Automate security tools to our CI pipeline (Jenkins)
  • Proactively address security vulnerabilities by crafting countermeasures as well as implementing new industry solutions.
  • Be part of product architecture and infrastructure design - Design and leverage the backend infrastructure and its security aspects.
  • Collaborate with the development engineers and provide mitigation recommendations
  • Work closely with the DevOps group.
  • Solve challenges around OS security, protocol hardening, network segmentation, etc.
  • Research new security controls for the OS and our Application domain, review and integrate them into the system.
  • Explore and implement new security automation tools.

Requirements :

What you should have:

  • 3+ years of relevant work experience as a DevSecOps engineer and administrating Linux-based systems.
  • Experience using SAST and DAST tools for application security testing Services.
  • Experience with IAAC tools like Terraform.
  • Experience with configuration management tools like Chef / Ansible.
  • Support application security reviews: Threat modeling, Application code (in-house) & dependencies (libraries, packages, etc.), Authentication & authorization flows, Application configuration, Data privacy (encryption, anonymization).
  • Experience building and maintaining infrastructure, tools, and services to improve delivery and availability.
  • Experience with containerized environments and micro-services (i.e. Docker & K8S).
  • Experience with cloud architectures such as GCP or AWS (AWS big advantage).
  • Knowledge of build/release systems, CI/CD systems, Jenkins, GIT.
  • Great programming and Scripting skills (Python, Bash, etc.).
  • Excellent problem-solving skills, along with the ability to work independently.
  • Being able to cooperate closely with all business lines and functions of the company.

As an advantage:

  • Background in the security domains such as secure execution, container security, pen testing, security audits etc.
  • Good familiarity with Snyk, SonarCube, Aqua, Nessus, and Jenkins.
  • Contribution to open source projects (additional bonus to security projects)
  • Familiarity with cryptographic algorithms, authentication protocols, transport layer security, Linux OS hardening principles (e.g: SELinux), secure coding practices (SSDLC) etc.
  • Desire to face and solve the unknown.
  • Proactive approach and initiative.
Show all jobs...