Senior DevSecOps Engineer

Here is the gist:

HoneyBook is the leading client flow management platform that makes it easy for independent business owners to sell and deliver their services online. Offering powerful tools for communication, contracts, invoicing, payments, and more, the platform puts independent professionals in control of their process and client experience. HoneyBook is trusted by over 100,000 service-based businesses in the United States and Canada that have booked more than $10 billion in business on the platform.

Our culture is built on five core values that inform everything we do. We encourage collaboration, feedback, ownership and have a growth mindset. We know experience comes in many different forms, some visible on your resume, others not. No one candidate will be a 100% perfect match to our description, so if you thrive in a fast-paced, intellectually-charged environment and have similar experience to what we are looking for, we encourage you to apply.

We are looking for a DevSecOps Engineer to join our vibrant Devops team within the Platform group in Tel- Aviv!

As a DevSecOps Engineer at HoneyBook, you'll play a crucial role in securing our AWS cloud infrastructure and CI/CD pipelines. You'll work closely with our development and security teams to integrate security best practices into our development lifecycle and cloud infrastructure.

What You'll Do:

• Infrastructure Security:
• Implement and enforce security policies and controls, such as IAM roles, access policies, K8S clusters security configuration, and network security groups.
• Proactively identify and mitigate security risks and vulnerabilities in our AWS infrastructure.
• Collaborate with security teams to improve our overall security posture.
• CI/CD Security:
• Integrate security tools and processes into our CI/CD pipeline to automate security testing and vulnerability scanning.
• Collaborate with development teams to establish and enforce security best practices throughout the development lifecycle.
• Incident Response:
• Develop and maintain incident response plans to effectively address security incidents.
• Conduct thorough investigations to determine the root cause of security breaches and implement corrective actions.
• Vulnerability Management:
• Stay up-to-date with the latest security threats and vulnerabilities.
• Prioritize and remediate security vulnerabilities identified through vulnerability scans and security assessments.
• Work closely with development teams to address vulnerabilities in code and infrastructure.

What We're Looking For:

• At least 2 years of experience in DevSecOps or 4 year of experience in DevOps role from product companies
• Strong understanding of cloud security principles and best practices, particularly in AWS.
• Proficiency in scripting languages and IaC tools. We use mostly bash for scripting and argocd, terraform for IaC but if you have experience with equivalent languages and/or tools that’s good as well
• Hands-on experience with security configuration tools such as Wiz or similar.
• Experience with CI/CD pipelines (CodeFresh, Jenkins, GitLab CI/CD, etc.) and security tools (e.g., vulnerability scanners, security testing tools).
• Hands-on experience with Kubernetes and containerization technologies (Docker).
• Experience with Linux system administration skills.
• Knowledge of network security concepts (e.g. DNS, SSL, reverse proxy, Nginx, WebSockets).
• An ability to assess and prioritize tasks based on both business and security risks. 
• A passion for security and a commitment to continuous improvement.
• Team player, strong communication skills, egoless, transparency, and positive attitude.
• Ability to take ownership and make an impact.

Preferred Skills:

• Certifications in cloud security (e.g., AWS Certified Security Specialty).
• Knowledge of security frameworks and standards (e.g., NIST, CIS).

The good stuff:

• Mission-driven: You'll be joining more than just another startup - our members are at the heart of everything we do.
• Impact: We move quickly and encourage every employee to push the envelope. Our best ideas come from out-of-the-box thinking and innovation; be ready to fail fast and often!
• Compensation: We offer a competitive salary + meaningful equity based on merit.
• Benefits + Perks: From wellness programs to exceptional family leave policies, the health and happiness of our employees is foremost.

Our core values:

• People come first - As we explore opportunities and work through challenges.
• Raise the bar - We push for greatness - for ourselves and our members.
• Own it - Trust and ownership let us make decisions with confidence.
• We love what we do - And what we create for our members.
• Keep it real - Authenticity, respect and transparency are at our core.

The opportunity at HoneyBook is huge – our primary customers today are creative businesses that generate in aggregate $150B in revenue per year in the US. Founded in 2013, HoneyBook is based in San Francisco and Tel Aviv, has raised $498M and is funded by Tiger Global Management, Norwest Venture Partners, Aleph, Hillsven Capital, OurCrowd, Durable Capital Partners LP, Vintage Investment Partners, Battery Ventures, Citi Ventures, Zeev Ventures and 01 Advisors.

Follow us on Instagram, Facebook and Medium and catch the latest stories about HoneyBook. Read about what our employees are saying about us on Glassdoor.