DevSecOps Engineer

Take ownership of complex technological problems.

We are monday.com, a global software company transforming how businesses run. Our product suite can adapt to the needs of diverse industries and use cases within one powerful platform, empowering ~245,000 customers worldwide to reimagine how work gets done, drive greater efficiency, and scale like never before.

With over 2,500 employees across the globe, we grow by prioritizing transparency and knowledge sharing. We care about the impact you make, not the hours you clock, so we encourage initiative, ownership, and fresh thinking. We back our people with flexible work, wellness and mental health support, and a work environment built on collaboration.

We’re looking for a DevSecOps to join our team, where you’ll have the chance to grow your career while solving impactful, high-scale problems. This role requires a keen understanding of security practices integrated within the software development lifecycle. The ideal candidate will play a crucial role in securing our CI/CD pipelines, working with Web Application Firewalls, and managing our Cloud Security Posture. A person in this role will be a part of the team serving a key entity in communication and synchronization between the several groups of stakeholders (Infrastructure, Development, Security), fostering a culture of security awareness and collaboration across all the teams.

The role is based in our Warsaw office - established in 2022, it is a growing hub for engineers who love solving impactful problems. Teams here work on a broad range of challenges that push the boundaries of our products and infrastructure. Dive into these blog posts to discover the kind of work that could be waiting for you:

• Detecting traffic anomalies at scale
• Managing Trace Volume at monday.com
• How we mastered Content Security Policy

About The Role

Securing CI/CD Pipelines:

• Implement and manage security controls for CI/CD pipelines.
• Automate security testing and vulnerability management within the CI/CD process using tools like Terraform.
• Collaborate with development teams to integrate security best practices and policies.

Working with WAFs:

• Configure and manage Web Application Firewalls (WAFs) such as Cloudflare to protect web applications from security threats.
• Monitor and update WAF rules to respond to new vulnerabilities and attack vectors.
• Conduct regular security assessments and audits of WAF configurations.

Cloud Security Posture Management:

• Develop and implement cloud security best practices and policies.
• Continuously monitor cloud environments using tools like AWS Guard Duty, Wiz, Orca, WAF, Cloudflare and similar to ensure compliance with security standards.
• Collaborate with cloud operations teams to identify and remediate security risks.
• Managing security cloud configuration with tools like Terraform and CDK

Implementing Security Self Service approach:

• Development security tools in the organization IDP
• Testing/performing PoC of new security tools to increase efficiency development practices in the security context and foster Secure by Design principle.

Your Experience & Skills

• 3+ years of experience in DevOps/DevSecOps or related roles.
• Passion for keeping systems secure.
• Proficiency in any of languages Python/Go/Typescript.
• Expertise implementing Shift Left/Secure by Design inside CI/CD pipelines using tools such SonarQube, Dependabot alert, Wiz and others.
• Experience with configuring and managing Web Application Firewalls (WAFs) such as AWS WAF, Cloudflare, or similar.
• Excellent problem-solving and communication skills.

What to expect next?

• First up, you'll have a quick 15-20 minute chat with our Talent Acquisition Partner.
• If that goes well, we'll move forward to technical stages that might include: coding interview (90 minutes), and system design interview (1 hour).
• If successful, we'd love to meet you in person too! So, the final stages will be in our Warsaw office, where you'll have a Management Interview and an HR Interview, each lasting about an hour.
• If everything clicks, we'll be thrilled to offer you a spot on our team!

Benefits

• From Monday to Wednesday, we'll fuel your day with free breakfast and lunch in the office.
• Enjoy private medical care and Multisport card to keep you healthy.
• We've got you covered with life insurance.
• We care of employee's mental health as well - you will get access to Calm Mindfulness App.
• Get awesome discounts on our partners' products and services.
• Join in on our fun team events and get-togethers.
• Look forward to a little something special from us during your birthday and work anniversaries.
• For Online Learning opportunities, you will gain access to LinkedIn Learning.