Cloud security engineer

Company Overview

300+ media companies as clients, $40+ billion in revenue processed, 25,000+ worldwide users.

Operative
is a revenue accelerant for media companies around the world. No other software company in AdTech space, brings a comparable depth of experience to create truly innovative software that performs across all platforms, revenue models and business units. We are a SAAS (Software as a Service) platform which helps clients manage advertisements both in the linear (TV) and digital space. We have been in the market for over two decades and have 1100+ employees with 12 offices spread across the globe.
Operative
is proud to play a pivotal role in the way advertising is bought, sold and managed across media industry.

JOB SUMMARY

The Senior Cloud Security Engineer embeds security into CI/CD pipelines, ensuring vulnerabilities and misconfigurations are caught early fulfilling our "shift left" objectives. This role bridges Cloud Operations and Security, Engineering, App Support and SRE teams by embedding automated guardrails across the delivery pipeline.

Key Responsibilities

A) Embed Security into CI/CD Pipelines ("Shift Left")

• Integrate security checks (SAST, DAST, SCA, Container Image Scanning) within CI/CD workflows across AWS and GCP environments.
• Build reusable automation templates (e.g., Terraform modules, GitHub Actions, Jenkins pipelines) that ensure security and compliance by design.
• Enable engineering teams to detect and fix issues early in the software lifecycle — reducing mean time to remediation (MTTR).

B) Automate Cloud Governance and Policy Enforcement

• Implement and manage policy-as-code using tools like Cloud Custodian (Cost), AWS Config, and GCP Organization Policies. (Config Drift)
• Enforce organizational standards for tagging, encryption, IAM, and resource lifecycle across AWS and GCP.
• Continuously monitor and auto-remediate deviations to maintain posture compliance with internal controls and external frameworks like ISO and CI

C) Enhance Cloud Security Posture and Risk Visibility

• Build automation around CSPM tools and open-source scanners (e.g., Trivy, Syft/Grype, ZAP) for continuous visibility into vulnerabilities and misconfigurations.
• Correlate findings with risk and compliance dashboards (e.g., DefectDojo, GitHub Security Dashboard, PowerBI) to drive actionable insights.
• Partner with the CISO/GRC, Engineering and App Support teams to address exceptions and reduce overall risk exposure.

D) Integrate Security and Cost Efficiency

• Collaborate with FinOps team to embed cost governance within DevSecOps automation, ensuring that secure deployments also remain cost-optimized.
• Use tagging standards and guardrails to align cost, compliance, and ownership data across cloud resources.
• Contribute to a culture of secure, efficient, and responsible cloud operations.

E) Cross-Team Enablement and Incident Readiness

• Act as the technical bridge between developers, SREs, and security teams — promoting DevSecOps best practices.
• Develop playbooks for vulnerability triage, misconfiguration remediation, and incident readiness across AWS and GCP.
• Conduct periodic workshops and code reviews to uplift security awareness and automation maturity within engineering teams.

Expectations from the role

• Reduced Mean Time to Detect (MTTD) & Remediate (MTTR) by automating vulnerability detection.
• Lower Production Incidents by catching misconfigurations before release.
• Accelerated Release Cycles with security checks running in parallel, not blocking deployments.
• Improved Compliance Posture with automated reporting and audit-ready evidence.

Qualification and Experience

Technical Expertise

• 5–7 years of experience in DevSecOps, Cloud Security, or Cloud Platform Engineering.
• Hands-on experience with AWS and GCP cloud services, IAM, networking, and security fundamentals.
• Proficiency with IaC tools (Terraform, CloudFormation) and CI/CD pipelines.
• Experience with security scanning tools such as SemGrep/ SonarQube Community Edition/ OWASP ZAP (Zed Attack Proxy)/Trivy
• OpenSource knowledge is preferred
• Strong scripting skills in Python, Bash, or PowerShell.
• Familiarity with CSPM and SIEM tools (Trend Micro, New Relic, Cloud Custodian, GCP Security Command Center, GuardDuty, Crowdstrike etc.).

Governance & Process

• Understanding of cloud governance frameworks, tagging standards, and cost-optimization practices.
• Experience with risk management, compliance controls, and policy-as-code.
• Ability to translate security requirements into automated enforcement mechanisms.

Soft Skills

• Strong problem-solving and analytical mindset.
• Excellent communication and cross-team collaboration skills.
• Ownership-driven attitude — thrives in fast-paced, multi-cloud environments.

Preferred Certifications

• AWS Certified Security – Specialty or AWS Certified DevOps Engineer – Professional
• Google Professional Cloud Security Engineer
• HashiCorp Certified Terraform Associate
• Certified Kubernetes Security Specialist (CKS)

Why join us ?

• Operative is a technology-oriented product organization that believes in empowering its people
• We use the latest tech stack and empower our engineers to learn, work and ideate on new technologies available in the market
• We provide flexi work schedules and remote working to encourage work life balance
• We are an equal opportunities employer and recruit based on the experience and skill set.
• We offer a competitive salary and benefits package

Please apply online and upload your CV.

"Operative is a merit-first, equal opportunity employer; diverse applications are encouraged."

Operative cares about your privacy and protecting your data. By submitting an application for a position with Operative, you acknowledge that you have read the following and consent to how Operative treats your data: 1) the Candidate Privacy Policy available at (or if you are a candidate from Israel the Candidate Privacy Notice (Israel), available at , and 2) the Candidate Notice for Data Transfer and Retention available