Skip to content

DevSecOps

Cato NetworksTel Aviv, IsraelJuly 19, 2026
On-site
Full-time
DevSecOps
Mid · 3+ yrs

Welcome to the future of cloud networking and security!  

Cato Networks is the first company to converge enterprise networking and security into one centralized and global service that is delivered by cloud. It is led by networking and security pioneer Shlomo Kramer (Check Point, Imperva) and early investor (Palo Alto Networks, Exabeam, Trusteer and more). Cato’s unique technology inspired a brand-new product category, later named “SASE” by Gartner and a market expected to reach $28.5 billion by 2028.

This is your opportunity to get on the rocket ship and join a company that is building a cutting-edge enterprise network and secure cloud platform, and is on a fast track to becoming the worldwide market leader – don’t miss it!

Cato Networks is the first company to converge enterprise networking and security into one centralized and
global service that is delivered by cloud. It is led by networking and security pioneer Shlomo Kramer (Check Point,
Imperva) and early investor (Palo Alto Networks, Exabeam, Trusteer and more). Cato’s unique technology
inspired a brand-new product category, later named “SASE” by Gartner and a market expected to reach $28.5
billion by 2028. This is your opportunity to get on the rocket ship and join a company that is building a cutting-
edge enterprise network and secure cloud platform, and is on a fast track to becoming the worldwide market
leader – don’t miss it!

We’re looking for an Application Security Engineer (DevSecOps) to join us. In this role, you will embed security
across our software development lifecycle, build and automate security into our CI/CD pipelines, and help our
R&D teams ship secure code at scale. You will own the tooling, processes, and operational practices that keep our
applications and infrastructure secure by design and secure at runtime.

Responsibilities
• Design, implement, and continuously improve the Secure SDLC across R&D, embedding security controls at
every stage from design to deployment.
• Build and maintain security automation within CI/CD pipelines (SAST, DAST, SCA, secrets scanning, IaC
scanning) to catch issues early and reduce friction for developers.
• Own the vulnerability management program: triage, prioritize, track, and drive remediation of findings
across applications, dependencies, and infrastructure.
• Manage software supply chain security, including third-party and open-source dependency risk, SBOM
generation, and artifact integrity.
• Own runtime application security, including runtime dependency and CVE detection, exploitation detection,
and Cloud Application Detection & Response (CADR).
• Secure application infrastructure, including containers (Docker), orchestration (Kubernetes), and AWS cloud
environments.
• Define and operate the AppSec detection and response function: set alert scope and severity, build
playbooks, and drive triage and response for security findings across build time and runtime.
• Partner with developers to promote secure coding practices, provide guidance and training, and support
threat modeling and security design reviews.
• Define security policies, guardrails, and standards as code, and measure their effectiveness over time.
• Stay current on emerging threats, tooling, and best practices to continuously raise the security bar.

Requirements
• At least 3 years of experience in application security, DevSecOps, or a related security engineering role.
• Hands-on experience integrating and operating security tools in CI/CD pipelines (SAST, DAST,
SCA/dependency scanning, secrets detection).
• Strong understanding of Secure SDLC principles and experience driving them across engineering teams.
• Experience with software supply chain security and dependency/vulnerability management at scale.
• Experience with runtime application security concepts (runtime CVE/dependency detection, exploitation
detection, CADR).
• Solid programming/scripting skills (e.g., Python, Go, Java) for building automation and integrations.
• Hands-on experience securing AWS cloud environments and containerized workloads (Docker, Kubernetes).
• Familiarity with microservices architectures and infrastructure-as-code (e.g., Terraform).
• Experience defining alert scope, building playbooks, and operating security detection and response
processes.
• Strong problem-solving skills and the ability to work independently and cross-functionally.
• Good communication skills and a passion for enabling developers rather than blocking them.
• Understanding of network security and encryption protocols.
Additional Skills (Preferred)
• Experience with vulnerability management and orchestration platforms (e.g., ASPM tools).
• Experience with policy-as-code and security guardrails (e.g., OPA, Kyverno).
• Knowledge of secure coding practices across multiple languages and frameworks.
• Experience with threat modeling methodologies.
• Security certifications such as CKS, AWS Security Specialty, OSCP, or similar.
• Experience working in Agile teams and collaborating across departments.
• Adaptability to a fast-paced environment.
• BSc in Computer Science – an advantage

Job Details

Experience

Mid · 3+ yrs

Tools & Tech

AWS
Docker
Go
Java
Kubernetes
OPA
Palo Alto
Python
Terraform

Preferred Certs

AWS Security Specialty
CKS
OSCP