InfoSec (DevSecOps) Engineer

Do you want to work with patented AI technology and develop high-performance solutions? If so, we have the perfect job for you at LoopMe!

We are a global team of skilled engineers who develop and maintain real-time bidding platforms for leading advertisers worldwide. Leveraging technologies such as Java, Postgres, Clickhouse, and Kafka, you will be instrumental in scaling performance, optimizing cloud infrastructure, and creating innovative features across our product portfolio. 

As the market leader in AI, LoopMe uses agile methodology to deliver product features at a fast pace. Join us and be a part of our mission to push the boundaries of what is possible in the advertising industry!

We seek an experienced InfoSec Mid-Level Specialist to enhance our security posture and ensure our systems and data's confidentiality, integrity, and availability. The ideal candidate will have a strong background in information security, familiarity with cloud environments like GCP, and experience securing modern data processing technologies such as Kubernetes, PostgreSQL, ClickHouse, Envoy, and Kafka.

Responsibilities:

1. Develop and implement information security policies and protection procedures.

2. Perform risk assessments, security audits, and threat analysis.

3. Monitor and respond to security incidents and conduct investigations.

4. Implement and maintain security tools such as SIEM, DLP, WAF and others.

5. Integrate DevSecOps practices into development workflows (Secure SDLC, code reviews).

6. Ensure compliance with security standards (ISO/IEC 27001, NIST, OWASP, CIS Controls).

7. Provide cybersecurity awareness training to employees.

8. Support secure architecture for platforms including GCP, Kubernetes, ClickHouse, Kafka, PostgreSQL, and Envoy.

9. Conducting proof-of-concept for new security integrations and actively participating in security budget discussions with product stakeholders and upper management.

Requirements:

Education & Experience:

1. Experience in information security or related fields (both formal education and practical hands-on experience are considered).

2. 2+ years of hands-on experience in InfoSec/DevSecOps roles, preferably in a cloud environment (GCP, AWS, Azure).

Technical Skills:

1. Strong understanding of network protocols (TCP/IP, DNS, HTTP/S, VPN).

2. Hands-on experience securing infrastructure based on GCP, Kubernetes, ClickHouse, Kafka, PostgreSQL.

3. Familiarity with SIEM systems, vulnerability management tools, IAM/SSO/MFA solutions (e.g., Okta, Azure AD).

4. Incident response and forensics experience (IR, investigations).

5. Solid understanding of security standards and frameworks: ISO/IEC 27001, NIST, OWASP, DevSecOps principles.

6. Strong understanding of security principles, protocols, and standards (e.g., encryption, authentication, access control).

7. Experience with security tools and technologies for monitoring and incident response.

8. Proficiency in securing Kubernetes, PostgreSQL, ClickHouse, Envoy, Kafka, and related technologies.

Tools & Technologies:

1. Experience with security tooling in cloud platforms (GCP, AWS, Azure).

2. Scripting skills in Bash, Python, or PowerShell for automation.

Nice-to-Have Qualifications:

1. Relevant certifications (e.g., CISSP, CISM, CompTIA Security+, GCP Security Engineer) are a plus.

2. Excellent communication skills and ability to collaborate effectively with technical and non-technical stakeholders.

Benefits:

1. Competitive compensation package

2. A flexible working schedule and the hybrid type of work

3. Annual performance bonus

4. One month of workation (you can work from any part of the world for one month)