InfoSec (DevSecOps) Engineer

LoopMe, the leading outcomes-based platform, closes the loop on digital advertising. By leveraging our patented AI technology to optimize media delivery in real-time, we drive measurable uplift for business outcomes across brand lift, purchase intent, consideration, foot traffic, and sales.

We seek an experienced InfoSec Mid-Level Specialist to enhance our security posture and ensure our systems and data's confidentiality, integrity, and availability. The ideal candidate will have a strong background in information security, familiarity with cloud environments like GCP, and experience securing modern data processing technologies such as Kubernetes, PostgreSQL, ClickHouse, Envoy, and Kafka.

Responsibilities:

1. Develop and implement information security policies and protection procedures.
2. Perform risk assessments, security audits, and threat analysis.
3. Monitor and respond to security incidents and conduct investigations.
4. Implement and maintain security tools such as SIEM, DLP, WAF and others.
5. Integrate DevSecOps practices into development workflows (Secure SDLC, code reviews).
6. Ensure compliance with security standards (ISO/IEC 27001, NIST, OWASP, CIS Controls).
7. Provide cybersecurity awareness training to employees.
8. Support secure architecture for platforms including GCP, Kubernetes, ClickHouse, Kafka, PostgreSQL, and Envoy.
9. Conducting proof-of-concept for new security integrations and actively participating in security budget discussions with product stakeholders and upper management.

Requirements:

Education & Experience:

1. Experience in information security or related fields (both formal education and practical hands-on experience are considered).
2. 2+ years of hands-on experience in InfoSec/DevSecOps roles, preferably in a cloud environment (GCP, AWS, Azure).

Technical Skills:

1. Strong understanding of network protocols (TCP/IP, DNS, HTTP/S, VPN).
2. Hands-on experience securing infrastructure based on GCP, Kubernetes, ClickHouse, Kafka, PostgreSQL.
3. Familiarity with SIEM systems, vulnerability management tools, IAM/SSO/MFA solutions (e.g., Okta, Azure AD).
4. Incident response and forensics experience (IR, investigations).
5. Solid understanding of security standards and frameworks: ISO/IEC 27001, NIST, OWASP, DevSecOps principles.
6. Strong understanding of security principles, protocols, and standards (e.g., encryption, authentication, access control).
7. Experience with security tools and technologies for monitoring and incident response.
8. Proficiency in securing Kubernetes, PostgreSQL, ClickHouse, Envoy, Kafka, and related technologies.

Tools & Technologies:

1. Experience with security tooling in cloud platforms (GCP, AWS, Azure).
2. Scripting skills in Bash, Python, or PowerShell for automation.

Nice-to-Have Qualifications:

1. Relevant certifications (e.g., CISSP, CISM, CompTIA Security+, GCP Security Engineer) are a plus.
2. Excellent communication skills and ability to collaborate effectively with technical and non-technical stakeholders.

Benefits:

1. Competitive compensation package
2. A flexible working schedule and the hybrid type of work
3. Annual performance bonus
4. One month of workation (you can work from any part of the world for one month)