InfoSec (DevSecOps) Engineer - B902

Description

LoopMe, the leading outcomes-based platform, closes the loop on digital advertising. By leveraging our patented AI technology to optimize media delivery in real-time, we drive measurable uplift for business outcomes across brand lift, purchase intent, consideration, foot traffic, and sales.

We seek an experienced InfoSec Mid-Level Specialist to enhance our security posture and ensure our systems and data's confidentiality, integrity, and availability. The ideal candidate will have a strong background in information security, familiarity with cloud environments like GCP, and experience securing modern data processing technologies such as Kubernetes, PostgreSQL, ClickHouse, Envoy, and Kafka.

Responsibilities:

• Develop and implement information security policies and protection procedures.
• Perform risk assessments, security audits, and threat analysis.
• Monitor and respond to security incidents and conduct investigations.
• Implement and maintain security tools such as SIEM, DLP, WAF and others.
• Integrate DevSecOps practices into development workflows (Secure SDLC, code reviews).
• Ensure compliance with security standards (ISO/IEC 27001, NIST, OWASP, CIS Controls).
• Provide cybersecurity awareness training to employees.
• Support secure architecture for platforms including GCP, Kubernetes, ClickHouse, Kafka, PostgreSQL, and Envoy.
• Conducting proof-of-concept for new security integrations and actively participating in security budget discussions with product stakeholders and upper management.

Requirements:
Education & Experience:

• Experience in information security or related fields (both formal education and practical hands-on experience are considered).
• 2+ years of hands-on experience in InfoSec/DevSecOps roles, preferably in a cloud environment (GCP, AWS, Azure).
  

Technical Skills:

• Strong understanding of network protocols (TCP/IP, DNS, HTTP/S, VPN).
• Hands-on experience securing infrastructure based on GCP, Kubernetes, ClickHouse, Kafka, PostgreSQL.
• Familiarity with SIEM systems, vulnerability management tools, IAM/SSO/MFA solutions (e.g., Okta, Azure AD).
• Incident response and forensics experience (IR, investigations).
  Solid understanding of security standards and frameworks: ISO/IEC 27001, NIST, OWASP, DevSecOps principles.
•  Strong understanding of security principles, protocols, and standards (e.g., encryption, authentication, access control).
• Experience with security tools and technologies for monitoring and incident response.
• Proficiency in securing Kubernetes, PostgreSQL, ClickHouse, Envoy, Kafka, and related technologies.
  

Tools & Technologies:

• Experience with security tooling in cloud platforms (GCP, AWS, Azure).
• Scripting skills in Bash, Python, or PowerShell for automation.

Nice-to-Have Qualifications:

•  Relevant certifications (e.g., CISSP, CISM, CompTIA Security+, GCP Security Engineer) are a plus.
•  Excellent communication skills and ability to collaborate effectively with technical and non-technical stakeholders.

Benefits:

• Competitive compensation package
• Flexible working schedule and the hybrid type of work
• Annual performance bonus
• One month of workation (you can work from any part of the world for one month)