InfoSec (DevSecOps) Engineer

We are currently seeking an experienced InfoSec Mid-Level Specialist to enhance our security posture and ensure our systems and data's confidentiality, integrity, and availability. The ideal candidate will have a strong background in information security, familiarity with cloud environments like GCP, and experience securing modern data processing technologies such as Kubernetes, PostgreSQL, ClickHouse, Envoy, and Kafka.

Responsibilities:

• Develop and implement information security policies and protection procedures.
• Perform risk assessments, security audits, and threat analysis.
• Monitor and respond to security incidents and conduct investigations.
• Implement and maintain security tools such as SIEM, DLP, WAF and others.
• Integrate DevSecOps practices into development workflows (Secure SDLC, code reviews).
• Ensure compliance with security standards (ISO/IEC 27001, NIST, OWASP, CIS Controls).
• Provide cybersecurity awareness training to employees.
• Support secure architecture for platforms including GCP, Kubernetes, ClickHouse, Kafka, PostgreSQL, and Envoy.
• Conducting proof-of-concept for new security integrations and actively participating in security budget discussions with product stakeholders and upper management.

Requirements:

Education & Experience:

• Experience in information security or related fields (both formal education and practical hands-on experience are considered).
• 2+ years of hands-on experience in InfoSec/DevSecOps roles, preferably in a cloud environment (GCP, AWS, Azure).

Technical Skills:

• Strong understanding of network protocols (TCP/IP, DNS, HTTP/S, VPN).
• Hands-on experience securing infrastructure based on GCP, Kubernetes, ClickHouse, Kafka, PostgreSQL.
• Familiarity with SIEM systems, vulnerability management tools, IAM/SSO/MFA solutions (e.g., Okta, Azure AD).
• Incident response and forensics experience (IR, investigations). Solid understanding of security standards and frameworks: ISO/IEC 27001, NIST, OWASP, DevSecOps principles.
• Strong understanding of security principles, protocols, and standards (e.g., encryption, authentication, access control).
• Experience with security tools and technologies for monitoring and incident response.
• Proficiency in securing Kubernetes, PostgreSQL, ClickHouse, Envoy, Kafka, and related technologies.

Tools & Technologies:

• Experience with security tooling in cloud platforms (GCP, AWS, Azure).
• Scripting skills in Bash, Python, or PowerShell for automation.

Nice-to-Have Qualifications:

• Relevant certifications (e.g., CISSP, CISM, CompTIA Security+, GCP Security Engineer) are a plus.
• Excellent communication skills and ability to collaborate effectively with technical and non-technical stakeholders.

Benefits:

• Competitive compensation package
• Flexible working schedule and the hybrid type of work
• Annual performance bonus
• One month of workation (you can work from any part of the world for one month)

About LoopMe:

We are a global team of skilled engineers who develop and maintain real-time bidding platforms for leading advertisers worldwide. Leveraging technologies such as Java, Postgres, Clickhouse, Kafka, you will be instrumental in scaling performance, optimizing cloud infrastructure, and creating innovative features across our product portfolio.

LoopMe uses agile methodology to deliver product features at a fast pace. Join us and be a part of our mission to push the boundaries of what is possible in the advertising industry!