DevSecOps Engineer

Fetcherr experts in deep learning, e-commerce, and digitization, Fetcherr disrupts traditional systems with its cutting-edge AI technology. At its core is the Large Market Model (LMM), an adaptable AI engine that forecasts demand and market trends with precision, empowering real-time decision-making. Specializing initially in the airline industry, Fetcherr aims to revolutionize industries with dynamic AI-driven solutions.

We are seeking an experienced and passionate DevSecOps Engineer to enhance the security of our development processes and Google Cloud Platform (GCP) infrastructure. If you're a proactive security expert with a strong background in GCP and a knack for integrating security seamlessly into the entire development lifecycle, we want to hear from you!

As our DevSecOps Engineer, you'll be the cornerstone of our security efforts, ensuring that security is ingrained in every stage of our software development lifecycle (SDLC) and throughout our GCP environment. Your primary mission will be to establish and maintain robust security practices, automate security controls, and provide expert guidance to our development and operations teams. You'll play a critical role in safeguarding our AI products and the underlying infrastructure from design to deployment.

Responsibilities:

• Secure the SDLC: Implement and manage security gates and controls throughout our CI/CD pipelines, including static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA).
• GCP Security Expertise: Design, implement, and enforce security best practices within our GCP environment, covering areas like identity and access management (IAM), network security (VPC Service Controls, firewall rules), data security (encryption, data loss prevention), and resource hierarchy.
• Automate Security: Develop and implement automated security tools and scripts to continuously monitor, audit, and remediate security vulnerabilities in our code, infrastructure, and deployed applications.
• Threat Modeling & Risk Assessment: Conduct threat modeling exercises and risk assessments for new features, applications, and infrastructure changes to proactively identify and mitigate potential security risks.
• Incident Response: Collaborate with relevant teams to develop and refine security incident response plans, and participate in incident response activities when necessary.
• Security by Design: Work closely with development and MLOps teams to integrate security principles and controls early in the design and development phases of new AI features and services.
• Compliance & Auditing: Ensure compliance with relevant security standards and regulations, and support internal and external security audits.
• Security Awareness: Promote a strong security culture within the organization through training, documentation, and ongoing awareness programs.
• Vulnerability Management: Manage the entire vulnerability lifecycle, from identification and assessment to prioritization and remediation tracking.
• Tooling & Evaluation: Evaluate, recommend, and implement new security tools and technologies to enhance our overall security posture.

You'll be a great fit if you have...

• 3+ years of experience in a DevSecOps, Security Engineering, or similar role with a strong focus on cloud environments.
• In-depth expertise in Google Cloud Platform (GCP) security services and best practices (IAM, VPC Service Controls, Security Command Center, Cloud Armor, KMS, etc.).
• Proven experience implementing and managing security within CI/CD pipelines (e.g., using tools like Jenkins, GitLab CI/CD, ArgoCD).
• Strong understanding of application security vulnerabilities (OWASP Top 10) and mitigation strategies.
• Proficiency in scripting languages (e.g., Python, Bash) for automation and security tool development.
• Experience with infrastructure as code (IaC) tools such as Terraform.
• Familiarity with containerization and orchestration technologies (Docker, Kubernetes) and their security implications.
• Excellent communication and collaboration skills, with the ability to work effectively with cross-functional teams.
• A proactive mindset and a passion for staying up-to-date with the latest security trends and threats.

Nice to have:

• GCP security certifications (e.g., Professional Cloud Security Engineer).
• Experience with AI/ML development pipelines and associated security challenges.
• Knowledge of compliance frameworks (e.g., SOC 2, ISO 27001).
• Experience with security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms.