DevSecOps Engineer (GCP)

Fetcherr experts in deep learning, e-commerce, and digitization, Fetcherr disrupts traditional systems with its cutting-edge AI technology. At its core is the Large Market Model (LMM), an adaptable AI engine that forecasts demand and market trends with precision, empowering real-time decision-making. Specializing initially in the airline industry, Fetcherr aims to revolutionize industries with dynamic AI-driven solutions.

We are looking for an an experienced and passionate DevSecOps Engineer to bolster the security of our development processes and Google Cloud Platform (GCP) infrastructure. If you're a proactive security expert with a strong background in GCP and a knack for integrating security seamlessly into the entire development lifecycle, we want to hear from you!

As our DevSecOps Engineer, you'll be the cornerstone of our security efforts, ensuring that security is ingrained in every stage of our software development lifecycle (SDLC) and throughout our GCP environment. Your primary mission will be to establish and maintain robust security practices, automate security controls, and provide expert guidance to our development and operations teams. You'll play a critical role in safeguarding our AI products and the underlying infrastructure from design to deployment.

Responsibilities:

• Secure the SDLC: Implement and manage security gates and controls throughout our CI/CD pipelines, including static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA).
• GCP Security Expertise: Design, implement, and enforce security best practices within our GCP environment, covering areas like identity and access management (IAM), network security (VPC Service Controls, firewall rules), data security (encryption, data loss prevention), and resource hierarchy.
• Automate Security: Develop and implement automated security tools and scripts to continuously monitor, audit, and remediate security vulnerabilities in our code, infrastructure, and deployed applications.
• Threat Modeling & Risk Assessment: Conduct threat modeling exercises and risk assessments for new features, applications, and infrastructure changes to proactively identify and mitigate potential security risks.
• Incident Response: Collaborate with relevant teams to develop and refine security incident response plans, and participate in incident response activities when necessary.
• Security by Design: Work closely with development and MLOps teams to integrate security principles and controls early in the design and development phases of new AI features and services.
• Compliance & Auditing: Ensure compliance with relevant security standards and regulations, and support internal and external security audits.
• Security Awareness: Promote a strong security culture within the organization through training, documentation, and ongoing awareness programs.
• Vulnerability Management: Manage the entire vulnerability lifecycle, from identification and assessment to prioritization and remediation tracking.
• Tooling & Evaluation: Evaluate, recommend, and implement new security tools and technologies to enhance our overall security posture.