Lead DevSecOps Engineer

Welcome to

Level AI

Position Overview :

We are looking for a DevSecOps Engineer to help raise the security bar for our customer data, applications, and infrastructure at Level AI. This person will actively collaborate with team members and the wider Level AI engineering community in producing quality deliverables in an efficient manner. This person will understand the GCP security landscape & deploy controls to prevent, detect and respond to those security threats. They will work across many teams including infrastructure, engineering, operations, incident response, and offensive security to develop scalable solutions. In addition, they will actively collaborate and share ideas, thoughts and challenges with peers both inside and outside the team.

Responsibilities :

• Guide shift-left adoption by introducing and improving security testing mechanisms into the company’s CI/CD pipelines & IT security guidelines (SAST, DAST, SCA, PCI, RBI PSS, ISO27001 etc.).
• Develop high quality, secure, stable code for use by Level AI security and the wider Level AI engineering community.
• Build operating dashboards and charts to track system errors, performance and enable root cause analysis.
• Identify gaps and evaluate relevant tools and technologies as needed to improve processes and systems, leveraging open-source and cloud computing technologies to build effective solutions.
• Work with security stakeholders to define needs and design solutions relevant to solving a security problem.
• Extend and improve existing off the shelf security tooling in order to fit into Level AI’s use cases.
• Maintain, troubleshoot, document, and debug code, as required.
• Research external best practices and emerging software and security technologies for possible incorporation into platform/applications and methodologies.
• Develop, maintain and publish up-to-date information security policies, standards, and guidelines. oversee the approval, training, and dissemination of security policies and practices.
• Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users.

Requirements :

• Bachelors or above with a good academic background.
• 5+ years of meaningful work experience in DevOps & DevSecOps handling complex services.Strong troubleshooting skills to keep our services highly available.
• Strong expertise and experience with Google Cloud Platform (GCP), Docker, Kubernetes, CI/CD, Jenkins and DevOps tools like IaC, ArgoCD, HELM Chart tools.
• Operational  experience with Kafka, RabbitMq or other messaging queue systems.
• Experience in programming/scripting languages (Node.js, Python, Bash, etc).
• Solid experience with Networking concepts, setup.
• Strong expertise required with deployment at scale on kubernetes cluster via HPA.
• Broad technical background and experience with architecture, design, and operations of cloud solutions and the how-to meet security compliance requirements.
• Monitoring system health, ensuring security, scalability, and reliability.
• Design, implement, and maintain observability, monitoring, logging, and alerting using the tools like Prometheus, Grafana, Promtail, Loki, Datadog.
• Ability to architect and develop the CICD platform on GCP DevOps from scratch and guide the customer on the best practices.
• Experience with SDLC best practices and value stream management and DevOps workflows.
• Develop the Architecture for a Well-orchestrated, templatized, parameterized and automated CI-CD pipelines with quality and security gates.