InfoSec (DevSecOps) Engineer

Here's the standardised ad:

Information Security Specialist

About LoopMe

LoopMe is an AI company solving one of advertising's hardest problems: making brand advertising actually measurable — and making it perform. Our platform runs patented machine learning models across billions of consumer signals in real time, optimising campaigns toward outcomes like purchase intent, brand lift, and foot traffic rather than proxy metrics like clicks. The result is 2–5x better performance than industry benchmarks, at scale.

We operate a high-load programmatic infrastructure — processing millions of ad requests per second with sub-200ms response times globally. This isn't a layer on top of someone else's stack; it's built from the ground up, in-house, by the team you'd be joining. Founded in 2012 and headquartered in London, we now have 400+ people across 19 cities and have sustained 40% revenue CAGR since 2018. The engineering problems here are real, the ownership is genuine, and the scale is significant.

The opportunity

You'll own the day-to-day delivery of LoopMe's information security programme — hardening our cloud infrastructure, embedding security into engineering workflows, and responding when things go wrong. You'll work across GCP, Kubernetes, and a modern data stack that includes ClickHouse, Kafka, PostgreSQL, and Envoy, in an environment where the problems are real and the surface area is significant. This role sits within the Engineering organisation and reports to [CONFIRM REPORTING LINE].

What you'll do

• Develop and implement information security policies and protection procedures across the organisation
• Perform risk assessments, security audits, and threat analysis to maintain and improve our security posture
• Monitor, respond to, and investigate security incidents using SIEM, DLP, WAF, and related tooling
• Integrate DevSecOps practices into development workflows, including Secure SDLC and code reviews
• Ensure compliance with security standards including ISO/IEC 27001, NIST, OWASP, and CIS Controls
• Support secure architecture for GCP, Kubernetes, ClickHouse, Kafka, PostgreSQL, and Envoy
• Lead proof-of-concept evaluations for new security integrations and contribute to security budget discussions with product and leadership stakeholders
• Deliver cybersecurity awareness training to employees across the business

What you'll bring

Essential:

• 2+ years of experience in InfoSec or DevSecOps roles, preferably in a cloud environment (GCP, AWS, or Azure)
• Proficiency securing infrastructure across GCP, Kubernetes, ClickHouse, Kafka, PostgreSQL, and Envoy
• Solid understanding of network protocols (TCP/IP, DNS, HTTP/S, VPN) and core security principles including encryption, authentication, and access control
• Experience with SIEM systems, vulnerability management tools, and IAM/SSO/MFA solutions such as Okta or Azure AD
• Incident response and forensics experience, with working knowledge of ISO/IEC 27001, NIST, OWASP, and DevSecOps principles

Nice to have:

• Scripting skills in Bash, Python, or PowerShell for security automation
• Relevant certifications such as CISSP, CISM, CompTIA Security+, or GCP Security Engineer
• Experience communicating security topics clearly to non-technical stakeholders

What we offer

• Hybrid working
• Flexible schedule
• 1 month work-from-anywhere
• Annual performance bonus
• Multikafeteria (sport/culture card)
• LoopMe Gives Back
• Learning & development support