DevOps Security Contractor

<p>Upwave: The Brand Outcomes Measurement Platform</p> <p>Upwave is a leading measurement company entirely focused on measuring and optimizing upper funnel campaigns.. The world’s leading advertisers, agencies, and media partners trust Upwave’s robust, AI-driven platform to bring science to the top of the funnel.</p> <p>With Upwave, marketers maximize the effectiveness of brand spend. Upwave measures Brand Lift, validates Brand Reach, and surfaces Brand Optimization opportunities in one, dynamic platform with cross-channel brand measurement for CTV, Digital, Social, Linear, Addressable, Retail Media, Streaming Audio and more.</p> <p>We’re a profitable, growth-stage company backed by leading venture investors (Y Combinator, Uncork Capital, Bloomberg Beta, Initialized Capital, PivotNorth, Ridge Ventures, Industry Ventures, Conductive Ventures,) and leading AdTechfounders &amp; CEOs.</p> <p>We’re a humble but ambitious team that takes its work seriously but never ourselves.&nbsp; Come join us.</p> <p>DevOps Security Contractor (Part-Time | 10–20 hrs/month)</p> <p>&nbsp;We are seeking an experienced DevOps + Security Contractor to provide ongoing guidance, system review, and hands-on support as needed. This role is ideal for a senior-level expert who can help ensure our infrastructure, systems, and processes follow modern security best practices while remaining lightweight and scalable.</p> <p>What You’ll Do</p> <ul> <li>Provide ongoing DevOps and security guidance to engineering and leadership</li> <li>Review current infrastructure (cloud, CI/CD, access controls) and recommend improvements</li> <li>Conduct periodic security audits and risk assessments</li> <li>Advise on and help implement best practices across cloud security, IAM, and data protection</li> <li>Support incident response for security-related events, as well as helping refine our incident response procedures</li> <li>Review and strengthen deployment pipelines and system architecture</li> <li>Assist with security tooling selection and implementation (monitoring, alerting, vulnerability scanning)</li> <li>Help ensure alignment with SOC 2 and general compliance standards</li> <li>Partner with engineering on secure system design and new builds when needed</li> <li>Document recommendations and maintain lightweight security playbooks</li> </ul> <p>What We’re Looking For</p> <ul> <li>15+ years in DevOps, Cloud Infrastructure, or Security Engineering</li> <li>Strong experience with AWS platform</li> <li>Deep understanding of:</li> <ul> <li>Infrastructure security &amp; hardening</li> <li>Identity &amp; access management (IAM)</li> <li>CI/CD security</li> <li>Incident response and monitoring</li> </ul> <li>Experience supporting SOC 2 or similar compliance frameworks</li> <li>Ability to operate independently in a low-hour, high-impact capacity</li> <li>Strong communication skills—able to translate risk into practical action</li> </ul> <p>Engagement Details</p> <ul> <li>Time Commitment: ~10–20 hours per month</li> <li>Structure: Ongoing advisory + potential on-call support for incidents</li> <li>Flexibility: Async-friendly, with occasional scheduled check-ins. You’ll be working with a California-centric team, so must have at least 2-3 hours of overlap with standard PST working hours.</li> <li>Scope: Strategic guidance + light hands-on execution as needed</li> </ul>