Role Description Join the Digital Office at Wakam and help revolutionize the insurance industry through innovation and technology. We are a center of expertise where cutting-edge tools meet strategic thinking. Our teams design, develop, and optimize robust digital solutions that improve efficiency and user experience — all within an Agile, collaborative, and fast-paced environment. - Stratégie & Roadmap DevSecOps: - Réaliser un assessment de la situation actuelle et définir une roadmap DevSecOps claire, en coordination avec le comité d'architecture. - Prioriser les actions selon une approche risque globale — pas uniquement sécurité — adaptée au contexte de Wakam. - Définir les métriques de performance et de fiabilité des processus de sécurité. - Support & Accompagnement des Équipes: - Accompagner et supporter les équipes de développement et d'opérations sur les sujets sécurité au quotidien. - Mettre en perspective les risques business et techniques pour faciliter la prise de décision. - Former et sensibiliser les équipes aux bonnes pratiques de sécurité (secure coding, threat modeling, etc.). - Développer une culture DevSecOps durable au sein de l'organisation. - Shift-Left Security: - Intégrer les tests SAST, DAST, SCA directement dans les pipelines CI/CD avec des temps de réponse optimisés. - Concevoir et déployer des suites de tests de sécurité rapides, fiables et en parallèle, avec feedback immédiat pour les développeurs. - Documenter les flux de données et modéliser les surfaces d'attaque dès la phase de conception. - Automatisation & Outillage: - Déployer et configurer les outils d'analyse statique et dynamique (SonarQube, Trivy, Snyk, OWASP ZAP, etc.). - Orchestrer les déploiements sécurisés via les pipelines CI/CD, avec mécanismes de rollback automatique et validation multi-niveaux. - Développer des outils d'automatisation sur mesure lorsque les solutions du marché ne couvrent pas les besoins. - Gestion de Version & Configuration: - Implémenter l'Infrastructure as Code (IaC) avec contrôles de sécurité intégrés (Terraform, Ansible). - Assurer le versioning intégral : code, infrastructure, configurations et politiques de sécurité. - Gérer les secrets et certificats via des solutions dédiées (HashiCorp Vault ou équivalent). - Supervision & Gestion des Incidents: - Déployer et maintenir les outils de supervision de la sécurité (SIEM, alerting, monitoring). - Automatiser la détection d'anomalies et la réponse aux incidents (SOAR, runbooks automatisés). - Participer activement à la gestion et à la résolution des incidents de sécurité. - Support à l'Administration de l'Environnement de Travail: - Apporter un support technique à l'équipe en charge de l'environnement bureautique (Microsoft 365, Exchange Online, SharePoint) sur les sujets de sécurité et de monitoring. - Contribuer à l'intégration des outils collaboratifs dans les politiques de sécurité globales (authentification, accès conditionnels, DLP, alertes SIEM). - Faciliter l'automatisation des tâches d'administration récurrentes et la mise en place d'alertes sur les comportements anormaux. - Veille & Amélioration Continue: - Animer une veille active sur les évolutions DevSecOps, les nouvelles menaces et les pratiques émergentes. - Évaluer et intégrer les nouvelles technologies pertinentes pour l'environnement Wakam. - Partager les bonnes pratiques et retours d'expérience en interne et au sein de la communauté DevSecOps. Qualifications - 7+ years in software engineering and/or operations. - Solid development background (Dev or DevOps profile). - Strong hands-on experience in application and infrastructure security. - Understanding of Cloud-based production environments. - Experience with Security Operations (SOC) is a plus. Requirements - Technical Skills: - DevOps & Automation: CI/CD (Azure DevOps, GitHub Actions). - Containers: Docker, Kubernetes. - Infrastructure as Code: Terraform, Ansible. - Cloud Platforms: Azure, AWS. - Scripting: Python, Bash, PowerShell. - Application Security: OWASP, secure coding practices. - Security Tools: SAST, DAST, SCA, vulnerability scanning. - Security Expertise: - Knowledge of security protocols and cryptography. - Familiarity with compliance frameworks and standards. - Experience using vulnerability scanning and mitigation tools. - Strong infrastructure security practices. Benefits - True remote work flexibility with our Wakam From Anywhere (WFA) program. - Flat hierarchical system promoting direct impact and autonomy. - Monthly Free.day: dedicated time for personal growth and skills development. - Lunch voucher with Swile card. - A meaningful company: we became a Mission-driven company in March 2021. - Work alongside passionate experts who will share their knowledge and help you develop and grow in your career. Company Description At Wakam, we’re on a mission to reinvent insurance with tech, transparency, and purpose. You’ll join a bold, international company where experimentation is encouraged, ideas are valued, and personal growth is supported.

Role Description We are looking for a Senior Manager, DevSecOps to lead a group of engineers working across multiple teams integrating security into our DevOps, CI/CD, IaC pipelines, and AI/ML workloads, ensuring secure, compliant, and efficient software delivery across the organization. As a DevSecOps Sr. Manager at DoubleVerify, you will oversee technical design and execution across multiple functional areas while providing strategic leadership on DevSecOps best practices, cloud-native security, AI/ML security, and automation. You will lead teams of 2-5+ DevSecOps and security engineers across multiple infrastructure areas, fostering a culture of security throughout the software development lifecycle (SDLC) and AI/ML pipelines. This role requires balancing technical depth in areas such as Infrastructure-as-Code (IaC), container security, and AI security with strategic leadership to drive security initiatives across the organization. The ideal candidate will serve as a technical leader who can architect secure solutions for both traditional and AI workloads, develop their teams' capabilities, and work cross-functionally with engineering teams to embed security practices into every stage of development, deployment, and AI model lifecycle. Responsibilities - Manage and lead multiple DevSecOps teams, mentor and hire senior DevSecOps and security engineers, building high-performing teams focused on security excellence across traditional and AI workloads. - Secure AI/ML pipelines and infrastructure by implementing security controls for model deployment environments, ensuring protection against AI-specific threats such as prompt injection, data poisoning, and model extraction. - Establish AI security governance frameworks including policies for LLM usage, RAG (Retrieval Augmented Generation) systems security, MCP (Model Context Protocol) security, and AI supply chain risk management. - Implement automated security scanning for AI artifacts including model files, training datasets, and AI-generated code, integrating these checks into CI/CD pipelines alongside traditional SAST, DAST, and SCA tools. - Oversee security for AI workload identity and access management, ensuring proper authentication, authorization, and encryption for AI services, APIs, and vector databases used in RAG systems. - Lead AI security incident response for threats specific to AI/ML systems including adversarial attacks, model theft, data leakage through LLM outputs, and unauthorized AI service usage. - Ensure adherence to compliance standards such as SOC 2, ISO 27001, SOX, and MRC by automating compliance evidence collection, with special focus on AI governance and responsible AI principles. - Define and execute DevSecOps strategy aligned with business objectives, security requirements, and emerging AI security best practices across the organization. - Create architecture designs for security systems and services spanning multiple teams and infrastructure areas, including AI-specific security architectures. - Drive continuous improvement of security automation, AI security tooling, and processes across traditional and AI workloads. - Establish security metrics and KPIs to measure team effectiveness, security posture, and AI risk exposure. - Foster a culture of security awareness and AI security best practices across engineering, data science, and product teams. - Collaborate with senior/executive management regularly on security strategy, AI risk management, and cross-organizational security initiatives. Qualifications - 5-6+ years of experience in Cybersecurity/DevOps, or DevSecOps, with proven experience leading security teams of ~5+ engineers across multiple infrastructure areas. - Bachelor's degree in Computer Science, Information Systems, or equivalent experience in a related field. Requirements - AI/ML Security: LLM security (prompt injection, jailbreaking, data leakage), model security, AI supply chain security, adversarial ML defense, RAG system security, vector database security, MCP security. - AI Governance & Compliance: Responsible AI frameworks, AI risk assessment, model governance, AI audit trails, privacy-preserving ML techniques. - AI Pipeline Security: Securing model training environments, ML pipeline security, model versioning and provenance, AI artifact scanning, AI workload isolation. - AI Identity & Access: AI service authentication, API security for AI endpoints, token management for LLM services, workload identity for AI inference. - Network Security: Firewalls, segmentation, intrusion detection/prevention systems, AI traffic analysis. - Encryption and Cryptography: TLS/SSL, certificate management, encryption at rest and in transit, secure model storage. - Identity and Access Management: IAM, Keycloak, Teleport, Workload Identity, AI service accounts. - Operating System Security: Hardening, patch management, compliance frameworks. - Application Security: Container security, Kubernetes security policies, SAST, DAST, SCA tools, AI-generated code scanning. - Threat Intelligence and Analysis: Vulnerability scanning, AI threat detection, adversarial attack detection. - Incident Response and Forensics: Security incident handling, AI-specific incident investigation, model forensics. - Risk Management and Compliance: SOC2, ISO 27001, SOX, AI governance frameworks, audit preparation and evidence collection. - Security Architecture and Design: Zero Trust principles, defense in depth strategies, AI security architecture patterns. - Automation and Scripting: Security automation, ACME, certbot, Python, Bash, AI security tooling automation. - Cloud Security: GCP, AWS, OCI security controls and best practices, AI service security configurations. Benefits - Competitive salary range: $131,000 - $260,000 based on qualifications. - Eligible for bonus/commission (as applicable), equity, and benefits. Company Description DoubleVerify is a big data and analytics company. We track and analyze tens of billions of ads every day for the biggest brands in the world like Apple, Nike, AT&T, Disney, Vodafone, and most of the Fortune 500 companies. We operate at a massive scale, our backend handles over 100B+ events per day, we analyze and process those events in real-time while making decisions on the environment where the ad is running and all the user interactions during the Ad display lifecycle. We are global, with R&D centers in New York, Paris, London, Munich, Belgium, and more. We believe that hiring people with a broad range of technical skillsets results in the highest satisfaction for our engineers and a strong return on investment for the company.

Title: Senior Site Reliability Engineer Location: Manhattan, NY, United States Job Description: Alloy is where you belong! Alloy helps solve the identity risk problem for companies that offer financial products by enabling them to outpace fraud and confidently serve more people around the world. Over 800 of the world's largest financial institutions and fintechs turn to Alloy to take control of fraud, credit, and compliance risk, and grow with the clearest picture of their customers. Through our values: Be Bold, Get Scrappy, Collaborate, and Celebrate Our Differences, we are creating a workplace where you can grow, thrive, and belong. See how we've been continuously recognized and named one of Inc. Magazine's Best Workplaces, Forbes America's Best Startup Employers, Best Fintech to Work for by American Banker, year after year. Check out our investors and read more about us here. About the team Alloy's Infrastructure Team is a small team (6 engineers) responsible for a large and growing infrastructure footprint: 15+ Kubernetes clusters, 100+ databases, dozens of services, and complex data organization. Our challenge isn't just scale-it's making that scale reliable, secure, and operable with less manual work. We're looking for engineers who enjoy turning complex, fragile systems into automated, self-service platforms with strong safety guarantees. What you'll be doing Reporting to the Engineering Manager of Infrastructure, you'll: - Design and build systems to automate infrastructure management at scale (provisioning, upgrades, migrations) - Reduce operational toil by turning manual processes into reliable, repeatable workflows - Build internal tooling and platforms that enable safe self-service changes for other engineers - Improve the reliability and resilience of our infrastructure (Kubernetes, databases, services) - Implement and evolve systems for deploying and running applications in Kubernetes - Contribute to architecture decisions across infrastructure, reliability, and security - Write and review production-quality code - Participate in on-call rotations-but focus on building systems that prevent incidents, not just respond to them Who we're looking for - 5+ years of experience in infrastructure, SRE, or software engineering roles - Strong software engineering skills-you build systems, not just scripts - Experience managing production infrastructure at scale (cloud + containerized systems) - Experience with Infrastructure as Code (e.g., Terraform) - Experience running and troubleshooting distributed systems (Docker/Kubernetes) - Experience with observability and debugging tools (Datadog, CloudWatch, ELK/EFK, etc.) - Proficiency in at least one programming language (Python, Go, JavaScript, etc.) - Experience participating in on-call rotations and improving systems based on incidents - Strong communication and collaboration skills You might be a great fit if you - Default to automation over manual processes - See repetitive work and immediately want to eliminate it - Think in terms of systems, failure modes, and long-term scalability - Care about building infrastructure that other engineers can use safely and confidently - Enjoy working in a small team with high ownership and impact Nice to have - Experience running Kubernetes in production at scale - Deep familiarity with AWS - Experience building internal platforms or developer tooling - Background in distributed systems or large-scale data systems We're a lean team, so your impact will be felt immediately, and opportunities will grow as the company scales up. If this all sounds like a good fit for you, why not join us? Alloy is committed to fair and equitable compensation practices. Below is the anticipated starting base compensation range for this role; however, pay may vary depending on job-related knowledge, in-demand skills, relevant experience, and/or geography. In addition to a competitive base salary, this position is also eligible for equity awards in the form of stock options (ISOs) as well as a competitive total benefits package. Your recruiter will be happy to walk you through the details and what compensation could look like for you specifically! This position has a salary range of $151,000 to $191,000. Benefits and Perks - Unlimited PTO and flexible work policy - Employee stock options - Medical, dental, vision plans with HSA (monthly employer contribution) and FSA options - 401k with 100% match up to 4% of annual employee compensation - Eligible new parents receive 16 weeks of paid parental leave - Home office stipend for new employees - Annual Learning & Development annual stipend - Well-being benefits include access to ClassPass, OneMedical, UrbanSitter, and Spring Health - Hybrid work environment: employees are expected to work Tuesdays through Thursdays from our HQ in Union Square, Manhattan. Tasty lunches catered from a variety of local restaurants and frequent employee-organized cultural events contribute to our positive office energy. On Monday/Friday most employees Zoom into work from home while some take advantage of the quieter office. How to apply Apply right here! You've found the application! Alloy is proud to be an equal-opportunity workplace and employer. We're committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status. We are committed to an inclusive interview experience and provide reasonable accommodations to applicants with visible and invisible disabilities. We encourage applicants to share needed accommodations with their recruiter. All Alloy jobs are listed on our careers page. Any communication during the recruitment process, including interview requests or job offers, will come directly from a recruiting team member with an alloy.com email address. We do not use outside applications or automated text messaging in our recruiting process. We will not ask for any sensitive financial or identification information during the recruiting process. If you're ever unsure, please contact us directly via our website before sharing personal information.

Role Description DevOps Process Analyst will enhance and optimize DevOps practices within our organization. This role will focus on analyzing, refining, and documenting DevOps processes, ensuring alignment with organizational goals, and supporting the seamless integration of development and operations workflows. As a DevOps Process Analyst, you will be instrumental in driving process improvements, fostering collaboration, and enabling the successful implementation of DevOps initiatives. Duties and Responsibilities - Process Analysis and Optimization: - Evaluate existing development and operations workflows to identify inefficiencies, bottlenecks, and areas for improvement. - Develop and recommend strategies for optimizing DevOps processes to enhance collaboration, reduce time-to-market, and increase operational efficiency. - Research and implement industry best practices, tools, and methodologies to standardize and improve workflows. - Cross-Functional Collaboration: - Partner with stakeholders across development, operations, quality assurance, and business teams to gather requirements and provide insights for process improvement. - Facilitate communication between teams to ensure alignment on goals, objectives, and best practices. - Act as a liaison to address concerns and ensure continuous engagement from all stakeholders. - Documentation and Reporting: - Create and maintain detailed process documentation, including workflows, standard operating procedures (SOPs), and change logs. - Develop dashboards and reporting mechanisms to provide visibility into DevOps performance metrics and progress on initiatives. - Deliver regular updates to management and stakeholders on process improvement efforts and outcomes. - DevOps Practices Implementation: - Support the implementation of automation tools, CI/CD pipelines, and monitoring systems to streamline workflows and enhance productivity. - Collaborate with teams to establish and enforce standards for code quality, deployment frequency, and system reliability. - Lead initiatives to integrate feedback loops and continuous learning into development and operations processes. - Continuous Improvement and Innovation: - Promote a culture of continuous improvement by identifying opportunities for innovation and process enhancement. - Provide guidance and mentorship to team members on best practices and methodologies. - Conduct training sessions and workshops to build team capabilities in DevOps processes and tools. - Risk and Issue Management: - Identify potential risks and dependencies within DevOps processes and propose mitigation strategies. - Work proactively to resolve issues and ensure seamless delivery of initiatives. - Other duties as assigned. Qualifications - Strong proficiency in the use of Microsoft Office, especially Excel. - Problem-solving and leadership skills. - Ability to independently identify project issues, determine appropriate actions to resolve the issues, and escalate appropriately. - Ability to work with limited supervision, make independent judgment decisions, and remain effective under pressure. - Project planning, risk management, time management, and other project management skills. - Experience in strategic planning, risk management, and/or change management. - Proficiency in project management software and tools. - Conflict resolution experience. - Ability to handle multiple tasks effectively. - Ability to work under pressure and to prioritize. - Excellent organizational skills. - Proficient in speaking, reading, and writing in English. - Ability to see clearly with or without corrective lenses and hear clearly with or without aids. - Ability to use hands, fingers, and wrists repetitively, using a computer keyboard and other office equipment, regularly. - Excellent written and verbal communication skills. - Ability to interact cordially and productively with co-workers in a team environment. Requirements - Bachelor's degree in related field required. - Minimum of 3 years of Revenue cycle or SSI product experience preferred. - Prior software project management experience a plus. - PMP Certification preferred. Benefits - Competitive salaries. - Excellent benefits package including medical, dental, life/AD&D, LTD, vision, 401(k) matching, paid vacation, and tuition reimbursement.