Company Description
Giggle Finance is dedicated to financially empowering the gig economy, which now represents 32 percent of the U.S. labor force. By leveraging technology, exceptional customer service, and transparency, we provide rapid access to funds for gig workers. Whether you need to take on more jobs, address unexpected expenses, or manage cash-flow needs, Giggle is here to help. Our mission is to serve the financially under-served gig economy with quick and reliable financial solutions.
Role Description
This is a full-time, remote position for a DevSecOps Engineer. As a DevSecOps Engineer at Giggle Finance, you'll be an integral part of our dynamic team, working closely with developers, QA, and Product to build and maintain a robust and secure infrastructure. You'll champion security best practices throughout the software development lifecycle, ensuring our platform and customer data remain protected.
Responsibilities
- Security Integration: Implement and manage security tools and practices within the CI/CD pipeline. This includes static/dynamic code analysis, vulnerability scanning, and security automation.
- Infrastructure as Code: Design, implement, and manage cloud infrastructure using Terraform, ensuring scalability, reliability, and security.
- CI/CD Optimization: Develop and maintain our CI/CD pipelines using tools like Jenkins and GitLab optimizing for speed, efficiency, and security.
- Code Release & Rollback: Manage and streamline code release processes, including version control, release automation, and rollback strategies to ensure system stability and business continuity.
- Automation: Drive automation of infrastructure provisioning, application deployments, and security processes to enhance operational efficiency and reduce risk exposure.
- Monitoring & Alerting: Implement robust monitoring and alerting systems to proactively identify and address security threats and performance issues.
- Cross-Functional Collaboration: Work closely with development teams to integrate security into the design and development phases of the SDLC, fostering a culture of security awareness.
- Incident Response: Participate in incident response activities, including detection, investigation, mitigation, and remediation.
- Security Research & Awareness: Maintain expertise in emerging security threats, vulnerabilities, and industry best practices to safeguard enterprise systems and financial platforms.
Qualifications
- 5+ years of experience in DevOps or DevSecOps roles with a strong focus on security.
- Proficiency in infrastructure-as-code tools, particularly Terraform and CloudFormation.
- Proven experience with cloud platforms (AWS preferred) and containerization technologies (Docker, Kubernetes).
- Strong knowledge of cloud networking and security configuration, including VPCs, security groups, load balancers, subnets, VPN, IAM, EC2 optimization, and cloud file systems (EFS, S3).
- Proficiency in scripting and programming languages such as Python, including experience with serverless technologies (AWS Lambda).
- Experience with CI/CD tools like Jenkins.
- Solid understanding of security principles and best practices.
- Experience with security and observability tooling (e.g., static/dynamic analysis tools, vulnerability scanners).
- Excellent communication and collaboration skills.
Bonus Points
- Experience in the fintech industry.
- Knowledge of compliance and regulatory requirements (e.g., SOC 2, PCI DSS).
- Experience with security information and event management (SIEM) systems.
- Experience in PostgreSQL, MySQL, and ETL tool
- Any ERP experience or knowledge
- GRC experience or knowledge
