DevOps Security Contractor

Upwave: The Brand Outcomes Measurement Platform Upwave is a leading measurement company entirely focused on measuring and optimizing upper funnel campaigns.. The world’s leading advertisers, agencies, and media partners trust Upwave’s robust, AI-driven platform to bring science to the top of the funnel. With Upwave, marketers maximize the effectiveness of brand spend. Upwave measures Brand Lift, validates Brand Reach, and surfaces Brand Optimization opportunities in one, dynamic platform with cross-channel brand measurement for CTV, Digital, Social, Linear, Addressable, Retail Media, Streaming Audio and more. We’re a profitable, growth-stage company backed by leading venture investors (Y Combinator, Uncork Capital, Bloomberg Beta, Initialized Capital, PivotNorth, Ridge Ventures, Industry Ventures, Conductive Ventures,) and leading AdTechfounders & CEOs. We’re a humble but ambitious team that takes its work seriously but never ourselves. Come join us. DevOps Security Contractor (Part-Time | 10–20 hrs/month) We are seeking an experienced DevOps + Security Contractor to provide ongoing guidance, system review, and hands-on support as needed. This role is ideal for a senior-level expert who can help ensure our infrastructure, systems, and processes follow modern security best practices while remaining lightweight and scalable. What You’ll Do Provide ongoing DevOps and security guidance to engineering and leadership Review current infrastructure (cloud, CI/CD, access controls) and recommend improvements Conduct periodic security audits and risk assessments Advise on and help implement best practices across cloud security, IAM, and data protection Support incident response for security-related events, as well as helping refine our incident response procedures Review and strengthen deployment pipelines and system architecture Assist with security tooling selection and implementation (monitoring, alerting, vulnerability scanning) Help ensure alignment with SOC 2 and general compliance standards Partner with engineering on secure system design and new builds when needed Document recommendations and maintain lightweight security playbooks What We’re Looking For 15+ years in DevOps, Cloud Infrastructure, or Security Engineering Strong experience with AWS platform Deep understanding of: Infrastructure security & hardening Identity & access management (IAM) CI/CD security Incident response and monitoring Experience supporting SOC 2 or similar compliance frameworks Ability to operate independently in a low-hour, high-impact capacity Strong communication skills—able to translate risk into practical action Engagement Details Time Commitment: ~10–20 hours per month Structure: Ongoing advisory + potential on-call support for incidents Flexibility: Async-friendly, with occasional scheduled check-ins. You’ll be working with a California-centric team, so must have at least 2-3 hours of overlap with standard PST working hours. Scope: Strategic guidance + light hands-on execution as needed