DevOps Security Contractor

Upwave: The Brand Outcomes Measurement PlatformUpwave is a leading measurement company entirely focused on measuring and optimizing upper funnel campaigns.. The world's leading advertisers, agencies, and media partners trust Upwave's robust, AI-driven platform to bring science to the top of the funnel.With Upwave, marketers maximize the effectiveness of brand spend. Upwave measures Brand Lift, validates Brand Reach, and surfaces Brand Optimization opportunities in one, dynamic platform with cross-channel brand measurement for CTV, Digital, Social, Linear, Addressable, Retail Media, Streaming Audio and more.We're a profitable, growth-stage company backed by leading venture investors (Y Combinator, Uncork Capital, Bloomberg Beta, Initialized Capital, PivotNorth, Ridge Ventures, Industry Ventures, Conductive Ventures,) and leading AdTechfounders & CEOs.We're a humble but ambitious team that takes its work seriously but never ourselves. Come join us.DevOps Security Contractor (Part-Time | 10–20 hrs/month)We are seeking an experienced DevOps + Security Contractor to provide ongoing guidance, system review, and hands-on support as needed. This role is ideal for a senior-level expert who can help ensure our infrastructure, systems, and processes follow modern security best practices while remaining lightweight and scalable.What You'll DoProvide ongoing DevOps and security guidance to engineering and leadershipReview current infrastructure (cloud, CI/CD, access controls) and recommend improvementsConduct periodic security audits and risk assessmentsAdvise on and help implement best practices across cloud security, IAM, and data protectionSupport incident response for security-related events, as well as helping refine our incident response proceduresReview and strengthen deployment pipelines and system architectureAssist with security tooling selection and implementation (monitoring, alerting, vulnerability scanning)Help ensure alignment with SOC 2 and general compliance standardsPartner with engineering on secure system design and new builds when neededDocument recommendations and maintain lightweight security playbooksWhat We're Looking For15+ years in DevOps, Cloud Infrastructure, or Security EngineeringStrong experience with AWS platformDeep understanding of:Infrastructure security & hardeningIdentity & access management (IAM)CI/CD securityIncident response and monitoringExperience supporting SOC 2 or similar compliance frameworksAbility to operate independently in a low-hour, high-impact capacityStrong communication skills—able to translate risk into practical actionEngagement DetailsTime Commitment: ~10–20 hours per monthStructure: Ongoing advisory + potential on-call support for incidentsFlexibility: Async-friendly, with occasional scheduled check-ins. You'll be working with a California-centric team, so must have at least 2-3 hours of overlap with standard PST working hours.Scope: Strategic guidance + light hands-on execution as needed