About Humai

We're revolutionizing workplace efficiency through cutting-edge AI solutions. Based in Dubai's thriving tech ecosystem, we empower enterprises to automate processes, boost productivity, and unlock actionable insights that drive real business outcomes. Join us at the forefront of the AI-driven business transformation.

The Opportunity

We're looking for a DevOps Engineer who treats security as a first principle, not an afterthought. You'll architect and operate the infrastructure powering enterprise AI products that handle sensitive data at scale. This is a role for someone who gets excited about building bulletproof systems that ship fast and sleep soundly.

What you’ll do

• Cloud & Networking: Build and operate GCP, Azure and AWS orgs: projects, VPCs, peering, Cloud NAT, Private Service Connect, DNS, CDN, WAF.
• App Platforms: Ship services on Cloud Run, ECS Fargate, Azure Container Apps; scale to GKE/AKS/EKS when complexity demands.
• IaC & CI/CD: Terraform (or Pulumi) for everything; GitHub Actions for pipelines, blue-green/canary releases, automated tests and security scans.
• Security Posture: Enforce SSO/SAML (JumpCloud/Okta), secrets management (GCP Secret Manager/Vault), least-privilege IAM, key rotation, mTLS/HSTS/TLS, SBOM & image signing, CIS hardening, WAF rules, rate limiting, and Zero Trust (Cloudflare).
• Observability: Set up logging/metrics/tracing (Cloud Logging, Prometheus/Grafana, OpenTelemetry), error monitoring (Sentry), alerting & on-call.
• Data & Reliability: Operate Postgres/Redis/BigQuery; backups, PITR, DR/BCP with clear RPO/RTO, encryption in transit/at rest/KMS; cost controls and budgets.
• Compliance-Ready: Map controls for SOC 2, GDPR, and regional requirements (data residency, DPA workflows); evidence collection automation.
• Edge & Delivery: Optimize Cloudflare Pages/Workers/Rulesets where appropriate; performance budgets and cache strategies.
• Cost & Performance: Budgets/alerts, perf SLOs, cache/CDN strategies.

Requirements

• 4+ years in DevOps/SRE and practical security engineering (DevSecOps preferred).
• Strong with AWS (Orgs/IAM/VPC/ALB/NLB/ECS or EKS), GCP (projects/IAM/VPC/Cloud Run or GKE), Terraform, GitHub Actions, containers, and networking.
• Proven experience with Cloudflare (WAF/Access/Zero Trust) and web security headers/CSP.
• Solid grasp of IAM, secrets mgmt, KMS, TLS/mTLS, SBOM & signing, SCA/DAST.
• Comfortable automating in Python/Go/Bash and writing policy-as-code.
• Exposure to SOC 2/GDPR (or ISO 27001) and evidence workflows.

Nice to have

• ArgoCD/Flux, Helm, Kustomize; service mesh (Istio/Linkerd).
• Static analysis & supply-chain tools (Trivy, Grype, Cosign, SLSA).
• Threat modeling, SIEM/EDR integrations (e.g., CrowdStrike/SentinelOne).
• Experience with Cloudflare Zero Trust, WARP, Access, and tunnel setups.
• Familiarity with multi-region rollout, blue/green + feature flags (LaunchDarkly).
• EKS/GKE production ops (Helm/Kustomize), service mesh (Istio/Linkerd).
• AWS Control Tower/Landing Zone patterns; OPA/Gatekeeper; SLSA alignment.
• Data security: tokenization, Vault Transit, Macie; BigQuery/Lake/Warehouse controls.
• UAE/EU data residency experience (cross-border transfer mechanisms).