CI/CD Engineer – Security & Compliance

This is a fully remote position, open to applicants in Germany.

📋 Description

• Develop, implement, and maintain robust infrastructure solutions while upholding the highest standards of integrity, confidentiality, and system availability.

• Empower engineering teams by providing security tools through self-service interfaces and automating intricate compliance workflows.

• Play a central role in enhancing continuous integration and delivery across a varied service landscape.

• Evaluate program requirements to create secure, scalable architectures that meet complex integration and compliance demands.

• Build and configure CI/CD pipelines that incorporate built-in security scanning, compliance checks, and automated validation.

• Establish secure configurations, access controls, and encryption for repositories, systems, and deployment workflows.

• Automate infrastructure provisioning and management using tools like Terraform or OpenTofu.

• Create intuitive self-service interfaces and APIs to enable seamless access to security tools for developers.

• Lead automation initiatives for generating and validating Software Bill of Materials (SBOMs) and Knowledge Bill of Materials (KBOMs) during build processes.

• Perform ongoing vulnerability management, risk assessments, and threat modeling to identify and mitigate potential vulnerabilities.

• Ensure system availability through disaster recovery planning, incident response, and regular audits of system logs and user access.

• Produce thorough documentation, including step-by-step guides, architecture diagrams, and FAQs for both internal and external stakeholders.

• Work collaboratively with cross-functional teams to address issues, implement new features, and ensure optimal system performance under data protection requirements.

⛳️ Requirements

• Demonstrated experience in implementing comprehensive DevSecOps practices and integrating security controls into platform layers.

• Extensive hands-on experience in designing, operating, and troubleshooting large-scale Kubernetes platforms, along with in-depth knowledge of CNI, RBAC, and admission controllers.

• Strong expertise in GitOps workflows utilizing Argo CD or FluxCD in production settings.

• Direct experience with Infrastructure-as-Code (IaC) utilizing Terraform or OpenTofu.

• Practical knowledge of Google Cloud Platform, particularly GKE operations, IAM workload identity, and VPC networking.

• Operational familiarity with artifact registries like Harbor and security tools such as Trivy, Dependency-Track, or DefectDojo.

• Comprehensive understanding of software supply chain security, including artifact signing, provenance, and SBOM standards like CycloneDX.

• Advanced experience in building observability stacks centered around Prometheus and Grafana, including custom security-focused dashboards.

• Strong background in managing and scaling GitLab architectures for large CI workloads.

• In-depth understanding of encryption mechanisms, asymmetric cryptography, and Public Key Infrastructure (PKI).

🏝️ Benefits

• Flexible working hours

• Freedom to select your own projects

• Opportunity to engage in exciting projects across various industries

• Support for career advancement

• Competitive compensation

• Dedicated team support