CI/CD Engineering – Security & Compliance

This is a fully remote position, open to applicants in Germany.

📋 Description

• Designing and executing DevSecOps architectures to ensure integrity, confidentiality, and availability across systems, pipelines, and repositories.

• Developing and configuring CI/CD pipelines that incorporate security scanning, compliance verification, and automated validation.

• Implementing secure configurations, access controls, and encryption for systems, repositories, and deployment pipelines.

• Conducting risk assessments and threat modeling to proactively identify and address vulnerabilities in DevOps workflows.

• Automating infrastructure provisioning using Terraform, Ansible, or OpenTofu, adhering to security and reliability best practices.

• Creating and implementing self-service interfaces that allow developers to directly access security tools.

• Integrating security tools into CI/CD pipelines as part of the standard development process.

• Automating SBOM and KBOM generation utilizing tools like Trivy, Syft, and Dependency-Track, and incorporating outputs into CI/CD pipelines.

• Continuously monitoring systems and containers for vulnerabilities, prioritizing findings, and coordinating remediation efforts.

• Performing security hardening activities, including least privilege enforcement, secure configuration baselines, and penetration testing.

• Conducting regular audits of configurations, user access, and system logs.

• Creating and maintaining thorough documentation regarding architecture, configurations, processes, and incident response plans.

⛳️ Requirements

• Demonstrated experience in implementing end-to-end DevSecOps practices, integrating security controls within CI/CD pipelines and platform layers.

• Extensive hands-on experience in designing, managing, and troubleshooting large-scale Kubernetes platforms, including scheduling, networking (CNI), storage, RBAC, admission controllers, and API extensions.

• Strong practical experience with GitOps workflows utilizing Argo CD and FluxCD in production settings.

• Strong hands-on experience with Infrastructure-as-Code using Terraform or OpenTofu.

• Significant operational experience with Harbor as a central artifact registry.

• Solid comprehension of software supply chain security, including artifact signing, provenance, attestations, and dependency tracking.

• Familiarity with SBOM standards such as CycloneDX and practical experience with Trivy, Dependency-Track, and DefectDojo.

• Strong expertise in building and managing observability stacks centered around Prometheus, with advanced experience in Grafana.

• Strong hands-on experience with GCP, especially GKE, IAM, workload identity, and networking.

• Extensive experience in managing and scaling GitLab in large environments, including highly available architectures, CI workload management, and access control governance.

• In-depth understanding of encryption mechanisms, PKI, and network security principles.

• Proficiency in English (B2 minimum).

• Desirable proficiency in German for comprehending ISO certificate documents.

• Experience operating platforms in regulated environments.

• Familiarity with policy-as-code frameworks such as Kyverno.

• Experience with secrets management solutions like HashiCorp Vault.

• Familiarity with progressive delivery methods such as Argo Rollouts.

• Exposure to multi-cloud or hybrid cloud architectures beyond GCP.

• Familiarity with SCA tools and SAST practices.

🏝️ Benefits

• Flexible working hours.

• Freedom to select your own projects.

• Access to exciting projects across various industries.

• Support for advancing your career.

• Competitive compensation.

• Dedicated team assistance.