DevSecOps/DevOps Engineer

This is a fully remote position, open to applicants in Germany.

📋 Description

• Take charge of the Alert Lifecycle: Lead the efforts in triaging security alerts and vulnerabilities. Your role will involve more than just "fixing bugs"; you will coordinate effective remediations and develop systems that prevent future occurrences.

• Advocate for "Shift-Left": Seamlessly incorporate automated security testing, vulnerability scanning, and compliance checks directly into our CI/CD pipelines.

• Enhance Cloud Security: Utilize Terraform and Terragrunt to transform our AWS infrastructure into a benchmark for "Security as Code."

• Automate Compliance Processes: Collaborate within a proactive Platform Squad to convert regulatory requirements into automated guardrails, ensuring compliance is an integral part of our engineering process rather than a manual task.

• Secure Core Systems: Oversee and harden our data layers (PostgreSQL, Redis) while managing our K8s environment with a zero-trust approach, including applications.

• Act as the Security Mentor: Work alongside development squads to identify and address vulnerabilities early in the software development lifecycle.

⛳️ Requirements

• Extensive knowledge of application security, including common vulnerabilities (OWASP Top 10), secure coding practices, dependency scanning, and remediation techniques.

• In-depth understanding of infrastructure security, covering secure configurations, network segmentation, encryption in transit and at rest, and access controls.

• Solid foundation in DevOps: Proven experience in AWS environments, managing Infrastructure as Code (Terraform), and working with containers (Docker/K8s).

• Security-Oriented Mindset: You not only build pipelines but also consider how they might be compromised. Familiarity with encryption, network segmentation, and secure access protocols is essential.

• Problem-Solving Skills: Enjoy Linux administration and possess the ability to automate tasks using Python, Go, or Node.js.

• Effective Communication: Capable of articulating complex security risks to developers in an inspiring way that motivates them to take action. (English is our primary working language.)

🏝️ Benefits

• Flexibility & Work-Life Balance: We embody the health-tech mission with flexible working hours, a remote-friendly setup within Germany, and a culture that values your "deep work" time.

• Budget allocated for learning & development, conferences, and coaching—tailored to your potential and growth opportunities.

• High level of ownership and decision-making autonomy—no micromanagement. We hire experts who know their craft.

• Access to all Caspar offerings aimed at enhancing mental and physical well-being.

• Ample time to recharge with 30 vacation days per year.

• Enjoy unlimited snacks, group sports sessions, a continuously stocked drinks fridge, and a healthy dose of humor included.