Remotery

Senior DevSecOps Engineer

Posted 3 days ago

This is a fully remote position, open to applicants in Germany.

📋 Description

• Develop and oversee secure CI/CD pipelines using Azure DevOps or GitHub Actions, focusing on secrets management, signed artifacts/SBOMs, SAST/DAST/container scanning, least-privilege service connections, and hardened supply chains.

• Implement security automation in infrastructure via Terraform by enforcing guardrails through policy-as-code (Azure Policy, OPA/Conftest) and continuous IaC scanning (Checkov/tfsec).

• Strengthen Kubernetes security by applying RBAC, NetworkPolicies, Pod Security Standards, managing secrets, and implementing image signing/scanning along with admission policies (Gatekeeper/Kyverno).

• Safeguard cloud identities and data by managing Entra ID roles/Managed Identities, Key Vault, Private Link/NSGs, ensuring encryption both at rest and in transit, and applying just-in-time/least-privilege access controls.

• Ensure the security of ML/MLOps by securing Databricks (Unity Catalog permissions, secret scopes), MLflow/model registry, and feature stores; enhance model artifact signing, provenance tracking, and runtime isolation for training and serving.

• Oversee monitoring, logging, and response by integrating platform and security telemetry with Microsoft Sentinel/Defender, establishing alerts and runbooks, and supporting incident response and tabletop exercises.

• Manage CVE and vulnerability assessments by maintaining and publishing SBOMs, continuously scanning for vulnerabilities, triaging CVEs (including CVSS scoring and exploitability context), coordinating mitigations and patches, tracking exposure windows and SLAs, verifying remediation, and reporting metrics to SecOps/GRC.

• Develop concepts and architecture by drafting and maintaining reference architectures, trust-boundary diagrams, data classification schemes, environment isolation patterns, secure secret/key management strategies, and network segmentation for AI services.

• Support compliance and assurance efforts by contributing to risk assessments and threat modeling (including AI-specific risks such as prompt injection, data exfiltration, and model theft), facilitating DPIAs, conducting vendor/third-party risk reviews, penetration tests, control testing, evidence collection, and ensuring audit readiness for ISO 27001, GDPR, and applicable EU AI Act/NIS2 regulations.

• Oversee governance by maintaining security baselines and exceptions, owning platform security KPIs, and ensuring adherence to retention policies, access reviews, and comprehensive audit trails (code → data → model → deployment).


⛳️ Requirements

• Proven experience as a DevSecOps / Cloud Security Engineer (or DevOps with a strong security emphasis) in Azure and Kubernetes environments.

• Proficient with Azure DevOps/GitHub Actions; skilled in automating guardrails and checks within pipelines.

• Solid understanding of Azure security tools (Entra ID, Key Vault, Azure Policy, Defender for Cloud, Sentinel) and Kubernetes security practices.

• Familiarity with vulnerability management and CVEs, including SBOM creation, dependency/container/IaC scanning, triage/prioritization, remediation workflows, and SLA tracking.

• Knowledge of Data & AI/ML security, including Databricks (Unity Catalog, SCIM/AAD), MLflow/model registry, secrets, data governance, and privacy-by-design principles.

• Comfortable collaborating with central Security and compliance teams, contributing to audits and group standards, and translating requirements into actionable controls.

• A shift-left mindset: you engage collaboratively across teams, codifying controls, and tackling real-world security challenges in a cloud-based Data & AI platform.


🏝️ Benefits

• Work from Home: If your role does not require office presence, we can arrange a personalized work-from-home setup, allowing for up to 20 days a year to work from anywhere in the EU.

• Redcare events: We foster team bonding through creative team-building activities and celebrate our achievements at regularly scheduled gatherings.

• Kindergarten Grant: We provide employees who incur childcare expenses in kindergarten with a monthly grant of €100.00.

• Mental Health: Receive prompt and professional support from psychologists if you feel overwhelmed in your personal or professional life, all services are anonymous and free of charge.

• Personal Development: We prioritize continuous learning and support your career growth through both internal and external training opportunities.

• Mobility: Your commute is important to us. We offer a fully subsidized Deutschland Ticket for your use at any time.

• Sports & Health: Your well-being is our priority. We provide a range of opportunities to enhance your health, including a membership (M) package at Urban Sports Club, featuring a variety of sports options tailored to your interests.

People also viewed

N2JSoft, administrative and HR softwares13 hours ago

DevOps confirmé

FR flagFrance OnlyFull-timeDevOps & Site Reliability Engineer (SRE)€60k/year
ApplyView job
It's Prodigy14 hours ago

DevOps Engineer, Cloud

Anywhere in the WorldFull-timeDevOps & Site Reliability Engineer (SRE)
ApplyView job
ARA1 day ago

Senior Site Reliability Engineer

US flagNew Mexico OnlyFull-timeDevOps & Site Reliability Engineer (SRE)
ApplyView job
Kenlo2 days ago

Analista de Infraestrutura, SRE, DevOps

BR flagBrazil OnlyFull-timeDevOps & Site Reliability Engineer (SRE)
ApplyView job
Ad Hoc LLC2 days ago

Senior Site Reliability Engineer

North AmericaFull-timeDevOps & Site Reliability Engineer (SRE)$135k – $150k/year
ApplyView job
Assured3 days ago

Staff Database Reliability Engineer, DBRE

US flagUnited States OnlyFull-timeDevOps & Site Reliability Engineer (SRE)$165k – $185k/year
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers