CI/CD Engineering – Security & Compliance (PID0621)

About The Position

Requirements

• Proven experience implementing DevSecOps practices end-to-end, embedding security controls into CI/CD pipelines and platform layers
• Extensive hands-on experience designing, operating and troubleshooting large-scale Kubernetes platforms, including scheduling, networking (CNI), storage, RBAC, admission controllers and API extensions
• Strong hands-on experience with GitOps workflows using Argo CD and FluxCD in production environments
• Strong hands-on experience with Infrastructure-as-Code using Terraform or OpenTofu
• Strong operational experience with Harbor as a central artifact registry
• Solid understanding of software supply chain security including artifact signing, provenance, attestations and dependency tracking
• Experience with SBOM standards such as CycloneDX and hands-on experience with Trivy, Dependency-Track and DefectDojo
• Strong expertise building and operating observability stacks centred around Prometheus, with advanced Grafana experience
• Strong hands-on experience with GCP, particularly GKE, IAM, workload identity and networking
• Extensive experience operating and scaling GitLab in large environments, including highly available architectures, CI workload management and access control governance
• Deep understanding of encryption mechanisms, PKI and network security principles
• Fluent English (B2 minimum)

Nice To Haves

• German language for understanding ISO certificate documents
• Experience operating platforms in regulated environments
• Familiarity with policy-as-code frameworks such as Kyverno
• Experience with secrets management solutions such as HashiCorp Vault
• Familiarity with progressive delivery approaches such as Argo Rollouts
• Exposure to multi-cloud or hybrid cloud architectures beyond GCP
• Familiarity with SCA tools and SAST practices

Responsibilities

• Designing and implementing DevSecOps architectures ensuring integrity, confidentiality and availability across systems, pipelines and repositories
• Developing and configuring CI/CD pipelines with built-in security scanning, compliance checks and automated validation
• Implementing secure configuration, access controls and encryption for systems, repositories and deployment pipelines
• Conducting risk assessments and threat modelling to proactively identify and mitigate weaknesses in DevOps workflows
• Automating infrastructure provisioning using Terraform, Ansible or OpenTofu following security and reliability best practices
• Designing and implementing self-service interfaces enabling developers to access security tools directly
• Integrating security tools into CI/CD pipelines as part of standard development workflows
• Automating SBOM and KBOM generation using tools such as Trivy, Syft and Dependency-Track, integrating outputs into CI/CD pipelines
• Continuously monitoring systems and containers for vulnerabilities, prioritising findings and coordinating remediation
• Conducting security hardening activities including least privilege enforcement, secure configuration baselines and penetration testing
• Performing regular audits of configurations, user access and system logs
• Creating and maintaining comprehensive documentation on architecture, configurations, processes and incident response plans

Benefits

• Flexible working hours
• Freedom to choose your own projects
• Access to exciting projects in various industries
• Support in advancing your career
• Competitive pay
• Dedicated team to help you with any questions
• Work independently
• Utilise our strong network to achieve your professional goals