Senior DevSecOps / DevOps Cloud Security Engineer

We are looking for a Cloud Security Engineer who, following DevSecOps principles, will be responsible for the security of our cloud-based infrastructure and CI/CD processes. Your mission will be to proactively identify security gaps, implement security controls, and harden our Kubernetes environment.

Must-Have Requirements

• More than 5+ years of relevant experience in a DevOps role.
• In-depth understanding of cloud and Kubernetes security principles and best practices.
• Hands-on experience with Kubernetes security tools (Kyverno, Gatekeeper, Cilium).
• Strong proficiency in Secret Management solutions (Azure Key Vault).
• Experience integrating vulnerability scanning tools (Trivy) into CI/CD environments.
• Solid knowledge of Identity and Access Management (IAM, RBAC) and authentication protocols (Keycloak).
• Familiarity with Infrastructure as Code (Terraform) and GitOps (ArgoCD) from a security perspective.

Nice-to-Have Skills

• Broader DevOps experience in managing production environments.
• Deep knowledge of the full Prometheus monitoring stack (Loki, Alertmanager, etc.).
• Relevant security certifications (e.g., CKS, AZ-500).
• Proficiency in scripting languages (e.g., Python, Bash) for automation tasks.

Daily Responsibilities

• Kubernetes Cluster Security: Implementing and managing security policies using Kyverno and Gatekeeper to secure the cluster.
• Secret Management: Ensuring the secure storage and access of secrets using Azure Key Vault and the AKV2K8S integration.
• Identity & Access Management: Configuring and maintaining Role-Based Access Control (RBAC) systems with Keycloak.
• Security Scanning: Automatically detecting vulnerabilities during the build process by integrating Trivy into GitLab pipelines.
• Network Security: Filtering network traffic and managing network policies with Ciliumand Traefik.
• Image Signing: Implementing and managing the container image signing process to secure the software supply chain.
• Security Monitoring: Monitoring for security events and anomalies and managing alerts using the Prometheus, Loki, and Alertmanager stack.
• Continuous Updates: Managing the automated update of dependencies and system components using Renovate. 

What we offer:

🌍 Work from Anywhere: The flexibility to work remotely or from our office, depending on what suits you best.

🌱 Work-Life Balance: We support your well-being with paid vacation and sick leave to ensure you have the time you need to recharge. Enjoy a flexible schedule that fits your lifestyle.

📊 Full Accounting Support: We handle all administrative details, including tax coverage and comprehensive accounting support.

💰 Competitive Compensation: Competitive compensation that reflects your experience and skills.

👥 Friendly Team & Cozy Environment: Join a supportive, collaborative team. We also offer thoughtful gifts and organize engaging corporate events.

🚀 No Bureaucracy, No Micromanagement: A workplace with minimal bureaucracy and no micromanagement. Embrace the freedom to innovate and excel in an environment where everyone feels valued and heard.