Senior SecOps Engineer (AI)

TL;DR

Senior SecOps Engineer (AI): Leads the design, automation, and operation of security controls for Libra's legal AI platform and infrastructure, with an accent on securing internal and external traffic, identities, and data end-to-end. Focus on building robust, observable, and compliant systems that enable fast, safe delivery through least-privilege access, strong encryption, and continuous monitoring.

Location: Hybrid work in Berlin or Huerth, Germany (8 days/month in office). Opportunity to work from anywhere within the EU for up to 20 days within a twelve-month period.

Company

hirify.global, through its Libra AI platform, is a global leader in legal information services, building an AI workspace for lawyers in Europe.

What you will do

• Own end-to-end security for internal and external traffic across Open Telekom Cloud (OTC) and Microsoft Azure.
• Define and operate IAM and RBAC, including SSO/SCIM provisioning and least-privilege access policies.
• Govern access to sensitive data and operational databases with policy-based controls, data masking, and query auditing.
• Implement and manage secrets and key management, including rotation, revocation, and encryption standards.
• Build and operate audit logging and SIEM pipelines, including alert tuning, dashboards, and on-call runbooks.
• Lead incident response readiness and execution, including playbooks, tabletop exercises, and post-incident reviews.
• Drive vulnerability and patch management, integrating SCA/SAST/DAST into CI/CD pipelines.
• Secure endpoints, containers, and runtime systems using EDR, admission policies, and sandboxing.
• Conduct security reviews and threat modeling for architecture changes, releases, and third-party integrations.
• Partner with DevOps and engineering to embed security controls into Terraform/Ansible and the SDLC.

Requirements

• Strong experience operating security controls in cloud environments, ideally Open Telekom Cloud (OTC) or OpenStack.
• Deep knowledge of IAM/RBAC, SSO/SCIM, and least-privilege access design.
• Proficiency in network and perimeter security (TLS/mTLS, WAF, IDS/IPS, VPN/Zero Trust).
• Hands-on experience with secrets and key management (Vault, KMS/HSM) and encryption best practices.
• Experience building and tuning SIEM, EDR, and log pipelines; strong detection engineering and incident response skills.
• Familiarity with vulnerability management and CI/CD security (SCA/SAST/DAST, container scanning) and system hardening.
• Solid understanding of European data protection and security compliance (e.g., GDPR, ISO 27001/SOC 2).
• Excellent communication skills in English.
• Entrepreneurial mindset with a strong sense of urgency; self-starter who works independently while aligning to team goals.

Nice to have

• German language skills.

Culture & Benefits

• Permanent employment from day one.
• Work remotely up to 3 days per week (home office) with flexible working hours.
• Work from anywhere within the EU for up to 20 days within a twelve-month period.
• 26 vacation days, plus 1 additional day off per year for volunteer work.
• Support for development: E-learning via LinkedIn, online language training with goFluent, and other training opportunities.

Hiring process

• Candidates are asked to participate in interviews without the assistance of AI tools or external prompts.
• Remove virtual backgrounds during interviews.
• Applicants may be required to appear onsite at a hirify.global office.