Senior DevSecOps Engineer (Azure)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior DevSecOps Engineer (Azure/Kubernetes): Securing Azure and Kubernetes Data & AI platforms by integrating security into CI/CD pipelines and infrastructure with an accent on policy-as-code and vulnerability management. Focus on hardening Kubernetes clusters, securing ML/MLOps workloads, and ensuring compliance with ISO 27001 and the EU AI Act.
Location: Cologne, Remote possible
Company
Europe’s leading online pharmacy driven by cutting-edge innovation to ensure health access for everyone.
What you will do
- Build and maintain secure CI/CD pipelines in Azure DevOps or GitHub Actions, focusing on secrets hygiene, SAST/DAST, and supply-chain hardening.
- Automate security guardrails in infrastructure using Terraform and policy-as-code tools like Azure Policy and OPA/Conftest.
- Harden Kubernetes environments by implementing RBAC, NetworkPolicies, Pod Security Standards, and admission controllers.
- Manage cloud identities and data protection via Entra ID, Key Vault, and Private Link to ensure least-privilege access.
- Secure MLOps workflows and AI services, specifically locking down Databricks Unity Catalog, MLflow, and model registries.
- Coordinate CVE triage, maintain SBOMs, and ensure audit readiness for ISO 27001, GDPR, and the EU AI Act.
Requirements
- Experience as a DevSecOps or Cloud Security Engineer within Azure and Kubernetes environments.
- Hands-on expertise with Azure DevOps or GitHub Actions for automating security checks.
- Proficiency in Azure security services including Entra ID, Key Vault, Defender for Cloud, and Sentinel.
- Strong understanding of vulnerability management, SBOM creation, and CVE remediation workflows.
- Knowledge of Data & AI/ML security, including Databricks and privacy-by-design principles.
- Must be based in or have the legal right to work in the region of Cologne, Germany.
Nice to have
- Experience with ACR image scanning tools like Trivy or Defender.
- Knowledge of OPA/Gatekeeper, Kyverno, CodeQL, Dependabot, or Checkov/tfsec.
- Experience with Databricks Unity Catalog and SCIM/AAD integration.
Culture & Benefits
- Flexible remote work options, including the possibility to work from anywhere in the EU for up to 20 days per year.
- Childcare support with a kindergarten grant of €100 per month.
- Full coverage of the Deutschland Ticket for stress-free commuting.
- Free and anonymous professional mental health support.
- Health and fitness perks including an Urban Sports Club membership.
- Commitment to personal development through internal and external training.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →