Senior Security Engineer – Cloud Security, Security Operations
Germany
Full Time
5 hours ago
H1B Sponsor
Key skills
CloudGoogle Cloud PlatformKubernetesSplunkGCPGoogle CloudGitHub ActionsIAMDatadogGitHubSaaSAtlassianJiraCI/CDCloud Security
About this role
Role Overview
- Own and strengthen our Cloud Security posture
- Design and continuously improve Moss’ security architecture in GCP, including IAM design, organisational policies, logging strategy, and network controls.
- Own and evolve our Cloud Security Posture Management setup in Wiz, prioritising and driving remediation of misconfigurations, identity risks, vulnerabilities, and runtime threats.
- Work closely with Platform Engineering to embed scalable and pragmatic security guardrails into our infrastructure.
- Own and evolve our Security Operations capabilities
- Own and continuously improve our Datadog Cloud SIEM.
- Develop, tune, and maintain detection rules across cloud logs, identity systems, SaaS integrations, and security-relevant application logs. Improve signal quality by reducing noise and increasing risk-based, actionable alerting.
- Drive the integration of critical systems into the SIEM as part of vendor onboarding and annual control reviews. Improve alert routing, triage workflows, and response coordination across Slack and Jira.
- Lead detection engineering & monitoring strategy
- Translate threat scenarios and real-world attack paths into effective detection coverage.
- Continuously improve log ingestion strategies across GCP, Google Workspace, Wiz, Atlassian, Jumpcloud and other critical systems.
- Identify visibility gaps and close them pragmatically. Define and track detection coverage and maturity improvements over time.
- Lead security investigations and response enablement
- Investigate complex cloud and SaaS security events and incidents.
- Improve incident response playbooks, post-incident reviews, and learning loops. Contribute to reducing Mean Time to Detect (MTTD) and improving overall response effectiveness.
Requirements
- Proven experience (5+ years) in security engineering with deep hands-on expertise in cloud security and security operations.
- Strong practical experience securing GCP environments, including IAM, Cloud Audit Logs, organisational policies, and network architecture.
- Strong experience securing Kubernetes environments (RBAC, service accounts, Workload Identity, network policies, container risks).
- Experience building and operating SIEM platforms (Datadog preferred; Splunk, Elastic or similar acceptable). You have built and tuned detection rules, improved signal-to-noise ratio, and increased detection quality.
- Experience with Cloud Security Posture Management tools (Wiz preferred) and risk-based remediation workflows.
- Experience securing CI/CD pipelines (e.g. GitHub Actions), including identity federation and secret management.
- Strong understanding of cloud attack paths, identity risks, and modern infrastructure threats.
- Experience working in cloud-native, DevOps-driven environments.
- Fluent English language skills, verbal and written.
Tech Stack
- Cloud
- Google Cloud Platform
- Kubernetes
- Splunk
Benefits
- 20 days “work from abroad”
- 600EUR/GBP Learning & Development Budget
- other local benefits