Interval GroupRemote
CI/CD Engineering – Security & Compliance
Germany
Contract
5 days ago
No Sponsorship
Key skills
AnsibleCloudGoogle Cloud PlatformGrafanaKubernetesPrometheusTerraformVaultGCPGoogle CloudGKEIAMGitLabGitOpsCI/CDTrivyPenetration TestingNetwork Security
About this role
Role Overview
- Designing and implementing DevSecOps architectures ensuring integrity, confidentiality and availability across systems, pipelines and repositories
- Developing and configuring CI/CD pipelines with built-in security scanning, compliance checks and automated validation
- Implementing secure configuration, access controls and encryption for systems, repositories and deployment pipelines
- Conducting risk assessments and threat modelling to proactively identify and mitigate weaknesses in DevOps workflows
- Automating infrastructure provisioning using Terraform, Ansible or OpenTofu following security and reliability best practices
- Designing and implementing self-service interfaces enabling developers to access security tools directly
- Integrating security tools into CI/CD pipelines as part of standard development workflows
- Automating SBOM and KBOM generation using tools such as Trivy, Syft and Dependency-Track, integrating outputs into CI/CD pipelines
- Continuously monitoring systems and containers for vulnerabilities, prioritising findings and coordinating remediation
- Conducting security hardening activities including least privilege enforcement, secure configuration baselines and penetration testing
- Performing regular audits of configurations, user access and system logs
- Creating and maintaining comprehensive documentation on architecture, configurations, processes and incident response plans
Requirements
- Proven experience implementing DevSecOps practices end-to-end, embedding security controls into CI/CD pipelines and platform layers
- Extensive hands-on experience designing, operating and troubleshooting large-scale Kubernetes platforms, including scheduling, networking (CNI), storage, RBAC, admission controllers and API extensions
- Strong hands-on experience with GitOps workflows using Argo CD and FluxCD in production environments
- Strong hands-on experience with Infrastructure-as-Code using Terraform or OpenTofu
- Strong operational experience with Harbor as a central artifact registry
- Solid understanding of software supply chain security including artifact signing, provenance, attestations and dependency tracking
- Experience with SBOM standards such as CycloneDX and hands-on experience with Trivy, Dependency-Track and DefectDojo
- Strong expertise building and operating observability stacks centred around Prometheus, with advanced Grafana experience
- Strong hands-on experience with GCP, particularly GKE, IAM, workload identity and networking
- Extensive experience operating and scaling GitLab in large environments, including highly available architectures, CI workload management and access control governance
- Deep understanding of encryption mechanisms, PKI and network security principles
- Fluent English (B2 minimum)
- Desirable German language for understanding ISO certificate documents
- Experience operating platforms in regulated environments
- Familiarity with policy-as-code frameworks such as Kyverno
- Experience with secrets management solutions such as HashiCorp Vault
- Familiarity with progressive delivery approaches such as Argo Rollouts
- Exposure to multi-cloud or hybrid cloud architectures beyond GCP
- Familiarity with SCA tools and SAST practices
Tech Stack
- Ansible
- Cloud
- Google Cloud Platform
- Grafana
- Kubernetes
- Prometheus
- Terraform
- Vault
Benefits
- Flexible working hours
- Freedom to choose your own projects
- Access to exciting projects in various industries
- Support in advancing your career
- Competitive pay
- Dedicated team assistance