Senior Infrastructure Security Engineer
Role details
Job location
Tech stack
Job description
-
Platform security. Paylogic is a high-value target. Bots, credential stuffing, DDoS, and scalpers are a daily reality on a ticketing platform at this scale. You will own the Akamai stack: WAF (App and API Protector), BMP, Account Protector, and Prolexic for DDoS mitigation. Beyond Akamai, the security scope includes vulnerability scanning, handling responsible disclosures, coordinating penetration tests, running infrastructure audits, and liaising directly with the CTS EVENTIM Germany cybersecurity team. You contribute to the security roadmap. Work does not arrive pre-prioritised on a ticket.
-
Infrastructure reliability. The platform is in-house built. There is no external tooling runbook. When the security queue is lighter, you are doing SRE work: monitoring, incident response, on-call, capacity planning, and automation. The team's default is to replace manual work with code. If you are doing something manually twice, you are expected to automate it.
Day-to-day, you'll be:
-
Tuning, operationalising, and extending the Akamai stack: WAF, BMP, Account Protector, and Prolexic.
-
Running vulnerability scanning and handling responsible disclosures end-to-end.
-
Coordinating penetration tests and infrastructure audits, and following through on findings.
-
Liaising with the EVENTIM Germany cybersecurity team on group-level security alignment.
-
Monitoring and continuously improving platform performance, stability, and security.
-
Leading capacity planning and researching solutions to support growth.
-
Replacing manual work with automation wherever possible.
Platform stack: Ubuntu Linux, Python, Percona MySQL, Memcached, Redis, Nginx, Nginx Unit (ASGI), Apache (WSGI).
Security tooling: Akamai WAF, BMP, Account Protector, Prolexic.
Scripting and automation: Python, Bash., If you have not configured and tuned Akamai WAF policies in a production environment, worked hands-on with Bot Manager Premier and Account Protector, and owned infrastructure on custom Linux systems at scale, this role is not the right fit right now.
Requirements
-
At least 4 years of relevant experience in infrastructure engineering, SRE, or security engineering, with a focus on IT security in a production environment.
-
Production experience with Akamai WAF (App and API Protector or Kona Site Defender), Bot Manager Premier, and Account Protector. No equivalent substitution.
-
Working knowledge of web application security: OWASP Top 10, WAF policy tuning, traffic analysis, and distinguishing a misconfiguration from an active attack under pressure.
-
Networking knowledge relevant to edge security: DNS, HTTP/HTTPS, TLS, DDoS mitigation. Prolexic experience is an advantage.
-
Strong Linux knowledge at the system level. Knowing how the kernel, networking stack, and storage work under the hood matters here, not just how to operate them.
-
Hands-on experience with the platform stack or close equivalents: Python, Percona MySQL, Memcached, Redis, Nginx.
-
Existing experience with Python or another high-level programming language and/or infrastructural automation is a big plus but not a must.
-
Experience running vulnerability scans with a track record of acting on findings.
-
Comfortable working in a small team and taking full ownership of projects end-to-end.
-
A practical mindset: you improve what needs improving and leave working systems alone. We have enough challenges ahead without rebuilding what already works.
