CI/CD Engineering - Security & Compliance (DevSecOps / Platform Engineering)

CI/CD Engineering - Security & Compliance (DevSecOps / Platform Engineering)

We are supporting a major energy-sector digital platform initiative focused on enabling engineering and operations teams through a secure, cloud-native internal developer platform.

We are currently looking for a Senior DevSecOps / Platform Engineer to help design, implement, and operate secure CI/CD and Kubernetes-based platform services, ensuring compliance, scalability, automation, and operational resilience across the organization's engineering ecosystem.

About the Role

In this position, you will play a key role in the Platform Engineering and DevSecOps domain, working closely with Engineering, Operations, and Product teams to deliver secure and scalable CI/CD solutions.

You will contribute to the design and operation of cloud-native infrastructure, security tooling, GitOps workflows, observability platforms, and vulnerability management processes, while supporting software supply chain security and compliance initiatives.

The role combines hands-on technical implementation with platform reliability, automation, governance, and developer enablement responsibilities.

Responsibilities

• Design, implement, and maintain secure DevOps and CI/CD solutions ensuring integrity, confidentiality, and availability of systems and data
• Develop and configure CI/CD pipelines with integrated security scanning and compliance validation
• Implement secure configurations, access controls, encryption mechanisms, and security best practices across repositories, systems, and deployment pipelines
• Automate infrastructure provisioning and management using Infrastructure-as-Code tools such as Terraform, OpenTofu, and Ansible
• Design and operate Kubernetes-based platforms and containerized environments with a strong focus on security, scalability, and operational reliability
• Implement and maintain GitOps workflows using tools such as ArgoCD and FluxCD
• Operate and optimize GitLab environments, including CI workloads, governance, access control, and high-availability architectures
• Integrate and expose security tooling to development teams through self-service workflows and CI/CD integration
• Support vulnerability management and security hardening activities, including patching, dependency management, remediation tracking, and secure baseline enforcement
• Implement and maintain software supply chain security practices including SBOM generation, dependency tracking, artifact signing, provenance, and compliance validation
• Integrate security tooling such as Trivy, Dependency-Track, and DefectDojo into development and deployment workflows
• Build and maintain observability platforms using Prometheus, Grafana, Loki, OpenTelemetry, and related tooling
• Monitor platform reliability, availability, logs, metrics, traces, and incident response activities
• Conduct risk assessments, threat modelling, audits, and compliance reviews
• Collaborate with development, operations, and security stakeholders to support platform evolution and operational excellence
• Produce and maintain technical documentation, architecture diagrams, operational procedures, FAQs, and knowledge base content
• Support disaster recovery planning, backup strategies, and operational continuity initiatives
• Contribute to the continuous improvement of developer experience and platform self-service capabilities

Do you have experience in VPN?, Do you have a Master's degree?, * Bachelor's or Master's degree in Computer Science, Engineering, Information Systems, or equivalent experience

Professional Experience & Expertise

• Strong experience designing and implementing DevSecOps and CI/CD solutions in enterprise environments
• Proven experience embedding security controls into CI/CD pipelines and platform layers
• Strong hands-on experience operating large-scale Kubernetes environments
• Deep understanding of Kubernetes internals including networking, RBAC, admission controllers, storage, scheduling, and API extensions
• Experience implementing container and runtime security in Kubernetes environments
• Strong experience with GitOps workflows using ArgoCD and/or FluxCD
• Strong hands-on experience with Infrastructure-as-Code using Terraform or OpenTofu
• Experience integrating security controls and compliance validation into CI/CD workflows
• Experience operating GitLab in large-scale enterprise environments
• Strong experience managing CI/CD workloads and platform reliability
• Experience with software supply chain security concepts including SBOMs, artifact signing, dependency tracking, attestations, and provenance
• Hands-on experience with security tooling such as Trivy, Dependency-Track, DefectDojo, or similar solutions
• Experience supporting vulnerability management, remediation, and security hardening initiatives
• Strong understanding of cloud and network security principles including segmentation, firewalls, VPNs, and secure communication
• Strong knowledge of encryption, PKI, certificates, and secure communication flows
• Experience working in compliance-driven or regulated environments
• Experience supporting audits and security policy reviews
• Strong collaboration and stakeholder management skills within cross-functional technical environments

Technical Knowledge & Skills

• Kubernetes (GKE preferred)
• GitLab CI/CD
• ArgoCD / FluxCD
• Terraform / OpenTofu
• Docker & container ecosystems
• Harbor registry
• Trivy, Dependency-Track, DefectDojo
• Prometheus, Grafana, Loki, OpenTelemetry
• GCP / GKE / IAM / Networking
• Infrastructure automation and platform engineering
• Observability and monitoring platforms
• Security hardening and vulnerability management
• CI/CD pipeline automation
• Documentation and technical governance
• PostgreSQL, Jira, TestRail

Nice to Have

• Experience operating platforms in regulated or critical infrastructure environments
• Experience with policy-as-code frameworks such as Kyverno
• Experience with secrets management solutions such as HashiCorp Vault
• Familiarity with progressive delivery approaches such as Argo Rollouts
• Experience with multi-cloud or hybrid cloud environments
• Familiarity with Software Composition Analysis (SCA) tools and practices
• Experience with SAST solutions and secure development lifecycle practices
• Experience balancing cloud scalability, operational efficiency, and security requirements

Languages

• Fluent English (mandatory - B2 minimum)
• German is a plus