CI/CD Engineering – Security & Compliance (PID0621)

This is a remote position.

This is a contract position for 1 FTE. A daily rate is available for this engagement.

This role involves designing and automating secure DevOps architectures to enhance developer self-service and platform integrity. As a DevSecOps Platform Engineer, you will integrate advanced security tooling and observability into CI/CD pipelines within a cloud-native environment.

• English is the only language requirement.
  

• Only occasional onsite visits in Germany are required.
  

Responsibilities

• Analyse program requirements to design secure, scalable architectures that address complex integration and compliance needs.
  

• Develop and configure CI/CD pipelines featuring built-in security scanning, compliance checks, and automated validation.
  

• Implement secure configurations, access controls, and encryption for repositories, systems, and deployment workflows.
  

• Automate infrastructure provisioning and management using tools such as Terraform or OpenTofu.
  

• Design user-friendly self-service interfaces and APIs to allow developers to access security tools seamlessly.
  

• Drive automation efforts for the generation and validation of Software Bill of Materials (SBOMs) and KBOMs during build processes.
  

• Conduct continuous vulnerability management, risk assessments, and threat modelling to identify and mitigate potential weaknesses.
  

• Maintain system availability through disaster recovery planning, incident response, and routine audits of system logs and user access.
  

• Create comprehensive documentation, including step-by-step guides, architecture diagrams, and FAQs for internal and external stakeholders.
  

• Collaborate with cross-functional teams to resolve issues, implement new features, and ensure systems run optimally under data protection requirements.
  

Requirements

• Proven experience implementing end-to-end DevSecOps practices and embedding security controls into platform layers.
  

• Extensive hands-on experience designing, operating, and troubleshooting large-scale Kubernetes platforms, including deep knowledge of CNI, RBAC, and admission controllers.
  

• Strong proficiency with GitOps workflows using Argo CD or FluxCD in production environments.
  

• Direct experience with Infrastructure-as-Code (IaC) using Terraform or OpenTofu.
  

• Hands-on expertise with Google Cloud Platform, specifically GKE operations, IAM workload identity, and VPC networking.
  

• Operational experience with artifact registries such as Harbor and security tooling like Trivy, Dependency-Track, or DefectDojo.
  

• Solid understanding of software supply chain security, including artifact signing, provenance, and SBOM standards like CycloneDX.
  

• Advanced experience building observability stacks centered around Prometheus and Grafana, including custom security-focused dashboards.
  

• Strong background in operating and scaling GitLab architectures for large CI workloads.
  

• Deep understanding of encryption mechanisms, asymmetric cryptography, and PKI.
  

• Eligibility Residency in the EU, EEC, UK, or Switzerland.
  

Preferred Requirements

• Experience operating platforms within highly regulated environments or critical infrastructure.
  

• Familiarity with policy-as-code frameworks such as Kyverno.
  

• Experience with secrets management solutions like HashiCorp Vault.
  

• Ability to reference technical documentation relating to international security standards and certifications.
  

Benefits