Alibaba Cloud-Security Engineer-Berlin, Germany

Job Description

We are seeking a motivated Security Engineer, with a strong focus on vulnerability management and DevSecOps. In this role, you will be responsible for identifying, assessing, and triaging security vulnerabilities within Ververica's products and infrastructure, as well as collaborating with various engineering teams to implement security controls throughout the entire software development lifecycle. You will have the autonomy to define how best to achieve these goals, ensuring our security posture remains robust and our pipelines seamlessly integrate new security measures.

Key Responsibilities

Vulnerability Management

- Plan, run, and continuously improve vulnerability assessments across multiple platforms and environments.

- Collaborate with engineering teams to prioritize and remediate discovered vulnerabilities.

- Develop and manage comprehensive vulnerability management processes, from detection and triage to remediation tracking.

DevSecOps Integration

- Incorporate security measures (e.g., vulnerability/secret scanning, artifact signing, etc) into build pipelines, deployments, and version control workflows.

- Evaluate, compare and implement automated security solutions (SAST, DAST, SCA, container scanning, etc.) to identify and prevent potential risks.

- Work with DevOps team to define best practices for secure CI/CD pipelines and tooling.

Cross-Functional Collaboration

- Serve as a security subject matter expert, partnering with product managers, developers, and operations teams to embed security early in the development lifecycle.

- Provide guidance on secure coding practices, threat modeling, and risk-based approaches to project teams.

Security Monitoring & Incident Response

- Contribute to the creation and refinement of incident response plans, including root-cause analysis and post-mortem reporting.

- Maintain detailed documentation of security incidents, vulnerabilities, and compliance-related activities.

Continuous Improvement & Research

- Stay current on emerging threats, vulnerabilities, and industry best practices.

- Propose and implement security enhancements that balance innovation, user experience, and operational efficiency.

Position Requirement

Experience & Education

- 3+ years of hands-on experience in a Security Engineer, DevSecOps, or related cybersecurity role.

- Master's degree in Computer Science, Cybersecurity, or equivalent practical experience.

- Proficient in spoken and written English

Technical Skills

- Proficiency with common vulnerability assessment and penetration testing tools (e.g., Snyk, Trivy, Wiz. etc.).

- Familiarity with CI/CD systems (e.g., GitHub Actions) and the integration of security scans.

- Understanding of containerization platforms (Docker, Kubernetes) and best practices for container security.

- Solid grasp of security principles (authentication, encryption, network security, secure coding).

Soft Skills

- Strong analytical thinking and ability to work independently to define the best approach for mitigating risks.

- Excellent communication skills to convey security issues and best practices to non-security stakeholders.

- Collaborative mindset to align with cross-functional teams on security improvements.