Senior Expert, DevSecOps Engineering (mfd)

• Build and maintain secure CI / CD pipelines (Azure DevOps or GitHub Actions) : secrets hygiene signed artifacts / SBOMs SAST / DAST / container scanning least‑privilege service connections and supply‑chain hardening.
• Automate security in infrastructure with Terraform : enforce guardrails using policy‑as‑code (Azure Policy OPA / Conftest) and continuous IaC scanning (Checkov / tfsec).
• Harden Kubernetes : implement RBAC NetworkPolicies Pod Security Standards secret management image signing / scanning and admission policies (Gatekeeper / Kyverno).
• Protect cloud identities & data : manage Entra ID roles / Managed Identities Key Vault Private Link / NSGs encryption at rest / in transit and just‑in‑time / least‑privilege access.
• Secure ML / MLOps : lock down Databricks (Unity Catalog permissions secret scopes) MLflow / model registry feature stores; add model artifact signing provenance and runtime isolation for training / serving.
• Monitoring logging & response : wire platform and security telemetry to Microsoft Sentinel / Defender define alerts / runbooks and support incident response and tabletop exercises.
• CVE & vulnerability management : maintain and publish SBOMs; continuously scan for vulnerabilities; triage CVEs (e.g. CVSS scoring exploitability context) coordinate mitigations / patches track exposure windows and SLAs verify remediation and report metrics to SecOps / GRC.
• Concepts & architecture : draft and maintain reference architectures trust‑boundary diagrams data‑classification schemes environment isolation patterns secure secret / key management patterns and network segmentation for AI services.
• Compliance & assurance : contribute to risk assessments and threat modeling (incl. AI‑specific risks : prompt injection data exfiltration model theft) support DPIAs vendor / third‑party risk reviews penetration tests control testing evidence collection and audit readiness for ISO 27001 GDPR and EU AI Act / NIS2 where applicable.
• Governance : maintain security baselines and exceptions own platform security KPIs ensure retention policies access reviews and end‑to‑end audit trails (code data model deployment).

• Experience as a DevSecOps / Cloud Security Engineer (or DevOps with strong security focus) in Azure and Kubernetes environments.
• Hands‑on with Azure DevOps / GitHub Actions ; comfortable automating guardrails and checks in pipelines.
• Working knowledge of Azure security (Entra ID Key Vault Azure Policy Defender for Cloud Sentinel) and Kubernetes security.
• Familiar with vulnerability management & CVEs (SBOM creation dependency / container / IaC scanning triage / prioritization remediation workflows SLA tracking).
• Understanding of Data & AI / ML security : Databricks (Unity Catalog SCIM / AAD) MLflow / model registry secrets data governance and privacy‑by‑design.
• Comfortable interfacing with central Security and compliance teams contributing to audits and group standards and translating requirements into practical controls.
• A shift‑left mindset : you collaborate across teams codify controls and enjoy solving real‑world security challenges in cloud‑based Data & AI platform.

In order to provide our employees with the best possible support for their individual needs we offer a wide range of benefits :

• Work from Home : If your job does not require you to be present in the office we can arrange the place you work from individually - even for up to 20 days a year anywhere in the EU.
• Redcare events : We promote teambuilding through creative team events and celebrate our successes together at regularly scheduled parties.
• Kindergarten Grant : We offer our employees who pay for childcare in kindergarten 10000 (total) per month.
• Mental Health : Get quick and professional help from psychologists if you feel overwhelmed in private or professional life. Anonymous and free of charge.
• Personal Development : We are all constantly learning. Thats why we support and foster your career development through internal & external training and help you grow.
• Mobility : Your commute matters to us. We provide our employees with a fully costed Deutschland Ticket which can be used at any time.
• Sports & Health : Your well‑being is our top priority. Therefore we offer you a range of opportunities to improve your health. Profit from a membership (M) package at Urban Sports Club providing a variety of sports offers tailored to your interests.

Remote Work : Yes

Employment Type : Full‑time