Senior Infrastructure Security Engineer (m/f/d)

We are seeking a Senior Infrastructure Security Engineer with extensive experience in securing cloud environments, particularly AWS. This pivotal role will focus on managing and optimizing the security of our cloud infrastructure to safeguard against evolving threats and ensure compliance with industry best practices and regulatory requirements.

As a Senior Infrastructure Security Engineer, you will oversee multi-account AWS architectures, automate security processes, and secure cloud infrastructure, workloads, and network resources. You will drive security improvements, implement proactive risk mitigation strategies, and ensure continuous compliance through automation and monitoring. The ideal candidate will have a solid foundation in security architecture, Site Reliability Engineering (SRE), and DevOps principles, with a proven track record of delivering secure, scalable solutions in cloud environments.

• Manage and secure a multi-account AWS architecture, applying security controls and best practices across multiple AWS accounts and environments.
• Manage cloud identities to ensure secure, compliant, and least-privileged access for users and service accounts, minimizing security risks.
• Secure applications and network infrastructure to prevent malicious traffic, mitigate potential attacks, and protect the network perimeter.
• Implement security guardrails and policies, and automate tasks such as monitoring, compliance checks, patch management, and remediation processes to enhance operational efficiency and eliminate misconfigurations.
• Work with CWP, CSPM and CIEM tools to implement and manage centralized security operations, streamline compliance processes, and enhance visibility across the infrastructure.
• Monitor Cloud infrastructure to identify vulnerabilities and misconfigurations, ensuring proactive security controls, early detection of risks, and timely patch installation and configurations to remediate vulnerabilities.
• Harden host and container operating systems by adhering to security benchmarks and industry best practices to ensure robust security.
• Secure Kubernetes clusters, containerized environments, and workloads following best practices for container security and runtime protection.
• Integrate SIEM systems to onboard logs for centralized logging, real-time threat detection, and improved incident response.
• Conduct periodic reviews and monitor networks, analyze logs, and assess systems to prevent unauthorized use, protect critical information, and ensure service availability.
• Assist with compliance audits by preparing documentation and providing the necessary evidence.
• Review engineering proposals, offer feedback, and suggest improvements to enhance security and operational efficiency.
• Go beyond compliance to implement the latest security tools and techniques that improve the security posture of the organization.
• Identify opportunities to reduce infrastructure costs, propose innovative solutions, and suggest areas for improvement. Contribute to defining the roadmap, setting priorities, and aligning with OKRs.

• 5+ years of experience securing cloud infrastructures (preferably AWS), managing multi-account architectures, and designing and implementing security systems to mitigate risks and ensure compliance.
• Relevant certifications, such as AWS Certified Security – Specialty, are a plus.
• Hands-on experience with AWS security services such as CloudTrail, GuardDuty, IAM, Config, WAF, Shield, Inspector and KMS.
• Strong foundation in security architecture, Linux systems, identity and access management (IAM), and network security.
• Strong expertise in Kubernetes and container security, including runtime protection and OS hardening.
• Experience in vulnerability management, incident response, and compliance enforcement through automation.
• Experience in administering SIEM (Security Information and Event Management) systems, such as Splunk.
• Proficiency in Infrastructure as Code (IaC) and configuration management tools such as Terraform, Ansible, and Packer, along with programming languages (e.g., Python) to automate security tasks.
• Passionate about security, enjoys challenges, and keeps up-to-date with emerging threats and security technologies.
• Understanding of EU regulations and compliance standards, such as GDPR, ISO/IEC 27001, DORA, and other relevant frameworks for data protection, security, and operational resilience, is a plus.
• Knowledge of DevOps/SRE principles and integrating security into CI/CD workflows.

• Employee Development Budget of €2,000 and four full training days per year.
• Access to Babbel for continuous language learning.
• Snacks, daily fresh fruit as well as drinks provided at the office.
• Flexible working hours, home office and 30 vacation days.
• Urban Sports Club membership subsidized by more than €20 per month.
• JobRad bicycle lease with Raisin covering monthly insurance costs.
• Company pension scheme (Betriebliche Altersvorsorge) with 20% employer contribution.
• Germany-wide ticket subsidy (Deutschland Ticket) up to €25 per month.
• Relocation assistance if moving to join us.