Senior Infrastructure Security Engineer (m/f/d)

Team

We are seeking a Senior Infrastructure Security Engineer with extensive experience in securing cloud environments, particularly AWS. This pivotal role will focus on managing and optimizing the security of our cloud infrastructure to safeguard against evolving threats and ensure compliance with industry best practices and regulatory requirements.

As a Senior Infrastructure Security Engineer, you will oversee multi-account AWS architectures, automate security processes, and secure cloud infrastructure, workloads, and network resources. You will drive security improvements, implement proactive risk mitigation strategies, and ensure continuous compliance through automation and monitoring.

The ideal candidate will have a solid foundation in security architecture, Site Reliability Engineering (SRE), and DevOps principles, with a proven track record of delivering secure, scalable solutions in cloud environments.

Your Responsibilities

• Manage and secure a multi-account AWS architecture, applying security controls and best practices across multiple AWS accounts and environments.
• Manage cloud identities to ensure secure, compliant, and least-privileged access for users and service accounts, minimizing security risks.
• Secure applications and network infrastructure to prevent malicious traffic, mitigate potential attacks, and protect the network perimeter.
• Implement security guardrails and policies, and automate tasks such as monitoring, compliance checks, patch management, and remediation processes to enhance operational efficiency and eliminate misconfigurations.
• Work with CWP, CSPM and CIEM tools to implement and manage centralized security operations, streamline compliance processes, and enhance visibility across the infrastructure.
• Monitor Cloud infrastructure to identify vulnerabilities and misconfigurations, ensuring proactive security controls, early detection of risks, and timely patch installation and configurations to remediate vulnerabilities.
• Harden host and container operating systems by adhering to security benchmarks and industry best practices to ensure robust security.
• Secure Kubernetes clusters, containerized environments, and workloads following best practices for container security and runtime protection.
• Integrate SIEM systems to onboard logs for centralized logging, real-time threat detection, and improved incident response.
• Conduct periodic reviews and monitor networks, analyze logs, and assess systems to prevent unauthorized use, protect critical information, and ensure service availability.
• Assist with compliance audits by preparing documentation and providing the necessary evidence.
• Review engineering proposals, offer feedback, and suggest improvements to enhance security and operational efficiency.
• Go beyond compliance to implement the latest security tools and techniques that improve the security posture of the organization.
• Identify opportunities to reduce infrastructure costs, propose innovative solutions, and suggest areas for improvement. Contribute to defining the roadmap, setting priorities, and aligning with OKRs.

Your Profile

• 5+ years of experience securing cloud infrastructures (preferably AWS), managing multi-account architectures, and designing and implementing security systems to mitigate risks and ensure compliance.
• Relevant certifications, such as AWS Certified Security - Specialty, are a plus.
• Hands-on experience with AWS security services such as CloudTrail, GuardDuty, IAM, Config, WAF, Shield, Inspector and KMS.
• Strong foundation in security architecture, Linux systems, identity and access management (IAM), and network security.
• Strong expertise in Kubernetes and container security, including runtime protection and OS hardening.
• Experience in vulnerability management, incident response, and compliance enforcement through automation.
• Experience in administering SIEM (Security Information and Event Management) systems, such as Splunk.
• Proficiency in Infrastructure as Code (IaC) and configuration management tools such as Terraform, Ansible, and Packer, along with programming languages (e.g., Python) to automate security tasks.
• Passionate about security, enjoys challenges, and keeps up-to-date with emerging threats and security technologies.
• Understanding of EU regulations and compliance standards, such as GDPR, ISO/IEC 27001, DORA, and other relevant frameworks for data protection, security, and operational resilience, is a plus.
• Knowledge of DevOps/SRE principles and integrating security into CI/CD workflows.

Join our mission, join our team - and grow with us!

At Raisin, we care about each other and it is one of our top priorities to foster an open and caring environment in which everyone feels welcome and comfortable. Our culture is strongly driven by our ambitious team, which, connects more than 75 different nationalities.

You'll find us in our modern and open office in the trendy Kreuzberg district with a view of the Spree River, ideally connected to public transportation and surrounded by a variety of restaurants and shopping opportunities.

As part of our team, you will benefit from:

• Employee Development Budget of €2,000 and four full training days per year.
• Access to Babbel for continuous language learning.
• Hungry all the time? Snacks, daily fresh fruit as well as drinks provided at the office.
• Flexible working hours, home office and 30 vacation days.
• Enjoy more than 50+ different sports with Urban Sports Club: We subsidize your membership with more than €20 per month.
• Love cycling? With JobRad, lease the bike of your choice and enjoy tax savings, plus Raisin covers your monthly insurance costs.
• A company pension scheme (Betriebliche Altersvorsorge), which we support with 20%.
• Do you miss being in the office? The Deutschland Ticket gets you there, which we subsidize with €25 per month.
• You are moving from another country or city to join us? We will support your relocation.