Senior Security Engineer (f/m/d)

We’re looking for a Senior Security Engineer to join our team and play a key role in building secure, scalable systems alongside our DevOps and SRE teams. This role is for someone who’s passionate about embedding security into infrastructure and development workflows, proactively designing safer systems rather than just reacting to issues. You will be the go-to expert for cloud security, secure automation, and incident response across our platform.

• Design, implement, and maintain secure architecture across our cloud infrastructure (IAM, networking, secrets management, and service-to-service security).
• Integrate security into our CI/CD pipelines with automated scanning, secrets detection, and policy enforcement.
• Review Infrastructure as Code (Terraform, etc.) for security risks and implement guardrails using tools like OPA, tfsec, or Checkov.
• Participate in threat modelling sessions and risk assessments for infrastructure and engineering initiatives.
• Monitor for security anomalies and lead incident response efforts in partnership with the SRE team.
• Build internal tooling and automation to scale security best practices across teams.
• Educate engineers and operations teams through documentation, playbooks, and lightweight training sessions.
• Collaborate cross-functionally to define and execute a long-term cloud and infrastructure security strategy.
• Raise security awareness across the organization, educating product and engineering teams on secure coding practices, common vulnerabilities (e.g., OWASP Top 10), and security best practices.

• Proven experience securing cloud-native environments at scale, including Tier 2 providers.
• Strong understanding of DevOps/SRE practices, with hands-on experience integrating security into CI/CD pipelines.
• Proficiency in Infrastructure as Code (IaC) and security tooling (Terraform, OPA, Checkov, tfsec, etc.).
• Knowledge of identity and access management (IAM), cloud networking, secrets management, and system hardening.
• Solid grasp of incident response workflows, with experience leading investigations and containment.
• Comfortable writing scripts or tools in Python, Bash, or Go to automate security processes.
• Excellent communication and collaboration skills—able to act as a bridge between security and engineering.
• Bonus: Experience with compliance frameworks (ISO 27001, IC4), Kubernetes security, or supply chain hardening.
• Excellent problem-solving and analytical skills, with the ability to think critically and quickly under pressure.
• Strong communication skills, including the ability to articulate complex technical concepts to non-technical stakeholders.
• Highly collaborative, with the ability to work cross-functionally with engineering, product, and other teams.
• Proactive, self-motivated, and a strong sense of ownership over security initiatives and outcomes.
• A growth mindset, with a passion for security and continuous learning.

• Be part of an AI revolution!
• 30 days of paid vacation
• Access to various wellness offerings via Wellhub
• Mental health support through nilo.health
• Substantially subsidized pension plan
• Germany-wide transportation ticket subsidy
• Budget for additional technical equipment
• Flexible working hours and hybrid working model
• Virtual Stock Option Plan