CICD Engineering – Security & Compliance (PID0621)

This is a remote position.

CI/CD Engineering Security & Compliance (PID0621) D4P Contract / Freelance

• Contract / Freelance
  
• Full-time
  
• Remote with travel readiness required (Germany)
  
• Start: 15.06.2026
  

About the role

We are seeking a Senior CI/CD Security & Compliance Engineer to join the DevOps 4 Platform (D4P) team within a large internal platform programme in the energy sector. You will design implement and maintain secure DevOps solutions across a cloud-native hybrid platform environment embedding security controls into CI/CD pipelines and enabling developers to access security tooling in a self-service fashion.

What youll be doing

• Designing and implementing DevSecOps architectures ensuring integrity confidentiality and availability across systems pipelines and repositories
  
• Developing and configuring CI/CD pipelines with built-in security scanning compliance checks and automated validation
  
• Implementing secure configuration access controls and encryption for systems repositories and deployment pipelines
  
• Conducting risk assessments and threat modelling to proactively identify and mitigate weaknesses in DevOps workflows
  
• Automating infrastructure provisioning using Terraform Ansible or OpenTofu following security and reliability best practices
  
• Designing and implementing self-service interfaces enabling developers to access security tools directly
  
• Integrating security tools into CI/CD pipelines as part of standard development workflows
  
• Automating SBOM and KBOM generation using tools such as Trivy Syft and Dependency-Track integrating outputs into CI/CD pipelines
  
• Continuously monitoring systems and containers for vulnerabilities prioritising findings and coordinating remediation
  
• Conducting security hardening activities including least privilege enforcement secure configuration baselines and penetration testing
  
• Performing regular audits of configurations user access and system logs
  
• Creating and maintaining comprehensive documentation on architecture configurations processes and incident response plans
  

Requirements

What youll need

• Proven experience implementing DevSecOps practices end-to-end embedding security controls into CI/CD pipelines and platform layers
  
• Extensive hands-on experience designing operating and troubleshooting large-scale Kubernetes platforms including scheduling networking (CNI) storage RBAC admission controllers and API extensions
  
• Strong hands-on experience with GitOps workflows using Argo CD and FluxCD in production environments
  
• Strong hands-on experience with Infrastructure-as-Code using Terraform or OpenTofu
  
• Strong operational experience with Harbor as a central artifact registry
  
• Solid understanding of software supply chain security including artifact signing provenance attestations and dependency tracking
  
• Experience with SBOM standards such as CycloneDX and hands-on experience with Trivy Dependency-Track and DefectDojo
  
• Strong expertise building and operating observability stacks centred around Prometheus with advanced Grafana experience
  
• Strong hands-on experience with GCP particularly GKE IAM workload identity and networking
  
• Extensive experience operating and scaling GitLab in large environments including highly available architectures CI workload management and access control governance
  
• Deep understanding of encryption mechanisms PKI and network security principles
  
• Fluent English (B2 minimum)
  

Desirable

• German language for understanding ISO certificate documents
  
• Experience operating platforms in regulated environments
  
• Familiarity with policy-as-code frameworks such as Kyverno
  
• Experience with secrets management solutions such as HashiCorp Vault
  
• Familiarity with progressive delivery approaches such as Argo Rollouts
  
• Exposure to multi-cloud or hybrid cloud architectures beyond GCP
  
• Familiarity with SCA tools and SAST practices
  

Benefits