Senior Expert, DevSecOps Engineering (mfd)

About your tasks:

• Build and maintain secure CI/CD pipelines (Azure DevOps or GitHub Actions): secrets hygiene signed artifacts/SBOMs SAST/DAST/container scanning least-privilege service connections and supply-chain hardening.
• Automate security in infrastructure with Terraform: enforce guardrails using policy-as-code (Azure Policy OPA/Conftest) and continuous IaC scanning (Checkov/tfsec).
• Harden Kubernetes: implement RBAC NetworkPolicies Pod Security Standards secret management image signing/scanning and admission policies (Gatekeeper/Kyverno).
• Protect cloud identities & data: manage Entra ID roles/Managed Identities Key Vault Private Link/NSGs encryption at rest/in transit and just-in-time/least-privilege access.
• Secure ML/MLOps: lock down Databricks (Unity Catalog permissions secret scopes) MLflow/model registry feature stores; add model artifact signing provenance and runtime isolation for training/serving.
• Monitoring logging & response: wire platform and security telemetry to Microsoft Sentinel/Defender define alerts/runbooks and support incident response and tabletop exercises.
• CVE & vulnerability management: maintain and publish SBOMs; continuously scan for vulnerabilities; triage CVEs (e.g. CVSS scoring exploitability context) coordinate mitigations/patches track exposure windows and SLAs verify remediation and report metrics to SecOps/GRC.
• Concepts & architecture: draft and maintain reference architectures trust-boundary diagrams data-classification schemes environment isolation patterns secure secret/key management patterns and network segmentation for AI services.
• Compliance & assurance: contribute to risk assessments and threat modeling (incl. AI-specific risks: prompt injection data exfiltration model theft) support DPIAs vendor/third-party risk reviews penetration tests control testing evidence collection and audit readiness for ISO 27001 GDPR and EU AI Act/NIS2 where applicable.
• Governance: maintain security baselines and exceptions own platform security KPIs ensure retention policies access reviews and end-to-end audit trails (code data model deployment).

Qualifications :

About you:

• Experience as a DevSecOps / Cloud Security Engineer (or DevOps with strong security focus) in Azure and Kubernetes environments.
• Hands-on with Azure DevOps/GitHub Actions; comfortable automating guardrails and checks in pipelines.
• Working knowledge of Azure security (Entra ID Key Vault Azure Policy Defender for Cloud Sentinel) and Kubernetes security.
• Familiar with vulnerability management & CVEs (SBOM creation dependency/container/IaC scanning triage/prioritization remediation workflows SLA tracking).
• Understanding of Data & AI/ML security: Databricks (Unity Catalog SCIM/AAD) MLflow/model registry secrets data governance and privacy-by-design.
• Comfortable interfacing with central Security and compliance teams contributing to audits and group standards and translating requirements into practical controls.
• A shift-left mindset: you collaborate across teams codify controls and enjoy solving real-world security challenges in cloud-based Data & AI platform.

Additional Information :

About your benefits:

In order to provide our employees with the best possible support for their individual needs we offer a wide range of benefits:

• Work from Home: If your job does not require you to be present in the office we can arrange the place you work from individually - even for up to 20 days a year anywhere in the EU.
• Redcare events: We promote teambuilding through creative team events and celebrate our successes together at regularly scheduled parties.
• Kindergarten Grant: We offer our employees who pay for childcare in kindergarten 10000 (total) per month.
• Mental Health: Get quick and professional help from psychologists if you feel overwhelmed in private or professional life. Anonymous and free of charge.
• Personal Development: We are all constantly learning. Thats why we support and foster your career development through internal & external training and help you grow.
• Mobility: Your commute matters to us. We provide our employees with a fully costed Deutschland Ticket which can be used at any time.
• Sports & Health: Your well-being is our top priority. Therefore we offer you a range of opportunities to improve your health. Profit from a membership (M) package at Urban Sports Club providing a variety of sports offers tailored to your interests.

Remote Work :

Yes

Employment Type :

Full-time