DevSecOps Engineer (m/f/d)

Posted Jul 16

YOUR CORE TASKS
  • Analyze security requirements and design automation-based processes and solutions in the scope of standardized cybersecurity frameworks.
  • Develop, Implement and Maintain security patches and automations.
  • Provide expertise regarding Cryptography, Threat Modelling and Vulnerability Detection & Mitigation.
  • Contribute to the improvement of the security knowledge and awareness throughout the Data Services team.
  • Define and measure security-relevant KPIs.
  • Troubleshoot security issues and vulnerabilities.
  • Provide third-level customer support with a focus on security issues.
WHAT WE EXPECT
  • Experience with security standards and conventions like CVE/CWE.
  • Knowledge of security threats and attack vectors, e.g. OWASP top 10.
  • Basic knowledge of Git.
  • Experience with CI/CD methods.
  • Basic understanding of networking protocols and their security features like HTTPS/TLS.
  • Knowledge of Cryptographic algorithms and toolsets, e.g. asymmetric encryption and openssl.
  • Basic knowledge of programming paradigms, mostly on the procedural part but OOP is highly valued.
  • Fluent English (written and spoken).
WHAT YOU CAN CONTRIBUTE

The following points are not a must-have - but it's nice if you can contribute some of them:

  • Knowledge of observability methods relevant to security, e.g. audit logging.
  • Knowledge of Threat Modeling methods and tools, e.g. the STRIDE method.
  • Hands-on experience with Linux and its security-relevant tools like cgroups, namespaces, openssh, netstat, tcpdump.
  • Hands-on experience with vulnerability detection tools and methods, e.g. SAST/DAST methods or tools like Tenable.
  • Familiarity with cloud environments as well as agile processes such as Scrum/Kanban.
IMPORTANT INFORMATION ON THE APPLICATION PROCESS

We are currently accepting applications for this position until July, 31

In order to ensure that every applicant has an equal opportunity, we will review and qualify all applications together after this date. You can expect to hear back from us by the beginning of August, and the recruiting process will take place throughout August.

We appreciate your understanding and patience during this period.

We are looking forward to receiving your application.

WHAT WE ARE OFFERING

Flexibility 

  • You can choose your individual workplace and organize your flexible work time. Including working remotely from home.

Further Training

  • Comprehensive and individual training. You can choose further training offers, for example via certifications, conferences, meetups, and much more. 

International team and English as company language

  • Take English or German classes during working time. 
  • Visa sponsoring for non-EU citizens.
  • Exchange cultural habits [and delicious food ;-)] with your team members since they have various cultural backgrounds. 

Community Work

  • You are invited to actively participate in workshops, conferences and meetups such as CF Days, KubeCon or CNCF Meetups to present and discuss your innovative design and implementation approaches with the community and represent the company.
  • Use the opportunity to produce content such as technical articles, videos or talk proposals featuring your own research, design and development to let the community know about you, your expertise, and the product(s) you’re working on.

Family and Professional Life

  • Profit from our family friendly and family-like atmosphere. We also give the opportunity to work part-time, let us know if that’s what you wish during the recruiting process. Since dogs are an integral part of our work environment they are also welcome in our offices. In addition, in our office rooms we offer physical training possibilities and relaxing areas to free your mind.
MORE INFORMATION ABOUT THE TEAM AND OUR WORK

Cloud Computing has changed the way applications are being developed and how services are being operated.

The a9s Data Services team has always been part of this change by leveraging popular open source data management solutions and making them consumable on modern Application Developer Cloud Platforms (commonly known as Platform-as-a-Service). Our highly automated, fully managed on-demand service offerings are used by enterprise customers that have strong requirements regarding scalability, availability and security. 

Our international and cross-functional team is composed of individuals from various fields and levels of experience. Our knowledge and expertise covers a wide spectrum including an excellent understanding of cloud infrastructures, different data services such as PostgreSQL, MariaDB, OpenSearch (to name but a few), and modern CI/CD technologies. 

In order to be able to deliver such high-quality products to enterprise customers, the team lives up to high standards and fully embraces lean and agile values with a strong emphasis on continuous learning and improvement. Thereby, our colleagues are always keen to share their insights and lessons learned from researching new trends, experimenting with the latest technologies, and engaging with the community at international conferences like KubeCon or CF Days.

In this team, you will be working with the latest cloud technologies and applying modern, transparent and professional software development processes like pairing sessions, code reviews, test-driven development, continuous integration and deployment, etc. In particular, you will engage in the strengthening of the security posture across our offerings by following modern cybersecurity standards and relying on modern security toolings. 

We are looking forward to hearing from you!

Feel free to apply even if you match only part of the qualifications.