Ververica GmbH is seeking an experienced and highly skilled Lead Engineer - DevSecOps (m/f/d) to join our dynamic team. As a rapidly growing company at the forefront of the data stream processing industry, we recognise the paramount importance of security and reliability in everything we do. In this pivotal role, you will be responsible for shaping the security and compliance landscape of our organization as well as for spearheading and improving our DevSecOps practices, ensuring the security and compliance of our products and services throughout the entire development lifecycle. Your expertise will be crucial in maintaining a robust security posture and adhering to industry standards.
- Enhance Secure SDLC Practices: Lead efforts to improve and embed security into the Software Development Lifecycle (SDLC), ensuring that security is considered from the outset of all development projects.
- CI/CD Pipeline Controls: Implement additional security controls into our Continuous Integration/Continuous Deployment (CI/CD) pipelines to automate security testing and vulnerability scanning.
- Security Scanners Integration: Integrate various security scanning tools such as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) into the development process.
- Production Environment Configuration: Define and harden the configuration of our production environment to mitigate security risks and ensure compliance with industry standards.
- Automation of Security Checks: Automate security and compliance checks to identify and remediate issues in a timely manner.
- Infrastructure Change Review: Review infrastructure changes and assess their impact on security and compliance, ensuring that they do not introduce new risks.
- Budget Management: Conduct Proof of Concepts (PoCs) for security solutions and be responsible for defending the budget required for security enhancements.
- Solution Architecture Security: Review solution architecture designs and propose embedded security controls to protect against emerging threats.
- Zero Trust Principles: Act as a subject matter expert in the adoption of zero trust principles, guiding the organization in implementing a zero trust security model.
Required Skills and Experience:
- Bachelor or Master Degree in Computer Science, Telecommunications or Information Security
- Certifications such as CSSLP, CISSP, AWS Certified Security, Cloud Security Engineer, etc. are preferred
- Proven experience in DevSecOps practices, with a focus on integrating security into the software development lifecycle.
- Expertise in implementing security controls in CI/CD pipelines.
- Experience with systems reliability, load balancing, monitoring, logging
- Strong knowledge of cloud platforms, including AWS and GCP.
- Proficiency in infrastructure as code (IAC) using tools like Terraform.
- Experience with source code management platforms like GitHub.
- Automation skills using Ansible or similar technologies.
- Knowledge of container orchestration platforms, especially Kubernetes (K8s).
- Understanding of issue tracking and project management tools such as Jira.
- Familiarity with compliance standards such as ISO 27001, SOC 2, and GDPR
- Effective communication skills, including working collaboratively with cross-functional teams.
- A passion for continuous learning and keeping up with the latest security trends and technologies