DevSecOps Engineer (m/f/d) (Remote - Germany)
Salary 50.000 - 90.000 EUR per year
Requirements:
- - Fluent English (written and spoken).
- Experience with security standards and conventions like CVE/CWE.
- Experience in designing and maintaining CI/CD pipelines with security integrated at every stage.
- Proficiency in programming/scripting languages such as JavaScript, Ruby, Go, or BashProficiency with Git version-control.
- Good understanding of networking protocols and their security features like HTTPS/TLS.
- Knowledge of security threats and attack vectors, e.g. OWASP top 10 or CWE Top 25.
- Knowledge of Docker or other containerization technologies.
- Knowledge of CI/CD tools like GitHub Actions, Concourse CI, or similar.
- Knowledge of Cryptographic algorithms and toolsets, e.g. asymmetric encryption and openssl.
- Some exposure to Static or Dynamic Application Security Testing (SAST/DAST).
Responsibilities:
- CORE TASKS
- Take responsibility for all aspects of automated CVE detection in our client and server components, including setup, configuration maintenance and supervision of CVE monitoring solutions.
- Take responsibility for all aspects of CVE resolution, including evaluating and integrating security patches as well as testing and releasing patch-level versions of our components.
- Define, collect and monitor security-relevant metrics and KPIs, such as time to detect or time to resolve related to vulnerability management.
- Improve, streamline and automate patch management as much as possible, e.g. by automating dependency updates via CI/CD pipelines.
- Design a holistic and uniform approach to TLS configuration (Ciphers and Protocols) and certificate management in a large-scale and heterogeneous client-server system and support our development team in the implementation of TLS for all communication channels.
- Support and train our development team in applying secure coding principles in software development, conduct workshops and participate in code review.
- Provide third-level customer support with a focus on troubleshooting security issues.Integrate SAST analysis in our CI/CD pipelines, evaluate, prioritize and fix CWEs in the code base of our components.
ABOUT THIS JOB
Cloud Computing has changed the way applications are being developed and how services are being operated. The a9s Data Services team has always been part of this change by leveraging popular open source data management solutions and making them consumable on modern Application Developer Cloud Platforms (commonly known as Platform-as-a-Service).Our highly automated, fully managed on-demand service offerings are used by enterprise customers that have strong requirements regarding scalability, availability and security.
Our international and cross-functional team is composed of individuals from various fields and levels of experience. Our knowledge and expertise covers a wide spectrum including an excellent understanding of cloud infrastructures, different data services such as PostgreSQL, MariaDB, OpenSearch (to name but a few), and modern CI/CD technologies.
In order to be able to deliver such high-quality products to enterprise customers, the team lives up to high standards and fully embraces lean and agile values with a strong emphasis on continuous learning and improvement. Thereby, our colleagues are always keen to share their insights and lessons learned from researching new trends, experimenting with the latest technologies, and engaging with the community at international conferences.
In this team, you will be working with sophisticated cloud automation technologies such as Bosh and Cloud Foundry and applying modern, transparent and professional software development processes like pairing sessions, code reviews, test-driven development, continuous integration and deployment, etc.In particular, you will engage in the strengthening of the security posture across our offerings by following modern cybersecurity standards and relying on modern security toolings.
Technologies:
- AWS
- Bash
- CI/CD
- Cloud
- Cloud Foundry
- Docker
- Git
- GitHub
- Support
- JavaScript
- Kanban
- Linux
- MariaDB
- OWASP
- PostgreSQL
- Ruby
- Security
More:
IMPORTANT INFORMATION ON THE APPLICATION PROCESS
We are currently accepting applications for this position until January 12, 2025.
In order to ensure that every applicant has an equal opportunity, we will review and qualify all applications together after this date. As consequence, the recruiting process will take place throughout January and February 2025.
We appreciate your understanding and patience during this period.
WHAT WE ARE OFFERING
Flexibility
You can choose your individual workplace and organize your flexible work time. Including working remotely from home (within Germany). Our employees are spread all over Germany and our teams work remotely for the most part.
Further Training
Comprehensive and individual training. You can choose further training offers, for example via certifications, conferences, meetups, and much more.
International team and English as company languageTake English or German classes during working time. Visa sponsoring for non-EU citizens.
Exchange cultural habits with your team members since they have various cultural backgrounds.
Community Work, Conferences & Meetups
We value active participation in the professional community, and encourage attending industry conferences, contributing to meetups, and representing the company. We recognize their importance in fostering innovation, continuous learning, and industry connections, so we provide time and resources for these activities.Use the opportunity to produce content such as technical articles, videos or talk proposals featuring your own research, design and development to let the community know about you, your expertise, and the product(s) you’re working on.
Family and Professional Life
Profit from our family friendly and family-like atmosphere. We also give the opportunity to work part-time, let us know if that’s what you wish during the recruiting process. Since dogs are an integral part of our work environment they are also welcome in our offices.In addition, in our office rooms we offer physical training possibilities and relaxing areas to free your mind.