Senior Expert, DevSecOps Engineering (m/f/d)

Job Description

About your tasks:

• Build and maintain secure CI/CD pipelines (Azure DevOps or GitHub Actions): secrets hygiene, signed artifacts/SBOMs, SAST/DAST/container scanning, least-privilege service connections, and supply-chain hardening.
• Automate security in infrastructure with Terraform: enforce guardrails using policy-as-code (Azure Policy, OPA/Conftest) and continuous IaC scanning (Checkov/tfsec).
• Harden Kubernetes: implement RBAC, NetworkPolicies, Pod Security Standards, secret management, image signing/scanning, and admission policies (Gatekeeper/Kyverno).
• Protect cloud identities & data: manage Entra ID roles/Managed Identities, Key Vault, Private Link/NSGs, encryption at rest/in transit, and just-in-time/least-privilege access.
• Secure ML/MLOps: lock down Databricks (Unity Catalog permissions, secret scopes), MLflow/model registry, feature stores; add model artifact signing, provenance, and runtime isolation for training/serving.
• Monitoring, logging & response: wire platform and security telemetry to Microsoft Sentinel/Defender, define alerts/runbooks, and support incident response and tabletop exercises.
• CVE & vulnerability management: maintain and publish SBOMs; continuously scan for vulnerabilities; triage CVEs (e.g., CVSS scoring + exploitability context), coordinate mitigations/patches, track exposure windows and SLAs, verify remediation, and report metrics to SecOps/GRC.
• Concepts & architecture: draft and maintain reference architectures, trust-boundary diagrams, data-classification schemes, environment isolation patterns, secure secret/key management patterns, and network segmentation for AI services.
• Compliance & assurance: contribute to risk assessments and threat modeling (incl. AI-specific risks: prompt injection, data exfiltration, model theft), support DPIAs, vendor/third-party risk reviews, penetration tests, control testing, evidence collection, and audit readiness for ISO 27001, GDPR, and EU AI Act/NIS2 where applicable.
• Governance: maintain security baselines and exceptions, own platform security KPIs, ensure retention policies, access reviews, and end-to-end audit trails (code → data → model → deployment).

Qualifications

About you:

• Experience as a DevSecOps / Cloud Security Engineer (or DevOps with strong security focus) in Azure and Kubernetes environments.
• Hands-on with Azure DevOps/GitHub Actions; comfortable automating guardrails and checks in pipelines.
• Working knowledge of Azure security (Entra ID, Key Vault, Azure Policy, Defender for Cloud, Sentinel) and Kubernetes security.
• Familiar with vulnerability management & CVEs (SBOM creation, dependency/container/IaC scanning, triage/prioritization, remediation workflows, SLA tracking).
• Understanding of Data & AI/ML security: Databricks (Unity Catalog, SCIM/AAD), MLflow/model registry, secrets, data governance, and privacy-by-design.
• Comfortable interfacing with central Security and compliance teams, contributing to audits and group standards, and translating requirements into practical controls.
• A shift-left mindset: you collaborate across teams, codify controls, and enjoy solving real-world security challenges in cloud-based Data & AI platform.

Additional Information

About your benefits:

In order to provide our employees with the best possible support for their individual needs, we offer a wide range of benefits:

• Work from Home: If your job does not require you to be present in the office, we can arrange the place you work from individually - even for up to 20 days a year anywhere in the EU.
• Redcare events: We promote teambuilding through creative team events, and celebrate our successes together at regularly scheduled parties.
• Kindergarten Grant: We offer our employees who pay for childcare in kindergarten 100,00 € (total) per month.
• Mental Health: Get quick and professional help from psychologists if you feel overwhelmed in private or professional life. Anonymous and free of charge.
• Personal Development: We are all constantly learning. That's why we support and foster your career development through internal & external training and help you grow.
• Mobility: Your commute matters to us. We provide our employees with a fully costed Deutschland Ticket which can be used at any time.
• Sports & Health: Your well-being is our top priority. Therefore, we offer you a range of opportunities to improve your health. Profit from a membership (M) package at Urban Sports Club, providing a variety of sports offers tailored to your interests.