For our costumer, we are looking for a DevSecOps Engineer (m/f/d) - Harbor, SBOM, GCP.

Capacity: Full-time

Start: May 2026

End: December 2026 + Option

Location: remote/Berlin/Frankfurt am Main

Tasks include:

- Design, implement, and maintain DevOps solutions while ensuring integrity, confidentiality, and availability of sys-tems and tools to the program and data

- Expose security tools to developers in a self-service fashion

- Documentation of frequently performed tasks for both internal and external customers

- Increate automation efforts in automatically creating expansive SBOMs, KBOMs

- Vulnerability Management & Security Hardening

Profile Requirements

The contractor must be at mid-level in CI/CD Engineering with focus on security and compliance with proven skills and experience in:

Must-have experience

- Design and implement DevOps solutions ensuring integrity, confidentiality, and availability of systems and data

- Proven experience implementing DevSecOps practices end-to-end, embedding security controls into CI/CD pipelines and platform layers

- Strong experience collaborating with Engineering, DevOps, and IT teams to integrate security into the software development lifecycle

- Develop and document security processes, including vulnerability management and incident response

- Extensive hands-on experience designing, operating, and troubleshooting large-scale Kubernetes platforms

- Deep understanding of Kubernetes internals, including scheduling, networking (CNI), storage, RBAC, admission controllers, and API extensions

- Experience implementing container and runtime security in Kubernetes environments

- Strong knowledge of network security in containerized environments (segmentation, policies, secure communication)

- Strong hands-on experience with GitOps workflows using Argo CD and FluxCD in production environments

- Strong hands-on experience with Infrastructure-as-Code using Terraform or OpenTofu

- Experience integrating security controls into CI/CD pipelines, including automated validation and compliance checks

- Strong operational experience with Harbor as a central artifact registry

- Solid understanding of software supply chain security, including artifact signing, provenance, attestations, and dependency tracking

- Experience working with SBOM standards (e.g., CycloneDX) and integrating SBOMs into security workflows

- Hands-on experience with security tooling such as Trivy, Dependency-Track, and DefectDojo

- Strong expertise in building and operating observability stacks centered around Prometheus

- Advanced experience with Grafana, including custom dashboards, plugins, and security-focused monitoring

- Experience integrating metrics, logs, and traces into a cohesive observability platform (e.g., Prometheus, Loki, Open-Telemetry)

- Strong hands-on experience with Google Cloud Platform, particularly:

o GKE (cluster operations, security, networking)

o IAM and workload identity

o Networking (VPCs, private connectivity, service controls)

- Ability to evaluate, select, and implement security tools across cloud and on-premise environments

- Strong understanding of network security principles, including firewalls, VPNs, and network segmentation

- Deep understanding of encryption mechanisms, particularly asymmetric cryptography and certificate hierarchies (PKI)

- Ability to secure communication paths and data flows across distributed systems

- Experience supporting audits and security policy reviews

- Awareness of the responsibilities associated with operating in critical infrastructure environments

- Extensive experience operating and scaling GitLab in large environments

- Design and operation of highly available GitLab architectures (e.g. backup/restore strategies)

- Experience managing large-scale CI workloads

- Strong understanding of access control, and project/group governance in GitLab

- Proven ability to ensure performance, reliability, and compliance of GitLab as a shared platform service

- Experience working with supporting tools and platforms such as:

o PostgreSQL

o TestRail

o Jira

Must-have language skills:

- Fluent English (spoken and written, at least B2 level)

Preferred experience

o Experience in German language to understand ISO certificate documents

o Experience operating platforms in regulated environments

o Familiarity with policy-as-code frameworks (e.g., Kyverno)

o Experience with secrets management solutions (e.g., HashiCorp Vault)

o Familiarity with progressive delivery approaches (e.g., Argo Rollouts)

o Exposure to multi-cloud or hybrid cloud architectures beyond GCP

o Familiarity with cost-aware and scalable cloud design, balancing security with operational efficiency

o Familiarity with Software Composition Analysis (SCA) tools and practices

o Proficiency in Static Application Security Testing (SAST)