Senior Expert, DevSecOps Engineering

Job not on LinkedIn

October 8

Apply Now

Receive Emails with Similar Jobs

SHOP APOTHEKE EUROPE

WebsiteLinkedInAll Job Openings

Healthcare Insurance • Retail • Pharmaceuticals

SHOP APOTHEKE EUROPE is a pharmacy company focused on providing healthcare and pharmaceutical services within Europe. Operating under the brand name Redcare, it emphasizes a people-first approach to pharmacy, aiming to guide individuals through their health journeys. The company is committed to sustainability, aligning its strategies with the Paris Climate Agreement to contribute positively to environmental health. SHOP APOTHEKE EUROPE also engages in public affairs, investor relations, and offers career opportunities for those interested in joining their mission-driven team.

1001 - 5000 employees

⚕️ Healthcare Insurance

🛒 Retail

💊 Pharmaceuticals

📋 Description

• Build and maintain secure CI/CD pipelines (Azure DevOps or GitHub Actions): secrets hygiene, signed artifacts/SBOMs, SAST/DAST/container scanning, least-privilege service connections, and supply-chain hardening. • Automate security in infrastructure with Terraform: enforce guardrails using policy-as-code (Azure Policy, OPA/Conftest) and continuous IaC scanning (Checkov/tfsec). • Harden Kubernetes : implement RBAC, NetworkPolicies, Pod Security Standards, secret management, image signing/scanning, and admission policies (Gatekeeper/Kyverno). • Protect cloud identities & data : manage Entra ID roles/Managed Identities, Key Vault, Private Link/NSGs, encryption at rest/in transit, and just-in-time/least-privilege access. • Secure ML/MLOps : lock down Databricks (Unity Catalog permissions, secret scopes), MLflow/model registry, feature stores; add model artifact signing, provenance, and runtime isolation for training/serving. • Monitoring, logging & response : wire platform and security telemetry to Microsoft Sentinel/Defender, define alerts/runbooks, and support incident response and tabletop exercises. • CVE & vulnerability management : maintain and publish SBOMs; continuously scan for vulnerabilities; triage CVEs (e.g., CVSS scoring + exploitability context), coordinate mitigations/patches, track exposure windows and SLAs, verify remediation, and report metrics to SecOps/GRC. • Concepts & architecture : draft and maintain reference architectures, trust-boundary diagrams, data-classification schemes, environment isolation patterns, secure secret/key management patterns, and network segmentation for AI services. • Compliance & assurance : contribute to risk assessments and threat modeling (incl. AI-specific risks: prompt injection, data exfiltration, model theft), support DPIAs, vendor/third-party risk reviews, penetration tests, control testing, evidence collection, and audit readiness for ISO 27001 , GDPR , and EU AI Act/NIS2 where applicable. • Governance : maintain security baselines and exceptions, own platform security KPIs, ensure retention policies, access reviews, and end-to-end audit trails (code → data → model → deployment).

🎯 Requirements

• Experience as a DevSecOps / Cloud Security Engineer (or DevOps with strong security focus) in Azure and Kubernetes environments. • Hands-on with Azure DevOps/GitHub Actions ; comfortable automating guardrails and checks in pipelines. • Working knowledge of Azure security (Entra ID, Key Vault, Azure Policy, Defender for Cloud, Sentinel) and Kubernetes security . • Familiar with vulnerability management & CVEs (SBOM creation, dependency/container/IaC scanning, triage/prioritization, remediation workflows, SLA tracking). • Understanding of Data & AI/ML security : Databricks (Unity Catalog, SCIM/AAD), MLflow/model registry, secrets, data governance, and privacy-by-design. • Comfortable interfacing with central Security and compliance teams, contributing to audits and group standards , and translating requirements into practical controls. • A shift-left mindset: you collaborate across teams, codify controls, and enjoy solving real-world security challenges in cloud-based Data & AI platform.

🏖️ Benefits

• Work from Home : If your job does not require you to be present in the office, we can arrange the place you work from individually - even for up to 20 days a year anywhere in the EU. • Redcare events : We promote teambuilding through creative team events, and celebrate our successes together at regularly scheduled parties. • Kindergarten Grant : We offer our employees who pay for childcare in kindergarten 100,00 € (total) per month. • Mental Health : Get quick and professional help from psychologists if you feel overwhelmed in private or professional life. Anonymous and free of charge. • Personal Development : We are all constantly learning. That's why we support and foster your career development through internal & external training and help you grow. • Mobility : Your commute matters to us. We provide our employees with a fully costed Deutschland Ticket which can be used at any time. • Sports & Health : Your well-being is our top priority. Therefore, we offer you a range of opportunities to improve your health. Profit from a membership (M) package at Urban Sports Club, providing a variety of sports offers tailored to your interests.