48265
Make an amazing climb in your career in an international team of experts. Our company provides technological services for the whole Schwarz group of more than 30 countries in Europe and the US. Our vision is to be the leading ecosystem for a better life. We built the European sovereign cloud STACKIT. With XM Cyber we set new standards in differing cyber crimes. We run AI better than anyone. With us you will find a variety of opportunities to grow and do your best at your calling – IT. We exist to improve life with our products and services - for today's generation and future generations. We act future proof!

The impact you will create:

  • Securing our software supply chain and automating release management. This role involves implementing robust security standards across our pipelines, managing complex dependency ecosystems, and driving operational excellence through automated release processes and observability.
  • Software Supply Chain Security (SSCS): Implement full pipeline traceability and transparency, including the generation and enforcement of SBOM and SLSA attestations for all builds.
  • Dependency Hardening: Manage global dependency security by enforcing strict pinning and locking, and utilizing internal proxies/mirrors to verify and secure all components.
  • Vulnerability Management: Establish automated CVE scanning and reporting within the CI/CD pipelines, and implement runtime security scans on clusters.
  • Release Automation: Automate the release rollout process to reduce manual intervention and enhance overall development velocity.
  • Visibility & Traceability: Build comprehensive monitoring and logging systems for releases, ensuring auditability, clear documentation, and visibility of deployed artifact versions.

Experience and skills you will need:

  • Proven experience in DevSecOps, with a strong focus on software supply chain security.
  • In-depth knowledge of CI/CD pipeline security, including SBOM/SLSA standards and artifact signing.
  • Experience in dependency management, vulnerability scanning (CVE), and securing containerized environments (e.g., Kubernetes).
  • Strong background in automation, infrastructure-as-code, and release management.
  • Analytical mindset with a focus on observability, monitoring, and operational transparency.

DEVSECOPS ENGINEER IN IAAS DOMAIN (m/f/d)

Apply Now »