Join Schwarz Global Services Barcelona - IT Hub of Europe's Largest Retail Group.
At Schwarz Global Services Barcelona, we provide high value IT services for the entire Schwarz Group, which includes Lidl, Kaufland, Schwarz Produktion, PreZero, Schwarz Digits, STACKIT, and XMCyber.
As part of a top 5 global retail company, we serve 6 billion customers through 13,700 stores in 32 countries, supported by over 575,000 employees.
We are looking for open-minded colleagues with passion for technology, who are willing to find diverse and exciting career opportunities in a dynamic work environment that stands for development and progress.
Elevate your career with us, where development and progress are at the heart of everything we do.
Platform DevSecOps Engineer (m/f/d)
Your Tasks
-
As part of our Information Security Team, you will take on a critical role as a DevSecOps. You will be responsible for securing key digital products and collaborating closely with cross-functional engineering teams to achieve both security and development goals. In this role, you will design security controls, ensure the highest standards of security are implemented, and actively contribute to the security posture of our cloud-native and Kubernetes-based environments.
-
You will be analyzing applications and services, discovering, and addressing security vulnerabilities, building security automation workflows, and mitigating emerging threats throughout the full Secure Software Development Life Cycle (S-SDLC).
-
Hands-On Security Automation: Take a proactive, hands-on role in integrating automated security processes. This includes Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Infrastructure as Code (IaC) security checks, leveraging scripting (e.g., Python) to enhance automation workflows, ensuring continuous vulnerability monitoring and rapid response to any detected threats.
-
Cloud-Native Security & Infrastructure as Code Support: Actively support product teams with the secure implementation of cloud-native solutions. Ensure that security policies are correctly added and maintained, safeguarding cloud environments, containers, and microservices.
-
Kubernetes Networking and Security: Provide strong, hands-on knowledge in Kubernetes, particularly in security and networking (e.g., service mesh, ingress controllers, network policies), and security management (RBAC, pod security policies, secrets management). Lead initiatives to secure Kubernetes environments while optimizing performance and maintaining deep security controls.
-
Networking and Certificate Management: Oversee hands-on network security, including DNS management and Web Application Firewall (WAF) integration. Implement effective certificate management practices for SSL/TLS certificates to ensure secure communications across platforms.
-
Security Concepts, Audits, and Risk Management: Collaborate closely with the Governance Risk and Compliance team (GRC) and the Domain Technical Lead to manage penetration tests, audit processes, and align on security concepts.
-
Strategic Alignment and Security Culture Building: Collaborate with other Product Security Engineers and other Security teams to ensure strategic alignment on security standards across the organization. Educate product development teams on security best practices, fostering a strong security culture and common understanding of security principles.
Your Profile
-
5+ years of work experience with minimum of 3 in K8S and Cloud, and any combination of network security, application security, security analyst, software development, coding, and ethical hacking.
-
Strong communication and collaboration skills, with the ability to discuss and challenge technical decisions with highly skilled cross-functional teams. You must have enough seniority to lead technical discussions confidently while collaborating effectively
-
Strong, hands-on experience with Kubernetes, particularly in networking and security (service mesh, ingress controllers, RBAC, pod security policies, secrets management).
-
Proven hands-on experience with security automation, integrating SAST, DAST, IaC security tools, and proficiency with at least one scripting language (e.g., Python).
-
Experience with cloud-native security, ensuring that cloud environments, containers, and microservices are protected according to industry best practices.
-
An understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, BGP).
-
Understanding of the main Information Security frameworks (NIST, OWASP, SANS).
-
Experience managing penetration tests, audit results, and security concepts.
-
Professional working proficiency in English to communicate effectively in a global team setting.
- Nice to have: Experience with Terraform for managing infrastructure as code and security policies.
- Nice to have: Experience with Azure Cloud for cloud-native deployments.
- Nice to have: Experience with Azure DevOps for CI/CD pipelines.
- Nice to have: Familiarity with Checkmarx for Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Infrastructure as Code (IaC) security checks.
- Nice to have: Familiarity with Akamai for network and web security solutions.
- Nice to have: Familiarity with security architecture, reverse engineering, or vulnerability research.
- Nice to have: Experience with one or more programming languages (i.e., Microsoft .NET, Swift, Kotlin, python, React Native, javascript) for the purpose of code review.
- Nice to have: German written and verbal communication skills.
We look forward to receiving your application.
Schwarz Dienstleistung KG · Laura Hernandez Costa · Reference no. 43704
Stiftsbergstraße 1 · 74172 Neckarsulm, Germany
www.careers.schwarz
Platform DevSecOps Engineer (m/f/d)