Set up as a new job alert
By clicking "Yes, send me jobs" below you are consenting to receive jobs to your inbox, based on the search criteria you have selected, as per our privacy policy.
- Contract
- English
- Director
- Digital & Technology
- Zurich
- Financial Services
Skills
DevOps, Security, OWASP 10, ISO/IEC 27002, ISO/IEC 17788, RBAC, ABAC, AuthN, AuthZ, CI/CD
Click here to get a notification every time a job like this gets added
Great news! We will let you know when a new job like this has been added!
Our client is one of the leading insurance companies in Switzerland.
On behalf of our client, Swisslinx is currently looking for a DevOps Security Lead.
This is a contracting role until end of the year based in Zurich.
Your mission
- You would be the Lead Engineer within the platform team, leading the “Security and State” Stream
- You will be joining a multi-year Finance Transformation project, Greenfield on MS azure with both cloud-native and legacy components
- Understand all infrastructure as code (IaC) artefacts in Azure DevOps, with specific focus on Kubernetes, Kafka, Zookeeper, NoSQL (e.g. Couchbase)
- Secure the CI/CD process for IaC and Microservice (Spring Boot, Python) deployments
- Design and own the (policies for) our docker registry
- Implement and maintain in the pipelines companie’s wide scanning tools such as Aqua, NexusIQ, Qualys etc
- Implement and ensure Encryption at rest and in transit
- Design, implement and ensure best practices of AuthZ, eg via token rotation: both for human and non-human
- Design, implement and maintain secrets management
- Design and implement a security aspect for configuration management
- Work with developers to understand the security context of the apps and their interaction with Apache Kafka, candidate will design & own the implementation of how Kafka will be secured
- Align with Automation lead on quality controls and continuous testing best practices especially including blue/green and canary
- Design and maintain the availability and stability of all long-living state (e.g. the event store)
- Secure the state against unauth access: design and implement lifecycle (non-prod vs prod) for data (incoming as Kafka messages using the event carried state transfer paradigm)
- Consult with Automation lead on network layouts and negotiate with other network teams on integration/segregation topics
- Support and give guidance on the test driven development practices and the implementation thereof in the pipelines in a DevSecOps style (e.g. Chaos Monkey, auto-pen-test)
- Implement continuous improvements on governance aspects (e.g. Azure Policies)
- Efficiently leverage Azure services for addressing security concerns (i.e. WAF)
- Own the integration with Azure Active Directory and IAM
- Continuously work with the teams to improve all components as the use-cases grow more complex
- Own validity and applicability of libraries and licenses of all vendors (e.g. for Hashicorp Vault)
- Design observability (especially logging) concept and implement reactions to incidents
- Design High Availability and Disaster Recovery Strategies (incl multi zone deployments and consistency) in the context of event-sourcing with special focus on securing and protecting the event-store and guaranteeing replayability
- Design and maintain a holistic security concept for VMs, stateful apps, stateless apps, running on K8S or running as container instances
- Design and maintain holistically Monitoring and telemetry
- Design and take ownership of the security incident process
- Train other engineers
- Ensure compliance with the company wide digital governance framework, audit
- Documentation of all of the above (readme, wiki and JIRA)
Your background
-Public Cloud relevant experience with practical implementation of the security standards: OWASP 10, ISO/IEC 27002, ISO/IEC 17788
- Expert Knowledge in zero trust networking and service meshes
- Expert Knowledge of AuthN concepts and techniques, e.g. RBAC, ABAC
- Expert Knowledge of AuthZ techniques and tools
- Strong and proven Automation experience with CI/CD in the public cloud using industry standards such as maven, gradle
- Expert Knowledge of git
- Knowledge of Kubernetes deployments (e.g. sidecar), container isolation, multi-tenancy and software defined networking
- Knowledge of static code scanning best practices
- Expert knowledge of Continuous Monitoring and usage of Telemetry
- Test driven development: understands semantics of unit tests and end to end integration tests and the imperative for continuous testing
- Worked with CI/CD for integration, migration and deployment: Experience in automated build, test & deploy with an explicit focus on state-management and
state-handling
- Strong understanding of networks: especially how Layer 7 design needs to align with Layers 3-6 in the public cloud, Expert Knowledge of multi-cloud firewall
Design
- Excellent communication in English, written and spoken
- Delegation and (self-)management skills for working in a flat and distributed team
- Encryption tools and techniques
- Strong Experience with "Infrastructure as Code"
- Linux OS (alpine, Ubuntu, SLES) and Unix
- Knowledge of event-driven architecture and micro-services
Frameworks / Tools
- Azure DevOps, Ansible, yaml-pipelines, Helm, build agents, scripting (bash, python)
- Container-based (Docker / Kubernetes) orchestration
- High availability of statefulness using cloud-native techniques
- Can read code written in industry standard polyglot (Java/ Spring/ Python/ JS)
- DB-queries (also NoSQL) e.g. Couchbase, SAP HANA, Postgres
- Cloud managed services (e.g. Blob Storage, databases, Insights, Security Center)
- Build and deployment tools such as Git, Gradle, Maven
- API Gateways, HTTPS, REST/ODATA/GraphQL/etc API-specs
- State-management e.g. Zookeeper, Schema Registry, Event Store
- Aqua, Qualys, DataDog, Grafana, Prometheus, Zeebe, Vault
What’s on offer
- Work for an established Swiss company
- International and multi-cultural working environment
If you think of yourself as a highly motivated, ambitious person, please apply via email: katia@swisslinx.com. For further information, do not hesitate to contact us: +41 (0)58 268 10 40.
I manage this role