75% remote: CI / CD Engineer (f/m/d) with DevSecOps Skills

For our client we are looking for a CI / CD Engineer (f/m/d).

1 week Frankfurt / 3 weeks remote in rotation, up to 50% onsite in peak times

D4P the focus is on providing products and services that empower Engineering and Operations teams under the program, supporting the needs of Product Engineering. The Platform Team (D4P) is committed to delivering, managing, and optimizing essential DevOps tools, which facilitate seamless continuous integration (CI), continuous development (CD), and delivery across the platform and its services.

- Design, implement, and maintain DevOps solutions while ensuring integrity, confidentiality, and availability of systems and tools to the program and data - Expose security tools to developers in a self-service fashion - Documentation of frequently performed tasks for both internal and external customers - Increate automation efforts in automatically creating expansive SBOMs, KBOMs

- Design and implement DevOps solutions ensuring integrity, confidentiality, and availability of systems and data - Proven experience implementing DevSecOps practices end-to-end, embedding security controls into CI/CD pipelines and platform layers - Strong experience collaborating with Engineering, DevOps, and IT teams to integrate security into the software development lifecycle - Develop and document security processes, including vulnerability management and incident response - Extensive hands-on experience designing, operating, and troubleshooting large-scale Kubernetes platforms - Deep understanding of Kubernetes internals, including scheduling, networking (CNI), storage, RBAC, admission controllers, and API extensions - Experience implementing container and runtime security in Kubernetes environments - Network security in containerized environments (segmentation, policies, secure communication) - GitOps workflows using Argo CD and FluxCD in production environments - Experience integrating security controls into CI/CD pipelines, including automated validation and compliance checks - Strong operational experience with Harbor as a central artifact registry - Solid understanding of software supply chain security, including artifact signing, provenance, attestations, and dependency tracking - Experience working with SBOM standards (e.g., CycloneDX) and integrating SBOMs into security workflows - Hands-on experience with security tooling such as Trivy, Dependency-Track, and DefectDojo - Strong expertise in building and operating observability stacks centered around Prometheus - Advanced experience with Grafana, including custom dashboards, plugins, and security-focused monitoring - Experience integrating metrics, logs, and traces into a cohesive observability platform (e.g., Prometheus, Loki, OpenTelemetry) - Strong hands-on experience with Google Cloud Platform, particularly: o GKE (cluster operations, security, networking) o IAM and workload identity o Networking (VPCs, private connectivity, service controls) - Ability to evaluate, select, and implement security tools across cloud and on-premise environments - Strong understanding of network security principles, including firewalls, VPNs, and network segmentation - Deep understanding of encryption mechanisms, particularly asymmetric cryptography and certificate hierarchies (PKI) - Ability to secure communication paths and data flows across distributed systems - Experience supporting audits and security policy reviews - Operating in critical infrastructure environments (KRITIS) - Operating and scaling GitLab in large environments - Design and operation of highly available GitLab architectures (e.g. backup/restore strategies) - Access control, and project/group governance in GitLab - Proven ability to ensure performance, reliability, and compliance of GitLab as a shared platform service - Experience working with supporting tools and platforms such as:

- Experience in German language to understand ISO certificate documents - Experience operating platforms in regulated environments - Familiarity with policy-as-code frameworks (e.g., Kyverno) - Experience with secrets management solutions (e.g., HashiCorp Vault) - Familiarity with progressive delivery approaches (e.g., Argo Rollouts) - Exposure to multi-cloud or hybrid cloud architectures beyond GCP - Familiarity with cost-aware and scalable cloud design, balancing security with operational efficiency - Familiarity with Software Composition Analysis (SCA) tools and practices - Proficiency in Static Application Security Testing (SAST)