CI/CD Engineer (m/f/d)

Frankfurt (50%) and Remote

31.12.2026 + Option

full-time - (100%)

Westhouse is one of the leading international recruitment agencies for the procurement of highly qualified experts in fields such as IT lifecycle management, SAP, engineering, commerce and specialist consultancy.

For our client we are currently looking for a CI/CD Engineer (m/f/d) - Frankfurt (50%) and Remote.

- Design, implement, and maintain DevOps solutions while ensuring integrity, confidentiality, and availability of systems and tools to the program and data - Analysing of program requirements and design secure, robust DevOps architectures that address integration, scalability, and compliance needs. - Development and configuration of CI/CD pipelines with built-in security scanning and compliance checks. - Implementing of secure configuration, access controls, and encryption for systems, repositories, and deployment pipelines. - Regularly monitoring and updating systems and tools to address security vulnerabilities and ensure ongoing compliance with security policies and standards. - Conducting risk assessments and threat modeling to proactively identify and mitigate potential weaknesses in DevOps workflows. - Providing automation of infrastructure provisioning and management using tools such as Terraform, Ansible, or Open- Tofu, following best practices for security and reliability. - Maintaining of system and service availability, including disaster recovery planning, incident response procedures, and routine backups. - Performing regular audits of configurations, user access, and system logs to ensure integrity and traceability. - Coordination with development and other stakeholders to resolve issues, implement new features, and keep all systems running optimally while adhering to confidentiality and data protection requirements. - Creating and maintain comprehensive documentation on architecture, configurations, processes, and incident response plans. - Expose security tools to developers in a self-service fashion - Designing and implementing user-friendly interfaces that allow developers to access security tools directly. - Automating the provisioning and configuration of security tools (e.g., through APIs or self-service portals) to streamline developer onboarding. - Integrating security tools into CI/CD pipelines, making them available as part of standard development workflows. - Ensuring access controls are properly set up so developers can use security tools safely, without compromising sensitive data or system integrity. - Monitoring usage and availability of security tools to ensure developers experience minimal friction and downtime. - Providing documentation and support materials to help developers efficiently utilize available security tools. - Continuously gathering feedback from developers and improving the self-service experience based on their needs. - Documentation of frequently performed tasks for both internal and external customers - Identifying and cataloguing routine tasks and processes performed by the stakeholders or expected from users. - Writing clear, step-by-step guides and instructions for common operations, troubleshooting, and maintenance activities. - Creating visual aids such as flowcharts, diagrams, or screenshots to support written documentation and enhance understanding. - Reviewing and updating documentation regularly to ensure accuracy with evolving tools, systems, and procedures. - Gathering feedback from internal and external users to refine and clarify documentation based on their experiences and needs. - Ensuring documentation is accessible and organized in a central repository or knowledge base. - Creating quick reference materials, FAQs, and “How-to” videos for frequent questions or issues. - Standardizing documentation formats and templates for consistency across all materials - Increate automation efforts in automatically creating expansive SBOMs, KBOMs - Designing and developing scripts or workflows to automatically generate Software Bill of Materials (SBOMs) and Knowledge Bill of Materials (KBOMs) during build or deployment processes. - Integrating SBOM/KBOM generation tools with CI/CD pipelines to ensure bills are produced for every build and update. - Selecting and maintaining appropriate automation tools (such as Trivy, Syft, or others) that support comprehensive and accurate SBOM/KBOM creation. - Testing and validating automated outputs to ensure completeness, correctness, and compliance with internal or regulatory standards. - Streamlining the user experience so developers and other stakeholders can access SBOMs/KBOMs with minimal manual steps. - Addressing and shielding technical complexities related to SBOM/KBOM management from end users, making automation seamless and robust. - Monitoring and optimizing automation workflows for performance and scalability as products or systems evolve. - Maintaining and updating automation scripts as new package ecosystems, dependencies, or regulatory requirements emerge. - Documenting the automated processes, including how the SBOMs/KBOMs are generated, stored, and accessed - Continuously monitoring systems, applications, and containers for new vulnerabilities using automated scanning tools. - Analyzing vulnerability reports, prioritizing findings based on risk and potential impact. - Planning and applying remediation measures, such as patching software, updating dependencies, or changing configurations. - Coordinating and tracking vulnerability resolution with development, operations, and other relevant teams. - Documenting actions taken, including risk acceptance, mitigation, or escalation of critical issues. - Conducting regular security hardening activities, such as enforcing least privilege, disabling unnecessary services, and applying secure configuration baselines. - Performing penetration testing or vulnerability assessments and analyzing results to identify areas for hardening. - Updating hardened images and templates for system deployments in response to emerging threats or findings. - Reviewing and improving network and access controls to minimize attack surfaces. - Providing guidance and support to teams on secure development and operational practices.

Interested?

Tel.: +49-89-383772-4135 Fax.: +49-89-99740779

Facebook linkedin Xing twitter

- Design and implement DevOps solutions ensuring integrity, confidentiality, and availability of systems and data - Proven experience implementing DevSecOps practices end-to-end, embedding security controls into CI/CD pipelines and platform layers - Strong experience collaborating with Engineering, DevOps, and IT teams to integrate security into the software development lifecycle - Develop and document security processes, including vulnerability management and incident response - Extensive hands-on experience designing, operating, and troubleshooting large-scale Kubernetes platforms - Deep understanding of Kubernetes internals, including scheduling, networking (CNI), storage, RBAC, admission controllers, and API extensions - Experience implementing container and runtime security in Kubernetes environments - security in containerized environments (segmentation, policies, secure communication) - Strong hands-on experience with GitOps workflows using Argo CD and FluxCD in production environments - Strong hands-on experience with Infrastructure-as-Code using Terraform or OpenTofu - Experience integrating security controls into CI/CD pipelines, including automated validation and compliance checks - Strong operational experience with Harbor as a central artifact registry - Solid understanding of software supply chain security, including artifact signing, provenance, attestations, and dependency tracking - Experience working with SBOM standards (e.g., CycloneDX) and integrating SBOMs into security workflows - Hands-on experience with security tooling such as Trivy, Dependency-Track, and DefectDojo - Strong expertise in building and operating observability stacks centered around Prometheus - Advanced experience with Grafana, including custom dashboards, plugins, and security-focused monitoring - Experience integrating metrics, logs, and traces into a cohesive observability platform (e.g., Prometheus, Loki, OpenTelemetry) - Strong hands-on experience with Google Cloud Platform, particularly: - Networking (VPCs, private connectivity, service controls) - Ability to evaluate, select, and implement security tools across cloud and on-premise environments - Strong understanding of network security principles, including firewalls, VPNs, and network segmentation - Deep understanding of encryption mechanisms, particularly asymmetric cryptography and certificate hierarchies (PKI) - Ability to secure communication paths and data flows across distributed systems - Experience supporting audits and security policy reviews - Awareness of the responsibilities associated with operating in critical infrastructure environments - Extensive experience operating and scaling GitLab in large environments - Design and operation of highly available GitLab architectures (e.g. backup/restore strategies) - Strong understanding of access control, and project/group governance in GitLab - Proven ability to ensure performance, reliability, and compliance of GitLab as a shared platform service - Experience working with supporting tools and platforms such as: