80.000 - 100,000
DevSecOps Engineer - Permanent - Prague, Czechia
This position requires a profile with a security background on both OnPrem/Cloud environments. You will be expected to identify vulnerabilities and security flaws proactively, determine the potential risk of reported issues quickly, drive for the right architecture decisions across many teams to harden our infrastructure and educate other members of the technical teams.
- Contribute designing security strategies and corresponding controls upfront into the services and products of Energy IT
- Foster knowledge sharing and skill transfer.
- Support the lead security engineer in acting as primary interface to other internal teams.
- Ensure necessary security controls, tools and standards are deployed according to design.
- Enhance the quality in secure infrastructure and remove toil work through everything as code approach.
- Provide subject matter expertise for compliance requirements based on corresponding information security standards.
- Proactively assess existing cloud-based Energy IT solutions, identify weaknesses and corresponding mitigations
- Support the Risk Management and Vulnerability Management processes.
- Support external vendors for performing annual penetration tests.
- Collaborate with internal Dev and Ops units to establish IT security best practices.
- Create technical and procedural documentation to be shared with necessary stakeholders.
- Bachelor's degree or equivalent in Computer Science, Information Systems Management, Information Technology, or other related discipline
- 2+ years’ professional experience as a Security Engineer
- Strong knowledge of security protocols and standards
- Hands-on experience for on-prem security hardening on Linux based systems
- Hands-on experience with cloud security hardening, cloud provider ecosystems (GCP)
- Knowledge of PAM and IAM work frames
- Familiar with the security hardening of DevOps processes
- Familiar with Risk Management and Vulnerability Management
- Strong documentation skills
- Ability to bridge between IT and Corporate staff such as Legal, Compliance and Audit sections
- Hands-on experience in designing and implementing automated security testing
- Strong written and oral communication and analytical problem-solving skills
- Good understanding of regulatory conditions and requirements in the finance IT (BaIT, KRITIS, etc.)
- CISSP certification is a plus. (E.g ISO 2700x, German BSI IT Grundschutz, COBIT, MaRisk)