At Libra, we're transforming how legal professionals work. Our AI platform combines deep legal reasoning with cutting-edge generative technology to help lawyers research, draft, and deliver legal work faster and smarter.
In just over a year, we became one of Europe's fastest-growing legal AI companies—and in late 2025, we joined Wolters Kluwer, the global leader in legal information services. Together, we're combining Libra's AI capabilities with Wolters Kluwer's authoritative legal content to build the most powerful AI workspace for lawyers in Europe. We've already launched in the Netherlands and are expanding across new markets with full localization and deep local content integrations.
This is a unique opportunity to shape the next generation of legal AI products—now at true European scale.
Role Overview
As a SecOps Engineer (m/f/d) at Libra, you’ll lead the design, automation, and operation of security controls across our products and infrastructure trusted by top law firms and legal teams across Europe. You’ll secure internal and external traffic, identities, and data end‑to‑end building robust, observable, and compliant systems that enable fast, safe delivery through least‑privilege access, strong encryption, and continuous monitoring.
This is a high‑impact role for engineers who thrive at the intersection of detection, response, and platform engineering. You’ll work at the Merantix AI Campus in Berlin, partnering closely with our AI, Product and DevOps teams to own network and perimeter security, security reviews for changes and third‑party integrations, ensuring Libra’s security posture scales with our customer base
What You Will Do:
1. Own end-to-end security for internal and external traffic across Open Telekom Cloud (OTC) and Microsoft Azure, including network segmentation, mTLS, WAF, and IDS/IPS.
2. Define and operate IAM and RBAC: role design, SSO/SCIM provisioning, least-privilege policies, and periodic access reviews across cloud, SaaS, and internal systems.
3. Govern access to sensitive data and operational databases with policy-based controls, approval workflows, data masking, and query auditing.
4. Implement and manage secrets and key management (e.g., vaulting, KMS/HSM), including rotation, revocation, and encryption standards.
5. Build and operate audit logging and SIEM pipelines: log collection, correlation rules, alert tuning, dashboards, and on-call runbooks.
6. Lead incident response readiness and execution: playbooks, tabletop exercises, forensics coordination, post-incident reviews, and continuous improvement.
7. Drive vulnerability and patch management: integrate SCA/SAST/DAST into CI/CD, container/OS hardening, and remediation tracking.
8. Secure endpoints, containers, and runtime systems using EDR, admission policies, baseline configurations, and sandboxing.
9. Conduct security reviews and threat modeling for architecture changes, releases, and third-party integrations; ensure secure-by-default guardrails.
10. Partner with DevOps and engineering to embed security controls into Terraform/Ansible, CI/CD pipelines, and the SDLC.
11. Champion a security-first culture through clear standards, training, and pragmatic guidance.
What You Bring:
12. Strong experience operating security controls in cloud environments, ideally Open Telekom Cloud (OTC) or OpenStack.
13. Deep knowledge of IAM/RBAC, SSO/SCIM, and least-privilege access design.
14. Proficiency in network and perimeter security (TLS/mTLS, WAF, IDS/IPS, VPN/Zero Trust).
15. Hands-on experience with secrets and key management (Vault, KMS/HSM) and encryption best practices.
16. Experience building and tuning SIEM, EDR, and log pipelines; strong detection engineering and incident response skills.
17. Familiarity with vulnerability management and CI/CD security (SCA/SAST/DAST, container scanning) and system hardening (e.g., CIS benchmarks).
18. Solid understanding of European data protection and security compliance (e.g., GDPR, ISO 27001/SOC 2) and how to operationalize controls.
19. Excellent communication skills in English; German is a plus.
20. Entrepreneurial mindset with a strong sense of urgency; self-starter who works independently while aligning to team goals.
What we offer:
21. Permanent employment from day one.
22. Remote work & flexibility: Work remotely up to 3 days per week (home office) (= 8 days a month in the office) with flexible working hours.
23. Work abroad flexibly: Work from anywhere within the EU for up to 20 days within a twelve-month period.
24. Rest & time off: 26 vacation days.
25. Show your commitment: 1 additional day off per year for your volunteer work (Volunteer Day).
26. Support for development: E-learning via LinkedIn, online language training with goFluent, and other training and development opportunities.
Join us, at Wolters Kluwer, and be part of a global technology company that makes a difference every day. Be the difference. If making a difference matters to you, then you matter to us.
For any questions, please feel free to contact the recruiter Eleonora Bardelliat: +39 3499375349.