Job Description
This is a remote position.
CI/CD Engineering – Security & Compliance (PID0621) D4P | Contract / Freelance
* Contract / Freelance
* Full-time
* Remote with travel readiness required (Germany)
* Start: 15.06.2026
About the role
We are seeking a Senior CI/CD Security & Compliance Engineer to join the DevOps 4 Platform (D4P) team within a large internal platform programme in the energy sector. You will design, implement and maintain secure DevOps solutions across a cloud-native, hybrid platform environment, embedding security controls into CI/CD pipelines and enabling developers to access security tooling in a self-service fashion.
What you'll be doing
* Designing and implementing DevSecOps architectures ensuring integrity, confidentiality and availability across systems, pipelines and repositories
* Developing and configuring CI/CD pipelines with built-in security scanning, compliance checks and automated validation
* Implementing secure configuration, access controls and encryption for systems, repositories and deployment pipelines
* Conducting risk assessments and threat modelling to proactively identify and mitigate weaknesses in DevOps workflows
* Automating infrastructure provisioning using Terraform, Ansible or OpenTofu following security and reliability best practices
* Designing and implementing self-service interfaces enabling developers to access security tools directly
* Integrating security tools into CI/CD pipelines as part of standard development workflows
* Automating SBOM and KBOM generation using tools such as Trivy, Syft and Dependency-Track, integrating outputs into CI/CD pipelines
* Continuously monitoring systems and containers for vulnerabilities, prioritising findings and coordinating remediation
* Conducting security hardening activities including least privilege enforcement, secure configuration baselines and penetration testing
* Performing regular audits of configurations, user access and system logs
* Creating and maintaining comprehensive documentation on architecture, configurations, processes and incident response plans
Requirements
What you'll need
* Proven experience implementing DevSecOps practices end-to-end, embedding security controls into CI/CD pipelines and platform layers
* Extensive hands-on experience designing, operating and troubleshooting large-scale Kubernetes platforms, including scheduling, networking (CNI), storage, RBAC, admission controllers and API extensions
* Strong hands-on experience with GitOps workflows using Argo CD and FluxCD in production environments
* Strong hands-on experience with Infrastructure-as-Code using Terraform or OpenTofu
* Strong operational experience with Harbor as a central artifact registry
* Solid understanding of software supply chain security including artifact signing, provenance, attestations and dependency tracking
* Experience with SBOM standards such as CycloneDX and hands-on experience with Trivy, Dependency-Track and DefectDojo
* Strong expertise building and operating observability stacks centred around Prometheus, with advanced Grafana experience
* Strong hands-on experience with GCP, particularly GKE, IAM, workload identity and networking
* Extensive experience operating and scaling GitLab in large environments, including highly available architectures, CI workload management and access control governance
* Deep understanding of encryption mechanisms, PKI and network security principles
* Fluent English (B2 minimum)
Desirable
* German language for understanding ISO certificate documents
* Experience operating platforms in regulated environments
* Familiarity with policy-as-code frameworks such as Kyverno
* Experience with secrets management solutions such as HashiCorp Vault
* Familiarity with progressive delivery approaches such as Argo Rollouts
* Exposure to multi-cloud or hybrid cloud architectures beyond GCP
* Familiarity with SCA tools and SAST practices
Benefits
As a freelancer / contractor with us, you will enjoy flexible working hours and the freedom to choose your own projects. Our platform gives you access to exciting projects in various industries and supports you in advancing your career. You'll benefit from competitive pay and a dedicated team to help you with any questions you may have. Work independently and utilise our strong network to achieve your professional goals.