Security and Compliance Engineer (m/f/d) - Developer Platform
We're building a modern Internal Developer Platform (IDP) to enable secure, scalable, and efficient software delivery — and security & compliance is a first-class concern from day one.
As Security and Compliance Engineer in our Platform team, you'll be responsible for designing, implementing, and evolving the security architecture of our IDP. Your focus will be on embedding security into the entire Software Development Lifecycle (SSDLC), enabling secure-by-default development practices, and advancing our Zero Trust approach across infrastructure, tooling, and pipelines.
You’ll collaborate closely with platform, infrastructure, compliance and application teams to ensure that security and regulatory is not a bottleneck — but an enabler for safe, fast, and autonomous development.
We’re building a secure, reproducible, and developer-friendly platform based on:
Policy-as-code, Secrets Automation, and Security-as-Code everywhere
Design and implement security architecture for our Internal Developer Platform
Embed security and compliance into the SSDLC: from code scanning, SBOM generation, and policy-as-code, to runtime and product hardening
Develop and enforce security automation, compliance checks, and guardrails as part of CI/CD pipelines and infrastructure-as-code
Support the implementation of fine-grained IAM, secrets management, and secure service-to-service communication
Collaborate with developers and platform engineers to design secure golden paths and self-service tooling
Define, track, and report on key security metrics, risk levels, and compliance posture
Stay on top of emerging threats, vulnerabilities, and security best practices — and translate them into actionable improvements
Several years of experience in Security Engineering, Platform Security & Compliance, or DevSecOps
Strong understanding of cloud-native architectures, container security, and security automation as well as regulatory requirements
Hands-on experience with CI/CD pipelines, infrastructure-as-code, and Kubernetes security
Hands-on experience with tools such as Policy-as-code engines (e.g. Knowledge of modern software supply chain security — e.g., Coding/scripting ability in Python, Go, or Rust is a plus
A unique opportunity to shape platform security from the ground up
Collaboration with experienced platform and product engineers
Remote work options, flexible hours, and modern tools
secunet Security Networks AG
Frau Nicole Schulz
If you are keen to work for a leading company of cyber security in a fair and trusting environment you should immediately get in touch with us.