Westhouse is one of the leading international recruitment agencies for the procurement of highly qualified experts in fields such as IT lifecycle management, SAP, engineering, commerce and specialist consultancy.
For our client we are currently looking for a CI/CD Engineer (m/f/d) - Frankfurt (50%) and Remote.
Your tasks
1. Design, implement, and maintain DevOps solutions while ensuring integrity, confidentiality, and availability of systems and tools to the program and data
2. Analysing of program requirements and design secure, robust DevOps architectures that address integration, scalability, and compliance needs.
3. Development and configuration of CI/CD pipelines with built-in security scanning and compliance checks.
4. Implementing of secure configuration, access controls, and encryption for systems, repositories, and deployment pipelines.
5. Regularly monitoring and updating systems and tools to address security vulnerabilities and ensure ongoing compliance with security policies and standards.
6. Conducting risk assessments and threat modeling to proactively identify and mitigate potential weaknesses in DevOps workflows.
7. Providing automation of infrastructure provisioning and management using tools such as Terraform, Ansible, or Open- Tofu, following best practices for security and reliability.
8. Maintaining of system and service availability, including disaster recovery planning, incident response procedures, and routine backups.
9. Performing regular audits of configurations, user access, and system logs to ensure integrity and traceability.
10. Coordination with development and other stakeholders to resolve issues, implement new features, and keep all systems running optimally while adhering to confidentiality and data protection requirements.
11. Creating and maintain comprehensive documentation on architecture, configurations, processes, and incident response plans.
12. Expose security tools to developers in a self-service fashion
13. Designing and implementing user-friendly interfaces that allow developers to access security tools directly.
14. Automating the provisioning and configuration of security tools (e.g., through APIs or self-service portals) to streamline developer onboarding.
15. Integrating security tools into CI/CD pipelines, making them available as part of standard development workflows.
16. Ensuring access controls are properly set up so developers can use security tools safely, without compromising sensitive data or system integrity.
17. Monitoring usage and availability of security tools to ensure developers experience minimal friction and downtime.
18. Providing documentation and support materials to help developers efficiently utilize available security tools.
19. Continuously gathering feedback from developers and improving the self-service experience based on their needs.
20. Documentation of frequently performed tasks for both internal and external customers
21. Identifying and cataloguing routine tasks and processes performed by the stakeholders or expected from users.
22. Writing clear, step-by-step guides and instructions for common operations, troubleshooting, and maintenance activities.
23. Creating visual aids such as flowcharts, diagrams, or screenshots to support written documentation and enhance understanding.
24. Reviewing and updating documentation regularly to ensure accuracy with evolving tools, systems, and procedures.
25. Gathering feedback from internal and external users to refine and clarify documentation based on their experiences and needs.
26. Ensuring documentation is accessible and organized in a central repository or knowledge base.
27. Creating quick reference materials, FAQs, and “How-to” videos for frequent questions or issues.
28. Standardizing documentation formats and templates for consistency across all materials
29. Increate automation efforts in automatically creating expansive SBOMs, KBOMs
30. Designing and developing scripts or workflows to automatically generate Software Bill of Materials (SBOMs) and Knowledge Bill of Materials (KBOMs) during build or deployment processes.
31. Integrating SBOM/KBOM generation tools with CI/CD pipelines to ensure bills are produced for every build and update.
32. Selecting and maintaining appropriate automation tools (such as Trivy, Syft, or others) that support comprehensive and accurate SBOM/KBOM creation.
33. Testing and validating automated outputs to ensure completeness, correctness, and compliance with internal or regulatory standards.
34. Streamlining the user experience so developers and other stakeholders can access SBOMs/KBOMs with minimal manual steps.
35. Addressing and shielding technical complexities related to SBOM/KBOM management from end users, making automation seamless and robust.
36. Monitoring and optimizing automation workflows for performance and scalability as products or systems evolve.
37. Maintaining and updating automation scripts as new package ecosystems, dependencies, or regulatory requirements emerge.
38. Documenting the automated processes, including how the SBOMs/KBOMs are generated, stored, and accessed
39. Vulnerability Management & Security Hardening
40. Continuously monitoring systems, applications, and containers for new vulnerabilities using automated scanning tools.
41. Analyzing vulnerability reports, prioritizing findings based on risk and potential impact.
42. Planning and applying remediation measures, such as patching software, updating dependencies, or changing configurations.
43. Coordinating and tracking vulnerability resolution with development, operations, and other relevant teams.
44. Documenting actions taken, including risk acceptance, mitigation, or escalation of critical issues.
45. Conducting regular security hardening activities, such as enforcing least privilege, disabling unnecessary services, and applying secure configuration baselines.
46. Performing penetration testing or vulnerability assessments and analyzing results to identify areas for hardening.
47. Updating hardened images and templates for system deployments in response to emerging threats or findings.
48. Reviewing and improving network and access controls to minimize attack surfaces.
49. Providing guidance and support to teams on secure development and operational practices.