This Job Vacancy has Expired!

Lead Security Engineer

SuisseCo GmbH

Posted on May 23, 2022 by SuisseCo GmbH

Zürich, Switzerland
Immediate Start
Annual Salary

Please note that for this role, relocation to Switzerland is required. We can only hire EU-27 citizens or candidates with an existing Swiss working permit/citizenship.

SuisseCo specializes in the international recruitment and placement of highly qualified IT specialists in Switzerland. We support our clients in implementing their IT projects and guarantee quick and flexible solutions of the highest quality.

For one of our clients in the insurance industry we are looking for a Lead Security Engineer

Start date: ASAP
Duration: Till the end of 2022 (possibilities for extension)
Location: Zurich (WFH is possible)

Key Responsibilities

  • Working with client's Cyber Risk team to ensure ecurity standards are implemented. Documentation of the measures implemented
  • Understand all infrastructure as code (IaC) artefacts in Azure DevOps, with specific focus on Kubernetes, Kafka, Zookeeper, NoSQL (eg Couchbase)
  • Secure the CI/CD process for IaC and Microservice (Spring Boot, Python) deployments
  • Understand and oversee operations of wide scanning tools such as Aqua, NexusIQ, Qualys etc.
  • Ensure compliance with requirements on Encryption at rest and in transit
  • Design, implement and ensure best practices of AuthZ, eg via token rotation: both for human and non-human
  • Design, implement and maintain secrets management
  • Design and implement a security aspect for configuration management
  • Work with developers to understand the security context of the apps and their interaction with Apache Kafka, candidate will design & own the implementation of how Kafka will be secured
  • Secure the platform against unauthorized access: design and implement life cycle (non-prod vs prod) for data
  • Consult with infrastructure teams on network layouts and negotiate with other network teams on integration/segregation topics
  • Support and give guidance on the test-driven development practices and the implementation thereof in the pipelines in a DevSecOps style
  • Efficiently leverage Azure services for addressing security concerns (ie WAF)
  • Own the integration with Azure Active Directory and IAM
  • Continuously work with the teams to improve all components as the use-cases grow more complex
  • Facilitate pen tests with an external partner
  • Ensure compliance with the company-wide digital governance framework, audit and various security technical standard

Essentials Skills and Qualifications

  • Public Cloud relevant experience with practical implementation of the security standards: OWASP 10, ISO/IEC 27002, ISO/IEC 17788
  • Expert Knowledge of AuthN concepts and techniques, eg RBAC, ABAC
  • Expert Knowledge of AuthZ frameowrks, techniques and tools (OAuth2)
  • Strong and proven Automation experience with CI/CD in the public cloud using industry standards such as maven, gradle
  • Expert Knowledge of git
  • Knowledge of Kubernetes deployments (eg sidecar), container isolation, multi-tenancy and software-defined networking
  • Knowledge of static code scanning best practices
  • Test-driven development: understands the semantics of unit tests and end to end integration tests and the imperative for continuous testing
  • Worked with CI/CD for integration, migration and deployment: Experience in automated build, test & deploy with an explicit focus on state-management and state-handling
  • Strong understanding of networks: especially how Layer 7 design needs to align with Layers 3-6 in the public cloud, Expert Knowledge of multi-cloud Firewall design
  • Excellent communication in English, written and spoken
  • Delegation and (self-)management skills for working in a flat and distributed team
  • Encryption tools and techniques
  • Strong Experience with "Infrastructure as Code"
  • Linux OS (alpine, Ubuntu, SLES) and Unix
  • Knowledge of micro-service architecture

Desired Skills

  • Experience with event-sourcing architectures built on Apache Kafka
  • Performance testing
  • Understanding Java Spring framework (especially Spring Security)
  • Can read code written in industry-standard polyglot (Java/Spring/Python/JS)
  • SAP Netweaver (very optional)
  • Frameworks/Tools:
    • Azure DevOps, Ansible, yaml-pipelines, Helm, build agents, Scripting (bash, python)
    • Container-based (Docker/Kubernetes) orchestration
    • DB-queries (also NoSQL) eg Couchbase, SAP HANA, Postgres
    • Cloud managed services (eg Blob Storage, databases, Insights, Security Center)
    • Build and deployment tools such as Git, Gradle, Maven
    • API Gateways, HTTPS, REST/ODATA/GraphQL/etc API-specs

Reference: 1604946857

Set up alerts to get notified of new vacancies.