Senior DevSecOps Engineer

Job Title: Senior DevSecOps Engineer

Employment Status: Full-time

Location: Vienna, Austria, Hybrid

Compensation: Starting from 100,000 EUR gross base salary + performance-based bonus and equity options.
Final compensation is negotiable based on experience and qualifications.

Job Summary

We are seeking a dedicated professional with a strong passion for Secure Software Development, Vulnerability Management, and Security Compliance Monitoring. The successful candidate will play a pivotal role in safeguarding our business’s information security, taking the lead in audits at Ketryx by leveraging their expertise in audit preparation and participation.

As part of a dynamic team, your mission will be to enhance and streamline CI/CD workflows at Ketryx, oversee and optimize our AWS infrastructure, address internal IT requirements, and ensure compliance with relevant standards, regulations, and certifications, including SOC 2. You will secure our cloud infrastructure using cutting-edge technologies while driving innovation and operational excellence.

About You

The ideal candidate is someone who possesses a deep passion for software and a profound desire to contribute to enhancing patient treatments through technological innovation. Your innate inquisitiveness, coupled with an unwavering enthusiasm for challenging assumptions, sets you apart. With excellent communication skills in both spoken and written English, you thrive in collaborative environments, where the exchange of ideas is paramount.

As a self-starter, you relish the opportunity to excel in a fast-paced startup environment, taking ownership of technology decisions and roadmaps. Your commitment to driving innovation aligns seamlessly with the ethos of our team, making you an invaluable asset in shaping the future of software at Ketryx. You are driven by a genuine love for software, a desire to improve patient outcomes, and the excitement of navigating cutting-edge challenges.

Ideally you will be currently located in Vienna or able to relocate quickly. Unfortunately, we are unable to support non-EU citizens for the position at this time. 

Responsibilities:

• Compliance and Certification: Maintain SOC 2 certification and other relevant standards, ensuring successful completion of all related audits.
• Customer Assurance: Respond effectively to IT/security questionnaires from current and potential customers.
• CI/CD Optimization: Deliver an efficient and high-performing CI/CD build process.
• Security Excellence: Implement and uphold security best practices across systems and workflows.
• Incident Management: Promptly address vulnerabilities and manage security incidents to minimize risk.
• Infrastructure Optimization: Maintain and continually enhance the performance, reliability, and scalability of server infrastructure.

Required Skills:

• Industry Experience: A minimum of 5 years of professional experience in the DevSecOps or related engineering fields (e.g., DevOps & compliance field).
• AWS Expertise: Proficiency in configuring and maintaining AWS infrastructure such as EC2, VPC, EKS, IAM, RDS. AWS certification is a strong plus.
• CI/CD Proficiency: Experience with CI/CD tools such as GitHub Actions, Jenkins, CircleCI, or similar platforms.
• Infrastructure as Code (IaC): Expertise in using IaC tools like CloudFormation or Terraform to automate and manage cloud environments.
• Audit Experience: Hands-on involvement in audits such as SOC 2 and HIPAA, with a preference for candidates who have led audit processes.
• Container Security: Ability to research, implement, and enforce security best practices for containers, container images, and Kubernetes (e.g., AWS EKS) across all development and deployment phases.
• Cross-Functional Collaboration: Ability to work effectively with developers, sales teams, sales engineers, and client operations to address security questionnaires and related requirements.

Additional Skills:

• Database Management (Preferred): Previous experience managing and optimizing databases, particularly PostgreSQL, is a strong asset.
• Certifications: Professional certifications such as CSSLP, CISSP, or CISA are considered as a plus.