Cloud Security Engineer-Platform & Infrastructure (F/M/D)

Location: Munich Hybrid (NavVis GmbH)

Department: IT & Infrastructure

THE OPPORTUNITY

As a Cloud Security Engineer-Platform & Infrastructure at NavVis, you will play a critical role in strengthening our cloud security posture, with a strong focus on Kubernetes and AWS environments. You will own and optimize our Wiz platform, implement security automation, and ensure compliance with ISO 27001 and SOC 2 standards. This is a hands-on role where you will collaborate closely with engineering teams to embed security into our infrastructure and processes. 

HOW YOU WILL MAKE AN IMPACT

• Take ownership of Kubernetes security across our EKS clusters: design and enforce RBAC, admission controllers, network policies, and pod security standards 
• Harden container workloads through image scanning, runtime threat detection, and workload identity best practices  
• Own and continuously improve our cloud security posture using Wiz, AWS native services and internal monitoring  
• Drive security automation and hardening across AWS, EKS and on-prem infrastructure
• Integrate security controls into CI/CD pipelines (Terraform, Helm, GitOps) to prevent misconfigurations early  
• Design and maintain guardrails and detection rules for identity, network and workload security 
• Design and enforce least-privilege IAM and support SSO and SAML workflows  
• Partner closely with engineering teams to secure new services and architectural changes  
• Lead vulnerability management and remediation across cloud assets, containers and applications 
• Support risk assessments, internal security reviews and compliance initiatives (ISO 27001, SOC 2) 
• Investigate and respond to security incidents, driving follow-up improvements  
• Contribute to internal security standards, playbooks and documentation 

WHAT WILL HELP YOU SUCCEED IN THE ROLE

• Strong hands-on Kubernetes security experience you are comfortable with being the go-to person for Kubernetes security decisions.
• Experience hardening containerized workloads, including image scanning, runtime security and workload identity
• Strong hands-on experience with AWS security (IAM, KMS, networking, GuardDuty, Security Hub)
• Strong Terraform skills and an automation-first mindset
• Experience with CSPM and cloud monitoring tools (Wiz is a strong plus)
• Familiarity with ISO 27001 and SOC 2 control environments
• Experience designing and enforcing least-privilege access models and SSO integrations
• Confidence handling security incidents, investigations and documentation
• Excellent communication and cross-team collaboration skills 

HOW WE WILL KNOW WE ARE A PERFECT MATCH

Your recruiting partner for this role is Sylvie (she/her). You can expect to go through a screening call, and up to 4 rounds of interviews, where we would love to discover your passion and interests, introduce you to who we are and what drives us, and finally understand how we can potentially add value to each other's growth.

HOW WE WILL KEEP YOU SMILING

• It's important to take a break from work! We offer 30 days of paid time off per year
• Affordable access to a vast network of fitness and wellness facilities through EGYM Wellpass subsidy
• Deutschlandticket subsidy to support sustainable travel using public transport
• We offer flexible working hours and a hybrid work setup, enabling you to plan your work around your life, and not your life around work!
• We offer full visa and relocation support for international candidates
• An attractive bike leasing model through JobRad, in line with our commitment towards sustainable mobility
• A competitive compensation package that values the skills and experience you bring
• Up to 4000 EUR employee referral bonus 
• Financial support for local language classes to help you in your journey of integrating into the culture!