Werkstudent supporting information security management and business continuity projects for Syneco's energy operations. Engaging in the development and upkeep of management systems and reporting tools.
About the role
- Cloud Security & Application Security Engineer at Cellulant enhancing security across cloud-native platforms and applications. Working in a hybrid role to support a leading payment service provider in Africa.
Responsibilities
- Architect, deploy, and maintain cloud-native security controls across AWS environments
- Implement and optimize CSPM, CIEM, CWPP, CDP, and container security tools
- Define/Enhance secure cloud patterns for compute, network, storage, IAM, secrets management, and multi-account strategies
- Build/enhance and enforce least-privilege IAM policies, service roles, and credential lifecycle management
- Support cloud hardening (OS-level and service-level), encryption, key management (KMS), and network segmentation
- Perform threat modeling, secure code reviews, architecture reviews, and security assessments across multiple codebases
- Partner with engineering teams to continually embed security into SDLC, CI/CD pipelines, and DevSecOps workflows
- Secure APIs, microservices, backend services, and distributed systems using best practices and industry frameworks
- Enhance secure coding standards, patterns, and reusable security modules
- Support API security design, testing, and governance across internal and external integrations
- Perform security reviews for REST, event-driven, and payment-processing APIs
- Ensure strong authentication (OAuth2, OIDC, mTLS) and secure token design
- Harden and secure workloads, containers, and orchestration platforms (Docker, Kubernetes)
- Review/enhance runtime detection & response (EDR/XDR) for cloud-native environments
- Ensure secure configurations, kernel-level protections, logging, and monitoring
- Automate cloud and application security tasks using Python, Bash, Terraform, CloudFormation and/or CI/CD workflows
- Develop automated guardrails, policy-as-code, and security-as-code pipelines
- Support the SOC team to develop and maintain security detection rules, alerts, and response playbooks
- Perform deep technical investigation of cloud, application, and API security incidents
- Collaborate with the SOC team to improve signals, automate responses, and reduce MTTD and MTTR
- Ensure alignment with PSP security requirements including PCI DSS and BFSI-grade controls
- Support security testing, continuous monitoring, and continuous assurance for payment platforms
- Partner with the Infosec GRC team during audits, pentests, and regulatory assessments
- Advise product, engineering, and DevOps teams on secure architectures and design choices
- Provide training and champion a “secure-by-default” engineering culture
- Operate as a senior technical security expert without direct managerial responsibilities
Requirements
- 6+ years experience in information security, with at least 4+ years focused on cloud and application security
- Strong hands-on expertise with AWS (preferred)
- Deep experience securing Linux-based cloud workloads
- Strong understanding of: API security architectures, Microservices and container ecosystems, CI/CD pipelines, DevSecOps principles, Infrastructure as code (Terraform, CloudFormation), Security as code
- Practical experience remediating vulnerabilities identified through SAST/SCA/DAST/container scanning tools
- Strong programming or scripting skills (Python, Bash, or Go preferred)
- Experience with Kubernetes, container hardening, and runtime security solutions
- Prior work in fintech, PSPs, BFSI, or other high-compliance environments is highly desirable, but not mandatory.
Benefits
- Generous personal time off
- Medical and life insurance benefits (markets permitting)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Security Consultant providing IT - Security Consulting by leveraging knowledge and skills to assist clients. Involved in diverse projects from analysis to execution and results presentation.
Lead functional safety for product development in PEM electrolyzers at Quest One. Collaborate with teams and support certification processes in the field of green hydrogen technology.
Consultant specializing in Cyber & Product Security for clients in a hybrid role. Focused on implementing security strategies and conducting assessments with a collaborative approach.
(Senior) Consultant in Automotive - & Product Security at Wavestone, focusing on cyber security solutions for clients in innovative projects. Collaborative work in a vibrant team environment across multiple German cities.
Information Security Manager focusing on risk management for Xecuro GmbH. Implementing and optimizing risk management processes within a technological environment in Bonn.
Teamlead position for Security Governance & Assurance at Xecuro GmbH in Bonn. Leading team and implementing information security management systems (ISMS).
Information Security Expert working on safe digital solutions, ensuring compliance and conducting risk assessments. Join Xecuro GmbH in shaping Germany's digital future with innovative security measures.
Lead ISSO ensuring security compliance for multi - tenant cloud and hybrid environments at Agile Defense. Responsible for vulnerability analyses and risk management decision - making expertise.
Network Security Engineer focusing on Fortigate Firewalls for Vodafone's global network operations. Troubleshooting, incident management, and collaborative environments driving network security initiatives.