About this job Cloud Computing has changed the way applications are being developed and how services are being operated. The a9s Data Services team has always been part of this change by leveraging popular open source data management solutions and making them consumable on modern Application Developer Cloud Platforms (commonly known as Platform-as-a-Service). Our highly automated, fully managed on-demand service offerings are used by enterprise customers that have strong requirements regarding scalability, availability and security. Our international and cross-functional team is composed of individuals from various fields and levels of experience. Our knowledge and expertise covers a wide spectrum including an excellent understanding of cloud infrastructures, different data services such as PostgreSQL, MariaDB, OpenSearch (to name but a few), and modern CI/CD technologies. In order to be able to deliver such high-quality products to enterprise customers, the team lives up to high standards and fully embraces lean and agile values with a strong emphasis on continuous learning and improvement. Thereby, our colleagues are always keen to share their insights and lessons learned from researching new trends, experimenting with the latest technologies, and engaging with the community at international conferences. In this team, you will be working with sophisticated cloud automation technologies such as Bosh and Cloud Foundry and applying modern, transparent and professional software development processes like pairing sessions, code reviews, test-driven development, continuous integration and deployment, etc. In particular, you will engage in the strengthening of the security posture across our offerings by following modern cybersecurity standards and relying on modern security toolings. Your core tasks Take responsibility for all aspects of automated CVE detection in our client and server components, including setup, configuration maintenance and supervision of CVE monitoring solutions. Take responsibility for all aspects of CVE resolution, including evaluating and integrating security patches as well as testing and releasing patch-level versions of our components. Define, collect and monitor security-relevant metrics and KPIs, such as time to detect or time to resolve related to vulnerability management. Improve, streamline and automate patch management as much as possible, e.g. by automating dependency updates via CI/CD pipelines. What we expect Fluent English (written and spoken). Experience with security standards and conventions like CVE/CWE. Experience in designing and maintaining CI/CD pipelines with security integrated at every stage. Proficiency in programming/scripting languages such as JavaScript, Ruby, Go, or Bash Proficiency with Git version-control. Good understanding of networking protocols and their security features like HTTPS/TLS. Knowledge of security threats and attack vectors, e.g. OWASP top 10 or CWE Top 25. Knowledge of Docker or other containerization technologies. Knowledge of CI/CD tools like GitHub Actions, Concourse CI, or similar. Knowledge of Cryptographic algorithms and toolsets, e.g. asymmetric encryption and openssl. Some exposure to Static or Dynamic Application Security Testing (SAST/DAST). What you can contribute as nice-to-have: One or more years of hands-on experience with vulnerability detection tools and methods, e.g. SAST/DAST methods or tools like Tenable. Knowledge of Threat Modeling methods and tools, e.g. the STRIDE method. Hands-on experience with Linux and security-relevant utilities like cgroups, namespaces, openssh, netstat, tcpdump. Understanding of cloud security (e.g. AWS) and cloud-native services. Knowledge of observability methods relevant to security, e.g. audit logging. Experience with security information and event management (SIEM) tools. Familiarity with industry standards and regulations (e.g., GDPR, ISO/IEC 27002, SOC2) and ensuring security practices comply with these guidelines. Familiarity with Agile processes such as Scrum/Kanban. Important information on the application process We are currently accepting applications for this position until January 12, 2025. In order to ensure that every applicant has an equal opportunity, we will review and qualify all applications together after this date. As consequence, the recruiting process will take place throughout January and February 2025. We appreciate your understanding and patience during this period. What we are offering Flexibility You can choose your individual workplace and organize your flexible work time. Including working remotely from home. Further Training Comprehensive and individual training. You can choose further training offers, for example via certifications, conferences, meetups, and much more. International team and English as company language Take English or German classes during working time. Visa sponsoring for non-EU citizens. Exchange cultural habits [and delicious food ;-)] with your team members since they have various cultural backgrounds. Community Work You are invited to actively participate in workshops, conferences and meetups such as KubeCon or CNCF Meetups to present and discuss your innovative design and implementation approaches with the community and represent the company. Use the opportunity to produce content such as technical articles, videos or talk proposals featuring your own research, design and development to let the community know about you, your expertise, and the product(s) you’re working on. Family and Professional Life Profit from our family friendly and family-like atmosphere. We also give the opportunity to work part-time, let us know if that’s what you wish during the recruiting process. Since dogs are an integral part of our work environment they are also welcome in our offices. In addition, in our office rooms we offer physical training possibilities and relaxing areas to free your mind. More information about the team and our work Future Tasks you will grow into with our help Design a holistic and uniform approach to TLS configuration (Ciphers and Protocols) and certificate management in a large-scale and heterogeneous client-server system and support our development team in the implementation of TLS for all communication channels. Support and train our development team in applying secure coding principles in software development, conduct workshops and participate in code review. Provide third-level customer support with a focus on troubleshooting security issues. Integrate SAST analysis in our CI/CD pipelines, evaluate, prioritize and fix CWEs in the code base of our components. About us We are anynines. 65 employees from 11 countries. Founded in 2008. Owner managed, not funded. For more than 8 years focused on cloud technologies. We support companies all over the world with customized development of Cloud Platform Solutions as well as the automation of databases and data services. Specialized in the planning, construction and operation of modern cloud platforms as well as the automation of databases and data services, we work with cloud technologies such as Kubernetes and Cloud Foundry. The development of cloud-native web applications with Ruby on Rails & JavaScript as well as the cloud hosting of web applications completes our portfolio, with which we support national and international companies in their digital transformation. Our headquarters in Saarbrücken (Saarland) is situated at the campus of the Saarland University - and is easily reachable by public transportation or by car.