DevSecOps Engineer (m/f/x) (Remote or Munich) - full-time

Munich (Germany)

About us

Do you love stories? If so, please keep reading, because we certainly do. We believe the ability to tell stories is what makes us human. Joyn is your streaming app with over 65 live TV channels, exclusive previews, originals and collections. We understand Joyn as a partnership – an invitation to content-providers and users alike to make entertainment more meaningful and fun. Our app aggregates global and especially local content in a relevant way for Germany, both live TV and on-demand content. All kinds of stories and more to come, everyday. 

We hire the best, because we need people that are as customer-focused as we are. We are looking for champions to help us further connect with our audience. It’s not a small or easy task, but it’s a fun and rewarding one. Do you think you’re up for it? Great. Then send us your application!

About the Job

We are looking for a DevSecOps Engineer to help build and operate the next generation streaming platform for the German market. Together with the Site Reliability Engineering team, you will design, implement and verify the security and compliance standards for our product and platform thus maintaining and  enhancing our customers' trust. You will work closely with the engineering teams to identify and address possible vulnerabilities and make our product more secure and reliable.

What do you tell your friends 

"My services run in a large-scale cloud environment, making sure the audience can enjoy live streaming and video on demand in the Joyn app on any device, anywhere."

What you will do

  • Build, maintain and improve security and compliance solutions to provide visibility and remediation tools for our product and our cloud infrastructure.
  • Setup and develop good engineering practices by implementing processes, systems and tools to help you and your teams in the day-to-day work.
  • Build Proof-of-concepts of security technologies to detect complex risks and configuration errors.
  • Work and assess on the pen-test and on the security programs that we are directly involved in.
  • Actively participate in architecture discussions and propose solutions to system and product changes across teams.
  • Foster excellence in development teams in points of security, scalability and reliability.
  • Write documentation and training to onboard and level up the security knowledge within the organisation.
  • Follow trends in software and streaming tech and turn your learnings into features and improvements that improve our product.
  • How you will do it

  • You enjoy solving difficult technical problems in the team.
  • We like you to take ownership of the tools that you are building and work with your colleagues to deliver a reliable, monitored, and highly available solution.
  • You develop code for solving complex infrastructure problems, and you find solutions that are configurable, easy-to-maintain, and sustainable.
  • We care about our consumers, engineering teams and end-users, and we are listening and reflecting on their needs when we are designing a solution.
  • You learn from both success and failure, actively coach and get coached by the team.
  • What we are looking for

  • 3+ years of professional experience in security operations and engineering.
  • 1+ years of experience with one of the major cloud providers, AWS and/or GCP preferred.
  • Experience with Microservices, APIs and Web App pen-testing.
  • Knowledge in common pen-test tools like Burp Suite, OWASP ZAP etc.
  • Broad knowledge of microservice technologies.
  • Experience with AWS and GCP services, especially security and compliance measures (config, KMS, IAM, ...)
  • Working experience with CI/CD, test- and deployment automation, and containers.
  • Good understanding of security programs to address risks including patching, secure build, vulnerability scanning and remediation, logging and monitoring, threat management and user awareness.
  • Experience in security tooling & technologies (e.g. IDS, AWS or GCP security configurations/setup, Linux security configurations/setups, etc.).
  • Nice to have: Knowledge of security standards and frameworks; ISO 27001/2, NIST, PCI DSS, SOC 2.0, etc.
  • Solid analytical and problem-solving skills with an appreciation of technical risks.
  • University degree in computer science, information technology, media engineering, or equivalent.
  • Good written and verbal communication skills - English is our team language.