
Senior Security and Compliance Engineer (m/f/d)
Job Description
About Codesphere
Codesphere is a Virtual Cloud Provider from Germany building the future of sovereign cloud infrastructure. Our platform gives enterprises and governments full sovereignty without giving up modern cloud capability – a vision recently validated by a series of multi-million European government tenders.
Since our founding in Karlsruhe in 2020, we’ve expanded into an international team of 60+ experts. Based in Karlsruhe and Munich and backed by top-tier investors, we are chasing a bold vision.
We’re scaling fast and would love for you to join us and grow alongside us 🚀
About the role
Codesphere runs cloud infrastructure that enterprises and governments depend on – security is not an afterthought, it's a foundation. As a Senior Security & Compliance Engineer (m/f/d), you own the security posture of our platform: from vulnerability management and incident response to compliance frameworks and developer enablement.
What you'll drive
You conduct security assessments, penetration testing, and vulnerability scanning – and drive remediation with development teams
You manage security scanning tooling (DAST/SAST) and perform security code reviews
You design and implement security controls across our full technology stack, defining and enforcing standards for development, infrastructure, and data
You integrate security into our CI/CD pipelines and development processes – Shift Left and DevSecOps in practice, not just on paper
You develop and maintain our Security Incident Response Plan, monitor security logs via SIEM, and lead forensic analysis when needed
You ensure compliance with relevant standards and regulations – including GDPR and ISO 27001
You manage IAM systems with a least privilege approach
You develop and deliver security awareness training for the whole company – and specialised secure coding training for engineering teams
What makes you a great fit
5+ years in a security engineering or similar role, ideally in a cloud or SaaS environment
Hands-on experience with penetration testing, vulnerability management, and DAST/SAST tooling
Solid understanding of DevSecOps principles and CI/CD security integration
Familiarity with SIEM tools, incident response, and forensic analysis
Knowledge of relevant compliance frameworks – GDPR, ISO 27001, and ideally BSI IT-Grundschutz
Strong communicator – able to translate security risks into clear guidance for both technical and non-technical audiences
Fluent in English; German is a strong plus given the nature of our compliance landscape
What's in it for you
30+ vacation days – including Christmas Eve and New Year's Eve, adding up to 32 days per year
Meal allowance – up to 15 digital meal vouchers per month, worth up to €7.67 each
Flexibility – hybrid work setup with mobile work options and flexibility around core hours
Steep learning curve – fast-moving environment, real ownership, and a front-row seat to scaling a company
Job-Rad – lease a bike through us, tax-free
Gym access – stay active on site (Karlsruhe office only)
Employee events – from team offsites to regular get-togethers
Company pension scheme – company-supported pension to set you up for later
Great public transport links – both offices are within walking distance of tram and metro stops
Optimize Your Resume for This Job
Get a match score and see exactly which keywords you're missing
Job Details
- Department
- Security
- Category
- Security
- Employment Type
- Full Time
- Location
- Munich, Germany (Hybrid)
- Posted
About Codesphere
Codesphere transforms deployment into a developer-centric self-service experience, reducing time-to-market and costs. It eliminates the wall by enabling developers to manage their own infrastructure needs end2end. On Codesphere you can deploy anything from simple frontends to multi service production landscapes and LLMs. Includes zero config autoscaling, replicas and managed services.
More Roles at Codesphere





Similar Security Roles



Found this role interesting?