Infrastructure Security – Tech Lead
Auto ImportShare
<h2>Overview:</h2><p>SOFTSWISS is<strong> </strong>looking for an Infrastructure Security Tech Lead to take ownership of the technical direction and architecture of our security infrastructure.<br></p><h2>Purpose of the role:</h2><p>You will define and lead the Infrastructure Security strategy and architecture, ensuring that all systems are secure, scalable, and aligned with modern security standards and best practices.<br></p><h2>Key responsibilities:</h2><ul><li><p><span>Define technical direction and architectural decisions across all Infrastructure Security domains</span></p></li><li><p><span>Lead security infrastructure reviews for new and existing systems</span></p></li><li><p><span>Develop and maintain technical standards, security policies, and security baselines across domains</span></p></li><li><p><span>Own the Vulnerability Management process across infrastructure domains</span></p></li><li><p><span>Technical growth and mentorship of team members</span></p></li><li><p><span>Act as Tier 3 technical escalation point during Incident Response</span></p></li></ul><h2>Required Experience:</h2><ul><li><p><span>7+ years in infrastructure security, including 3+ years in a Architector or Lead role</span></p></li><li><p><span>Strong investigative and analytical problem-solving skills.</span></p></li><li><p><span>Practice in building security processes in the corporate environment</span></p></li><li><p><span>Deep hands-on experience with at least one major cloud provider (AWS, GCP, or OCI) focused on security services</span></p></li><li><p><span>Hands-on Linux system administration expertise</span></p></li><li><p><span>Server hardening expertise: CIS Benchmarks, DISA STIG, immutable OS concepts (e.g., Talos Linux)</span></p></li><li><p><span>Proficiency in IaC tooling: SaltStack and Terraform</span></p></li><li><p><span>Deep expertise in Kubernetes security: RBAC, Pod Security Standards, Admission Controllers, NetworkPolicy</span></p></li><li><p><span>Experience in development and automation (Python/Go)</span></p></li><li><p><span>Experience in SQL, ESQL/DSL (ElasticSearch)</span></p></li><li><p><span>Experienced in technical mentorship and task decomposition for teammates</span></p></li><li><p><span>Strong knowledge of Common Secure Network Architectures, Firewalls, IDP/IPS environments</span></p></li><li><p><span>Hands-on experience designing and implementing Zero Trust Architecture (ZTA)</span></p></li><li><p><span>Structured written and oral communication to ensure clarity</span></p></li><li><p><span>Ability to formalise security requirements into policies, standards, and control frameworks</span></p></li><li><p><span>Familiarity with enterprise security architecture frameworks (TOGAF/SABSA)</span></p></li><li><p><span>Upper Intermediate or higher English level</span><br></p></li></ul><h2>Nice to have:</h2><ul><li><p><span>Practice with Splunk, Clickhouse.</span></p></li><li><p><span>Experience creating network segmentation through various technologies such as routing, virtual networking, and SDN.</span></p></li><li><p><span>Public contributions: open-source projects, conference talks (DEF CON, Black Hat, OWASP AppSec)</span></p></li><li><p><span>Experience with VMware NSX, Neutron, Docker, Kubernetes, Istio and similar technologies</span></p></li><li><p><span>Knowledge of IAM, SSO, VPN, OpenID, SAML</span></p></li><li><p><span>Strong knowledge of endpoint & infrastructure security such as Audit.d, sysmon, apparmor, selinux, etc</span></p></li></ul><h2>Our Benefits:</h2><ul><li><p>Full-time remote work opportunities and flexible working hours</p></li><li><p>Private insurance</p></li><li><p>Additional 1 Day Off per calendar year</p></li><li><p>Sports program compensation</p></li><li><p>Comprehensive Mental Health Programme</p></li><li><p>Free online English lessons with a native speaker</p></li><li><p>Generous referral program</p></li><li><p>Training, internal workshops, and participation in international professional conferences and corporate events.</p></li></ul>