As "Senior Engineer Audit and Compliance Public Cloud" you understand the latest developments in the field of Security & Cloud. You will be responsible for the technical project management for the implementation of secure IT solutions and the maintenance of compliance requirements such as ISO 27001, BSI C5, PCI DSS, SOC 2 or the IT Security Act.
The following tasks belong to this:
- You will work together with specialists from our team and other Deutsche Telekom teams on the technology topics of public cloud, open source and security.
- You will ensure the efficient and successful execution of external audits (e.g. ISO 27001, BSI C5, PCI-DSS, SOC2, IT security law), especially because you already have experience in mapping the controls of different audit catalogues.
- You advise and support projects of internal departments and internal IT in all aspects of information and IT security.
- You actively participate in the implementation of an information security management system.
- You will initiate information and IT security measures and monitor their effectiveness.
- As a competent contact person, you will support the identification and assessment of security risks.
- In case of information security incidents, you will analyze them and derive recommendations for action.
- Degree in business informatics, computer science, mathematics, a technical, engineering or natural science subject or a comparable vocational training with many years of professional experience
- In-depth knowledge and experience in responsible implementation of successful certifications of SOC2 and PCI-DSS.
- Many years of experience in mapping and implementation of requirements catalogs for ISO 27001, BSI C5, PCI-DSS and SOC2 or comparable.
- Experience in the development of solutions for fulfilling requirement catalogues.
- Detailed knowledge of software security concepts.
- Good knowledge of secure scale-out cloud applications and the necessary technological building blocks and tools (e.g. PaaS frameworks with CloudFoundry/OpenShift/Docker).
- Knowledge of automation, e.g. Ansible.
- Good knowledge of system technologies (Linux, Xen/KVM, Linux network and storage, system tools) as well as OpenStack and Docker/LXC/LXD container technologies.
- Fluent English, both written and spoken