Overview:
SOFTSWISS is looking for an Infrastructure Security Tech Lead to take ownership of the technical direction and architecture of our security infrastructure.
Purpose of the role:
You will define and lead the Infrastructure Security strategy and architecture, ensuring that all systems are secure, scalable, and aligned with modern security standards and best practices.
Key responsibilities:
- Define technical direction and architectural decisions across all Infrastructure Security domains
- Lead security infrastructure reviews for new and existing systems
- Develop and maintain technical standards, security policies, and security baselines across domains
- Own the Vulnerability Management process across infrastructure domains
- Technical growth and mentorship of team members
- Act as Tier 3 technical escalation point during Incident Response
Required Experience:
- 7+ years in infrastructure security, including 3+ years in a Architector or Lead role
- Strong investigative and analytical problem-solving skills.
- Practice in building security processes in the corporate environment
- Deep hands-on experience with at least one major cloud provider (AWS, GCP, or OCI) focused on security services
- Hands-on Linux system administration expertise
- Server hardening expertise: CIS Benchmarks, DISA STIG, immutable OS concepts (e.g., Talos Linux)
- Proficiency in IaC tooling: SaltStack and Terraform
- Deep expertise in Kubernetes security: RBAC, Pod Security Standards, Admission Controllers, NetworkPolicy
- Experience in development and automation (Python/Go)
- Experience in SQL, ESQL/DSL (ElasticSearch)
- Experienced in technical mentorship and task decomposition for teammates
- Strong knowledge of Common Secure Network Architectures, Firewalls, IDP/IPS environments
- Hands-on experience designing and implementing Zero Trust Architecture (ZTA)
- Structured written and oral communication to ensure clarity
- Ability to formalise security requirements into policies, standards, and control frameworks
- Familiarity with enterprise security architecture frameworks (TOGAF/SABSA)
- Upper Intermediate or higher English level
Nice to have:
- Practice with Splunk, Clickhouse.
- Experience creating network segmentation through various technologies such as routing, virtual networking, and SDN.
- Public contributions: open-source projects, conference talks (DEF CON, Black Hat, OWASP AppSec)
- Experience with VMware NSX, Neutron, Docker, Kubernetes, Istio and similar technologies
- Knowledge of IAM, SSO, VPN, OpenID, SAML
- Strong knowledge of endpoint & infrastructure security such as Audit.d, sysmon, apparmor, selinux, etc
Main Advantages
- Private insurance (depending on contract type)
- Paid gym membership
- Comprehensive Mental Health Program
- Free English lessons (online)
- Local language courses
- +1 day off per calendar year
- Referral program rewards
- Upskilling, internal workshops, and participation in professional conferences and corporate events
