Senior IT Security Engineer | f/m/d

About Us

ERGO Technology & Services S.A. (ET&S S.A.) was established in January 2021 following the integration of ERGO Digital IT and Atena into one entity, leveraging both companies’ strengths and best practices. As a part of ERGO Technology & Services Management AG, the technology holding of ERGO Group AG, we support millions of internal and external customers with state-of-the-art IT solutions to everyday problems.

In October 2022, ET&S S.A. expanded its scope of operations by creating a Business Services unit to contribute in a new way to the growth of ERGO’s business. Acting as a co-partner and internal consultant, it adds non-IT value and supports the development of the entire ERGO Group, currently offering skills in reporting, analysis, actuarial, and input management. We are committed to fostering innovation and meeting the evolving needs of our clients worldwide.

Discover how we implement AI, IoT, Voice Recognition, Big Data science, advanced mobile solutions, and business-related services to anticipate and address our customers’ future needs.

About the role

How you will get the job done

• implementing, enhancing, and maintaining Azure security controls across IaaS, PaaS, and cloud-native services
• supporting AWS security control implementation as a secondary platform
• developing security configurations, baselines, and patterns aligned with CIS Benchmarks, vendor best practices and Group Controls
• collaborating with the Security Architecture, and Engineering teams to align and implement security controls that maintain a consistent and compliant cloud security posture
• creating, maintaining, and enhancing Policy-as-Code solutions (including KQL Recommendations / Standards, Azure Policy / Azure Policy Initiative, Terraform policy sets, ARM templates, Bicep modules)
• developing and maintaining Infrastructure-as-Code (IaC) templates using ARM, Bicep, Terraform, or equivalent languages
• embedding security guardrails, governance policies, and preventive controls into IaC modules throughout CI/CD pipelines
• ensuring alignment with internal principles, policies, standards, and controls
• supporting automated compliance monitoring for Azure and AWS
• reviewing cloud security configurations and hardening standards as part of assurance activities
• partnering with Cyber Security Operations, Incident Response, and SOC analysts to strengthen detection, response, and logging configurations
• supporting reviews of cloud alerts, identity configurations (e.g., PIM, RBAC), and network security
• working with application teams to ensure secure deployment practices
• delivering IaC modules and security control implementations with minimal supervision
• mentoring staff and support architecture discussions

Skills and experience you will need

• fluency in English is a must
• strong communication and interpersonal skills
• deep hands-on expertise in Microsoft Azure security capabilities
• working knowledge of AWS cloud security
• hands-on IaC experience using Bicep, ARM, terraform
• experience implementing Policy-as-Code at scale
• solid understanding of cloud identity and access management
• familiarity with cloud-native security tooling (e.g., Defender for Cloud)
• knowledge of secure cloud networking, encryption, logging, monitoring, and key management
• strong problem-solving capability; able to independently engineer complex security solutions
• effective communication with engineering, architecture, and application teams.
• ability to manage competing priorities and work within a global, distributed environment
• demonstrable experience implementing: Azure governance controls, Azure Policy and role-based access governance, IaC-based deployment pipelines
• experience working with multi-disciplinary cloud teams (Architecture, Ops, Developers)
• strong scripting skills e.g., PowerShell, Python, or similar
• understanding of cloud security best practices, CIS Benchmarks, MITRE, and zero-trust patterns
• knowledge of Azure landing zone architectures, management groups, and governance frameworks
• certifications (AZ-900: Microsoft Azure Fundamentals, AZ-500: Microsoft Azure Security Engineer Associate)

Nice to have

• Terraform Associate
• additional Microsoft security or cloud specialisms considered beneficial
• CCSP – Certified Cloud Security Professional
• AWS security-related certifications