Infrastructure Security – Tech Lead

SOFTSWISS is looking for an Infrastructure Security Tech Lead to take ownership of the technical direction and architecture of our security infrastructure.

You will define and lead the Infrastructure Security strategy and architecture, ensuring that all systems are secure, scalable, and aligned with modern security standards and best practices.

• Define technical direction and architectural decisions across all Infrastructure Security domains
• Lead security infrastructure reviews for new and existing systems
• Develop and maintain technical standards, security policies, and security baselines across domains
• Own the Vulnerability Management process across infrastructure domains
• Technical growth and mentorship of team members
• Act as Tier 3 technical escalation point during Incident Response

• 7+ years in infrastructure security, including 3+ years in a Architector or Lead role
• Strong investigative and analytical problem-solving skills.
• Practice in building security processes in the corporate environment
• Deep hands-on experience with at least one major cloud provider (AWS, GCP, or OCI) focused on security services
• Hands-on Linux system administration expertise
• Server hardening expertise: CIS Benchmarks, DISA STIG, immutable OS concepts (e.g., Talos Linux)
• Proficiency in IaC tooling: SaltStack and Terraform
• Deep expertise in Kubernetes security: RBAC, Pod Security Standards, Admission Controllers, NetworkPolicy
• Experience in development and automation (Python/Go)
• Experience in SQL, ESQL/DSL (ElasticSearch)
• Experienced in technical mentorship and task decomposition for teammates
• Strong knowledge of Common Secure Network Architectures, Firewalls, IDP/IPS environments
• Hands-on experience designing and implementing Zero Trust Architecture (ZTA)
• Structured written and oral communication to ensure clarity
• Ability to formalise security requirements into policies, standards, and control frameworks
• Familiarity with enterprise security architecture frameworks (TOGAF/SABSA)
• Upper Intermediate or higher English level

• Practice with Splunk, Clickhouse.
• Experience creating network segmentation through various technologies such as routing, virtual networking, and SDN.
• Public contributions: open-source projects, conference talks (DEF CON, Black Hat, OWASP AppSec)
• Experience with Docker, Kubernetes, Istio and similar technologies
• Knowledge of IAM, SSO, VPN, OpenID, SAML
• Strong knowledge of endpoint & infrastructure security such as Audit.d, sysmon, apparmor, tetragon, selinux, etc