Infrastructure Security – Tech Lead

Overview:

SOFTSWISS is looking for an Infrastructure Security Tech Lead to take ownership of the technical direction and architecture of our security infrastructure.

Purpose of the role:

You will define and lead the Infrastructure Security strategy and architecture, ensuring that all systems are secure, scalable, and aligned with modern security standards and best practices.

Key responsibilities:

• Define technical direction and architectural decisions across all Infrastructure Security domains

• Lead security infrastructure reviews for new and existing systems

• Develop and maintain technical standards, security policies, and security baselines across domains

• Own the Vulnerability Management process across infrastructure domains

• Technical growth and mentorship of team members

• Act as Tier 3 technical escalation point during Incident Response

Required Experience:

• 7+ years in infrastructure security, including 3+ years in a Architector or Lead role

• Strong investigative and analytical problem-solving skills.

• Practice in building security processes in the corporate environment

• Deep hands-on experience with at least one major cloud provider (AWS, GCP, or OCI) focused on security services

• Hands-on Linux system administration expertise

• Server hardening expertise: CIS Benchmarks, DISA STIG, immutable OS concepts (e.g., Talos Linux)

• Proficiency in IaC tooling: SaltStack and Terraform

• Deep expertise in Kubernetes security: RBAC, Pod Security Standards, Admission Controllers, NetworkPolicy

• Experience in development and automation (Python/Go)

• Experience in SQL, ESQL/DSL (ElasticSearch)

• Experienced in technical mentorship and task decomposition for teammates

• Strong knowledge of Common Secure Network Architectures, Firewalls, IDP/IPS environments

• Hands-on experience designing and implementing Zero Trust Architecture (ZTA)

• Structured written and oral communication to ensure clarity

• Ability to formalise security requirements into policies, standards, and control frameworks

• Familiarity with enterprise security architecture frameworks (TOGAF/SABSA)

• Upper Intermediate or higher English level

Nice to have:

• Practice with Splunk, Clickhouse.

• Experience creating network segmentation through various technologies such as routing, virtual networking, and SDN.

• Public contributions: open-source projects, conference talks (DEF CON, Black Hat, OWASP AppSec)

• Experience with Docker, Kubernetes, Istio and similar technologies

• Knowledge of IAM, SSO, VPN, OpenID, SAML

• Strong knowledge of endpoint & infrastructure security such as Audit.d, sysmon, apparmor, tetragon, selinux, etc

Our Benefits:

• Full-time remote work opportunities and flexible working hours

• Private insurance

• Additional 1 Day Off per calendar year

• Sports program compensation

• Comprehensive Mental Health Program

• Free online English lessons with a native speaker

• Generous referral program

• Training, internal workshops, and participation in international professional conferences and corporate events.