Senior SecOps Engineer (Libra - Legal AI Assistant)

Wolters Kluwer

Alphen aan den R…

2 weeks ago

Alphen aan den R…

2 weeks ago

Apply

Senior SecOps Engineer (Libra - Legal AI Assistant)

Senior SecOps Engineer role at Libra, a legal AI company now part of Wolters Kluwer, focusing on security controls across cloud infrastructure. Responsibilities include network security, IAM, incident response, and compliance in a hybrid work setup. Requires strong cloud security experience and knowledge of European data protection.

Apply

Hybrid

Full-time

Senior

Open Telekom Cloud

Microsoft Azure

Salary

Not specified

Work Location

Alphen aan den Rijn, South Holland, Netherlands, NL

Work Model

Hybrid: twice a week at the office

Employment Type

Full-time

Experience Level

Senior

Core Qualifications

Technical (Must-have)

Open Telekom CloudMicrosoft Azurenetwork segmentationmTLSWAFIDS/IPSIAMRBACSSO/SCIMleast-privilege policies

Soft Skills

communicationentrepreneurial mindsetself-starterteam alignment

Tools (Must-have)

TerraformAnsibleVaultKMS/HSMSIEMEDR

Preferred Qualifications

Technical (Nice-to-have)

German

Key Responsibilities

•Own end-to-end security for internal and external traffic across Open Telekom Cloud (OTC) and Microsoft Azure, including network segmentation, mTLS, WAF, and IDS/IPS.
•Define and operate IAM and RBAC: role design, SSO/SCIM provisioning, least-privilege policies, and periodic access reviews across cloud, SaaS, and internal systems.
•Govern access to sensitive data and operational databases with policy-based controls, approval workflows, data masking, and query auditing.
•Implement and manage secrets and key management (e.g., vaulting, KMS/HSM), including rotation, revocation, and encryption standards.
•Build and operate audit logging and SIEM pipelines: log collection, correlation rules, alert tuning, dashboards, and on-call runbooks.
•Lead incident response readiness and execution: playbooks, tabletop exercises, forensics coordination, post-incident reviews, and continuous improvement.
•Drive vulnerability and patch management: integrate SCA/SAST/DAST into CI/CD, container/OS hardening, and remediation tracking.
•Secure endpoints, containers, and runtime systems using EDR, admission policies, baseline configurations, and sandboxing.
•Conduct security reviews and threat modeling for architecture changes, releases, and third-party integrations; ensure secure-by-default guardrails.
•Partner with DevOps and engineering to embed security controls into Terraform/Ansible, CI/CD pipelines, and the SDLC.
•Champion a security-first culture through clear standards, training, and pragmatic guidance.

SecOpsLegal AICloud SecuritySeniorHybridNetherlandsOpen Telekom CloudMicrosoft AzureIAMCompliance

Key Responsibilities

•Own end-to-end security for internal and external traffic across Open Telekom Cloud (OTC) and Microsoft Azure, including network segmentation, mTLS, WAF, and IDS/IPS.

•Define and operate IAM and RBAC: role design, SSO/SCIM provisioning, least-privilege policies, and periodic access reviews across cloud, SaaS, and internal systems.

•Govern access to sensitive data and operational databases with policy-based controls, approval workflows, data masking, and query auditing.

•Implement and manage secrets and key management (e.g., vaulting, KMS/HSM), including rotation, revocation, and encryption standards.

•Build and operate audit logging and SIEM pipelines: log collection, correlation rules, alert tuning, dashboards, and on-call runbooks.

•Lead incident response readiness and execution: playbooks, tabletop exercises, forensics coordination, post-incident reviews, and continuous improvement.

•Drive vulnerability and patch management: integrate SCA/SAST/DAST into CI/CD, container/OS hardening, and remediation tracking.

•Secure endpoints, containers, and runtime systems using EDR, admission policies, baseline configurations, and sandboxing.

•Conduct security reviews and threat modeling for architecture changes, releases, and third-party integrations; ensure secure-by-default guardrails.

•Partner with DevOps and engineering to embed security controls into Terraform/Ansible, CI/CD pipelines, and the SDLC.

•Champion a security-first culture through clear standards, training, and pragmatic guidance.