Senior SecOps Engineer (Libra - Legal AI Assistant)

At Libra, we're transforming how legal professionals work. Our AI platform combines deep legal reasoning with cutting-edge generative technology to help lawyers research, draft, and deliver legal work faster and smarter. We've already launched in the Netherlands and are expanding across new markets with full localization and deep local content integrations.

This is a unique opportunity to shape the next generation of legal AI products—now at true European scale.

Senior SecOps Engineer

Role Overview

As a Senior SecOps Engineer at Libra, you’ll lead the design, automation, and operation of security controls across our products and infrastructure trusted by top law firms and legal teams across Europe. You’ll secure internal and external traffic, identities, and data end‑to‑end, building robust, observable, and compliant systems that enable fast, safe delivery through least‑privilege access, strong encryption, and continuous monitoring.

This is a high‑impact role for engineers who thrive at the intersection of detection, response, and platform engineering.

What You Will Do:

• Own end-to-end security for internal and external traffic across Open Telekom Cloud (OTC) and Microsoft Azure, including network segmentation, mTLS, WAF, and IDS/IPS.

• Define and operate IAM and RBAC: role design, SSO/SCIM provisioning, least-privilege policies, and periodic access reviews across cloud, SaaS, and internal systems.

• Govern access to sensitive data and operational databases with policy-based controls, approval workflows, data masking, and query auditing.

• Implement and manage secrets and key management (e.g., vaulting, KMS/HSM), including rotation, revocation, and encryption standards.

• Build and operate audit logging and SIEM pipelines: log collection, correlation rules, alert tuning, dashboards, and on-call runbooks.

• Lead incident response readiness and execution: playbooks, tabletop exercises, forensics coordination, post-incident reviews, and continuous improvement.

• Drive vulnerability and patch management: integrate SCA/SAST/DAST into CI/CD, container/OS hardening, and remediation tracking.

• Secure endpoints, containers, and runtime systems using EDR, admission policies, baseline configurations, and sandboxing.

• Conduct security reviews and threat modeling for architecture changes, releases, and third-party integrations; ensure secure-by-default guardrails.

• Partner with DevOps and engineering to embed security controls into Terraform/Ansible, CI/CD pipelines, and the SDLC.

• Champion a security-first culture through clear standards, training, and pragmatic guidance.

What You Bring:

• Strong experience operating security controls in cloud environments, ideally Open Telekom Cloud (OTC) or OpenStack.

• Deep knowledge of IAM/RBAC, SSO/SCIM, and least-privilege access design.

• Proficiency in network and perimeter security (TLS/mTLS, WAF, IDS/IPS, VPN/Zero Trust).

• Hands-on experience with secrets and key management (Vault, KMS/HSM) and encryption best practices.

• Experience building and tuning SIEM, EDR, and log pipelines; strong detection engineering and incident response skills.

• Familiarity with vulnerability management and CI/CD security (SCA/SAST/DAST, container scanning) and system hardening (e.g., CIS benchmarks).

• Solid understanding of European data protection and security compliance (e.g., GDPR, ISO 27001/SOC 2) and how to operationalize controls.

• Excellent communication skills in English; German is a plus.

• Entrepreneurial mindset with a strong sense of urgency; self-starter who works independently while aligning to team goals.

What We Offer:

In addition to a compensation and benefits package in line with the market, we also offer the following:

• Personal choice budget for additional salary or additional vacation hours.

• Holiday allowance.

• Home office allowance.

• Commuting allowance.

• Pension scheme.

• Collective Health care agreement (optional).

• Company bicycle plan (reductions when buying a new bike).

• Device plan (you can buy a technical device every 3 years with reduction).

• Possibility to order a (standing) desk, additional monitor, chair etc for your home office setup.

• LinkedIn Learning license.

• Free GoFluent license: foreign language learning platform for multiple languages and multiple levels.

• A flexible, hybrid work setup in which we work twice a week at the office.

• An engaged, diverse, and quality-driven team.