Senior Security Architect (m/f/d)

Job description

About the Job

We are looking for a hands-on Senior Security Architect / Lead Engineer to own security and compliance across our cloud database platform services. You will drive the security strategy for Oracle Databases, Oracle Cloud Infrastructure (OCI), and PostgreSQL environments, ensuring they meet regulatory and internal standards.

As the technical lead of a dedicated security squad, you will balance deep engineering work with people leadership, mentoring engineers and collaborating with architects, operations, and governance stakeholders across the organization.

You will design controls, respond to audit findings and continuously raise the security posture of our data infrastructure, all while helping the team grow and operate with autonomy.

What you do

• Security Architecture Design: Design and implement end-to-end security architectures for Oracle Databases (in OCI) and PostgreSQL deployments, addressing encryption (data-at-rest and data-in-transit), key management, privilege separation, and OS/DB hardening.
• Network Security Controls: Define and maintain network security controls aligned with Zero Trust Architecture (ZTA) principles, including firewall rule sets, private endpoint configurations, VCN/subnet segmentation in OCI and certificate lifecycle management (PKI, certificate authorities, rotation automation).
• Threat Modeling and Vulnerability Management: Lead threat-modelling sessions for new platform capabilities, translate findings into actionable engineering controls, and establish vulnerability management for the entire database stack.
• Integration with Microsoft Entra ID: Own the technical integration of Microsoft Entra ID with database access patterns, including OAuth 2.0/OIDC flows, managed identities, Conditional Access, and Privileged Identity Management (PIM) for database roles.
• Compliance and Framework Alignment: Maintain and improve alignment with security and compliance frameworks such as CIS Benchmarks, ISO 27001/27017/27018, SOC 2 Type II, GDPR/DSGVO, and DORA, while acting as the primary contact for database-security-related audit requests and remediation plans.
• Documentation and Leadership: Develop and maintain security control documentation, runbooks, and policy artifacts for the database platform, while leading a cross-functional squad responsible for database security and compliance, fostering a culture of ownership and continuous learning.
• Incident Management and Reporting: Serve as an escalation point and technical decision-maker for database security incidents, manage squad capacity and sprint objectives and report regularly on risk postures and compliance status.

What you bring

• Oracle Database Security Expertise: In-depth, hands-on experience securing Oracle Database (19c/26ai), including Oracle Advanced Security (TDE, Oracle Label Security, Database Vault), Oracle Audit Vault, and fine-grained access controls.
• PostgreSQL and OCI Security: Strong PostgreSQL expertise (row-level security, pg_hba.conf hardening, pgaudit, SSL/TLS configuration, and external authentication integration) and solid understanding of OCI control-plane security (IAM policies, compartments, OCI Vault, DB System security settings, and Security Zones).
• Network and Certificate Management: Proven experience designing network security for cloud database environments (private endpoints, VPN/FastConnect/ExpressRoute, NSG policies) and hands-on certificate lifecycle management, including PKI design, CA hierarchies, and mTLS configuration.
• Secrets and Identity Management: Familiarity with secrets management tools (HashiCorp Vault, OCI Vault, Azure Key Vault) and deep practical knowledge of Microsoft Entra ID (application registrations, managed identities, RBAC, Conditional Access, PIM, and audit logs), including wiring Entra ID as an identity provider for Oracle and PostgreSQL authentication.
• Compliance and Regulatory Alignment: Demonstrated track record of designing or operating controls aligned to frameworks such as ISO 27001, SOC 2, GDPR, CIS Benchmarks, or DORA, with the ability to translate regulatory requirements into actionable engineering controls.
• Leadership and Collaboration: Experience leading or tech-leading a team/squad in an agile or DevOps environment, with strong communication skills to write precise technical specifications, present security concepts to executives and negotiate constructively with engineering peers.
• Risk Communication: Ability to clearly communicate risk trade-offs and technical complexities to non-technical stakeholders, ensuring alignment and understanding across diverse audiences.
• Basic knowledge in AI technologies, principles and their practical use.

What we offer

• We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad.
• We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location).
• From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered.
• Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach.

About Allianz Technology

With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in over 20 countries around the world, Allianz Technology is tasked to run, optimize, transform and innovate the infrastructure, applications and services together with Allianz companies to co-create the best customer experience.

We service the entire spectrum of digitalization – from one of the industry's largest IT infrastructure projects that spans data centres, networks and security, to application platforms ranging from workplace services to digital interaction.

In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.

Find us at: www.linkedin.com/company/allianz-technology.

Commitment to Integrity, Fairness & Inclusion

Allianz Group is one of the most trusted insurance and asset management companies in the world. Caring for our employees, their ambitions, dreams and challenges, is what makes us a unique employer. Together we can build an environment where everyone feels empowered and has the confidence to explore, to grow and to shape a better future for our customers and the world around us.

We at Allianz believe in a strong inclusive culture that encourages people to speak their minds, get involved and question the status quo. We are proud to be an equal opportunity employer and encourage you to bring your whole self to work, no matter where you are from, what you look like, who you love, or what you believe in. We therefore welcome applications regardless of race, ethnicity or cultural background, age, gender, nationality, religion, social class, disability, sexual orientation, or any other characteristics protected under applicable local laws and regulations.

To Recruitment Agencies

Allianz Technology has an in-house recruitment team that sources great candidates directly. Therefore, Allianz Technology does not accept unsolicited resumes from agencies or search firm recruiters.

When we do work with recruitment agencies, that engagement is formalized by a contract. Fees will only be paid when there is a contract in place. Without a contract in place, we will not accept invoices on unsolicited resumes, even if the candidate was ultimately employed by Allianz.

 99409 | IT & Tech Engineering | Professional | Non-Executive | Allianz Technology | Full-Time | Permanent