Platform & Security Engineer

Platform & Security Engineer

Your Mission

You'll take over full ownership of infrastructure, security, compliance, and internal IT — domains currently handled directly by our CTO. You'll have complete autonomy and the trust to run these areas as you see fit. This is a hands-on individual contributor role. There is no team to manage — you'll be the person doing the work, not delegating it. We're looking for someone who is sharp, self-directed, and comfortable owning broad responsibility across multiple domains. In your first few months, you might:

• Lead our ISO 27001 certification and establish the processes to maintain it going forward
• Take ownership of our Terraform configurations across AWS and GCP, improving structure and reliability
• Respond to security questionnaires from enterprise customers, helping us close deals faster
• Streamline employee IT onboarding and access management across our SaaS tooling stack
• Set up and manage MDM, tooling, and IT support for the team

How we work

At Cosuno, we believe in giving people real ownership and trusting them to do their best work. For this role, that means:

• High autonomy, high impact: You'll own your domains end to end. You'll be writing Terraform, responding to audits, configuring tooling, and solving problems yourself — with the full support of the CTO and Engineering team when you need it.
• DevOps mindset: Our infrastructure is managed as code with Terraform, deployed to AWS and GCP via Kubernetes, with self-hosted CI/CD runners. You'll be working with a modern, well-structured stack.
• Compliance as a product: We treat security and compliance seriously — not as a checkbox, but as a genuine part of how we build trust with enterprise customers.
• Collaborative by default: You'll work closely with our Full Stack Engineering team, who can support on infrastructure when capacity allows.

Your Profile

You'll be a great fit if you have:

• Full professional fluency in German and English — a significant part of our compliance and customer-facing security work is conducted in German, and this is a firm requirement
• Solid experience with cloud infrastructure (AWS and/or GCP) and infrastructure-as-code (Terraform)
• Comfort operating Kubernetes in a production environment
• The ability to pick up new domains quickly — whether that's navigating an ISO 27001 audit or setting up an MDM solution, you figure things out by thinking clearly, not by having done it ten times before
• A pragmatic, ownership-driven mindset: you're equally comfortable debugging a Kubernetes issue