Job
- Level
- Senior
- Job Field
- IT, DevOps, Security
- Employment Type
- Full Time
- Contract Type
- Permanent employment
- Salary
- 60.000 to 85.000€ Gross/Year
- Location
- Berlin
- Working Model
- Hybrid, Onsite
Job Summary
In this role, you will own the global IT infrastructure and security posture, lead migrations to Kubernetes, optimize system performance, and ensure compliance with GDPR and ISO 27001 standards.
Job Technologies
Your role in the team
- Zentso builds and operates CloudToolz, a revenue-critical SaaS platform layered on top of iMIS RiSE association management software, serving clients across the UK, Europe, United States, and Asia Pacific. The platform encompasses workflow automation, form building, CRM, CMS, and payment processing capabilities delivered to organisations in multiple sectors.
- We are seeking an experienced IT Infrastructure and Security Lead to own the global infrastructure and security posture underpinning CloudToolz and Zentso's internal systems. This is a senior individual-contributor role with direct access to and collaboration with the CTO on architecture, security strategy, and capacity planning.
- The successful candidate will be comfortable operating independently across a distributed, multi-region environment and taking ownership of uptime, security, and compliance outcomes for a production platform.
- A key part of this role is leading Zentso's transition toward a containerised, Kubernetes-based deployment model and establishing an observability practice built around Grafana OSS.
- The right candidate will be capable of bridging the current Windows Server and IIS-based estate with the target state architecture, and driving that migration in a controlled and pragmatic way.
- Manage and maintain global infrastructure spanning Windows Server 2022, SQL Server, MongoDB, Redis, and Cloudflare across four regions.
- Ensure availability, performance, and scalability of the CloudToolz platform, which is revenue-critical and must meet defined SLAs.
- Support the CTO in planning and executing deployments of new CloudToolz releases, an ASP.NET Core-based platform integrating with Dynamics, iMIS, Salesforce, and native CRM and CMS capabilities.
- Leiten Sie die Migration der CloudToolz-Workloads zu einem Kubernetes-basierten Container-Orchestrierungsmodell, indem Sie die Zielarchitektur, die Migrationsreihenfolge und den Rollout-Ansatz in Zusammenarbeit mit dem CTO definieren.
- Manage and evolve Kubernetes cluster operations including deployments, scaling, resource management, network policies, and RBAC.
- Build and maintain an observability stack using Grafana OSS, including dashboards, alerting, and integration with metrics, logs, and traces from application and infrastructure layers.
- Manage DNS, CDN, WAF, and DDoS protection through Cloudflare.
- Monitor system performance, identify and resolve bottlenecks, and lead incident response and recovery.
- Maintain up-to-date documentation, runbooks, configuration standards, and disaster recovery procedures.
- Leitung der IT-Sicherheitsoperationen, einschließlich Identity and Access Management, Endpoint Protection und Vulnerability Management.
- Administer and enforce policies across Microsoft 365, Bitwarden, Bitdefender GravityZone, and KnowBe4.
- Develop and enforce data protection and compliance policies aligned to GDPR and ISO 27001 frameworks.
- Conduct and coordinate security awareness training, phishing simulations, and incident response exercises.
- Monitor for threats and manage response, escalation, and remediation processes.
- Administer and optimise Microsoft 365 across the organisation, including Exchange Online, SharePoint, Teams, and Entra ID.
- Manage Salesforce administration within scope, in coordination with the product team.
- Own configuration and policy management for endpoint security tools and password management.
- Collaborate with the CTO on infrastructure scaling strategy, architecture decisions, and technology selection, with a particular focus on the containerisation roadmap.
- Drive adoption of infrastructure-as-code practices to support repeatable, auditable deployments across environments.
- Drive automation of routine operations using PowerShell, scripting, and monitoring tooling.
- Provide input into sprint planning and release coordination with the Product Owner for environment-level requirements.
- Participate in on-call rotation to ensure platform availability across time zones.
This text has been machine translated. Show original
Our expectations of you
Qualifications
- Solid proficiency in Microsoft 365 administration, including Entra ID (Azure AD), Exchange Online, and SharePoint.
- Strong understanding of networking fundamentals including firewalls, VPNs, DNS, and access control architecture.
- Ability to work independently, manage competing priorities, and communicate clearly with both technical and non-technical stakeholders.
- Vertrautheit mit Container-Runtimes und -Tools, einschließlich Docker, containerd, Helm und kubectl.
- Relevant certifications such as MCSE, CISSP, CompTIA Security+, CKA, or equivalent.
- PowerShell scripting proficiency for automation, configuration management, and reporting.
- Exposure to CI/CD pipelines and GitOps workflows in a production environment.
Experience
- 5 or more years of experience in IT infrastructure, cloud operations, systems administration, or DevOps roles.
- Strong hands-on experience with Windows Server 2022 and SQL Server in production environments.
- Proven experience with MongoDB and Redis in operational contexts.
- Demonstrated Cloudflare experience covering DNS management, WAF rules, CDN configuration, and security features.
- Working knowledge of enterprise security tools; direct experience with Bitwarden, KnowBe4, Bitdefender GravityZone, or equivalent products is preferred.
- Sound knowledge of GDPR and practical experience implementing or maintaining compliance controls.
- Experience working with geographically distributed teams across multiple time zones.
- Hands-on Kubernetes experience, including cluster administration, workload deployment, networking (ingress, network policies), RBAC, and persistent storage.
- Experience building or operating an observability stack with Grafana OSS, including Prometheus metrics, Loki log aggregation, and Grafana dashboards and alerting.
- Familiarity with ISO 27001 and experience contributing to certification or audit processes.
- Experience with infrastructure-as-code tools such as Terraform, Pulumi, or Ansible.
- Salesforce administration experience.
This text has been machine translated. Show original
What we offer
- This is a full-time, permanent position based in Berlin, Germany, offered on a remote-first basis.
- The CloudToolz platform operates continuously across multiple regions; the role includes on-call and out-of-hours escalation responsibilities.
- Base salary range: €60,000 - €85,000 per year.
- Typical target: €70,000 - €80,000 per year.
- Performance bonus: Discretionary, based on individual and company performance.
- Pension: Employer contribution in line with local requirements.
- Flexible working: Remote-first; flexible hours with availability for global coordination.
- Probation: 6 months.
- Compensation is commensurate with demonstrable experience and the scope of the role.
This text has been machine translated. Show original
Topics that you deal with on the job
Job Locations
This is your employer
Zentso S GmbH
Zentso S GmbH is a renowned software company based in Berlin, specializing in solutions for the management of membership organizations. The company develops the CloudToolz platform, which includes features such as workflow automation, CRM, and payment processing. Zentso serves customers in Europe, the USA, the UK, and the Asia-Pacific region.
Description
- Company Type
- Established Company
- Industry
- Internet, IT, Telecommunication
IT Infrastructure and Security Lead
- Salary
- 60.000 to 85.000€ Gross/Year
- Location
- Berlin
- Working Model
- Hybrid, Onsite
- Diversity
- Open for all genders
- English Only
- English only required
