Senior Cloud Security Engineer (dfm)

1) Why us

We believe that AI has the potential to revolutionize how cancer and other complex diseases are diagnosed and treated. We also believe that AI is a tool not an identity without access to high quality data and a scientifically rigorous transparent approach to model development AI is just a buzzword. Thats where we come in.

Aignostics is a spin-off from one of Europes largest and most prestigious university hospitals (Charité) with employees in Berlin and New York. We have received over $50M in funding from leading investors and are a growing team of over 100 interdisciplinary professionals. We work with academic partners as well as leading global life sciences companies.

As a Senior Cloud Security Engineer at Aignostics you will be a key member of our Platform Engineering & IT department reporting to the Head of Platform Engineering & IT. Working hand in hand with our team and external collaborators in academia and industry you will safeguard the infrastructure that powers digital pathology innovation. Youll own security end-to-end from edge deployments at partner sites and workforce endpoint devices through to GKE clusters Cloud Run storage services network architecture central IAM and AI training pipelines. Youll be responsible for conceptualizing leading and owning security initiatives that protect sensitive healthcare data ensure compliance with industry standards and enable our developers to build secure-by-default solutions.

This is a unique opportunity to join a fun diverse and growing team of 100 data scientists software developers biologists and pathologists to shape the next generation of cancer treatments. You will be part of a driven community that works in an agile supportive and interdisciplinary research environment where your results make a difference to our established startup you have the opportunity to grow personally and technically take responsibility and benefit from a dynamic work environment.

At Aignostics we believe that fighting cancer is a job for people of all identities backgrounds and cultures. We value and celebrate diversity and inclusion and are committed to offering equal employment and promotion opportunities for all applicants and employees. Applicants will be considered regardless of their age disability ethnicity race gender identity or expression sexual orientation religion and other characteristics. We thrive through collaboration and believe the more inclusive we are the better our work will be.

2) Where your expertise is needed

• Secure our cloud foundation in GCP and AWS: Design and implement security controls for our GCP and AWS infrastructure including Kubernetes storage services VPCs Cloud Run and cloud-native workloads to protect sensitive healthcare data and AI models.

• Architect central identity management: Evolve our central Identity Provider (IDP) unifying authentication authorization self-service access and privileged access management across cloud services.

• Manage vulnerabilities at scale: Strengthen our CVE management processes and automate vulnerability scanning for containers and infrastructure.

• Automate security at scale: Develop security-as-code solutions using Terraform create CI/CD security gates using policy-as-code and build automated remediation workflows to embed security into our development lifecycle.

• Enable secure development: Partner with engineering and data science teams to provide security consultation create self-service security patterns and educate developers on security best practices.

3) What we are looking for

• Proven experience: 5 years in cloud security or platform security engineering with a track record of securing complex cloud-native infrastructure in production environments.

• GCP/AWS security expertise: Deep experience securing GCP and/or AWS environments with strong knowledge of IAM PAM network security and container platforms.

• Identity and access management: Proven experience conceptualizing and implementing centralized identity provider solutions SSO & SCIM and authentication frameworks.

• Vulnerability management: Experience building CVE management programs implementing automated scanning solutions and driving remediation processes.

• Security automation skills: Strong programming and scripting abilities (Python Bash Go) to automate security processes build security tools and integrate security into CI/CD pipelines.

• Outstanding communicator: Ability to explain complex security concepts to technical and non-technical audiences drive security decisions and collaborate across teams (fluent in English German is a plus).

• Compliance knowledge: Understanding of security compliance frameworks (ISO 27001 GDPR HIPAA) and experience implementing controls to meet regulatory requirements.

4) Ideally you also bring

• GitOps expertise: Experience working with Argo CD Terraform GitOps pipelines and implementing policy-as-code with tools like OPA/Gatekeeper or Kyverno.

• Security monitoring chops: Hands-on with Prometheus Grafana (Loki/Tempo) SIEM platforms like OX Security or GCP Security Command Center to detect and respond to threats.

• Secrets management experience: Practice with HashiCorp Vault Google Secret Manager or similar tools for secure credential management and rotation.

• DevSecOps mindset: Experience embedding security into CI/CD pipelines implementing automated security scanning and creating security gates without blocking developer velocity.

• Endpoint security knowledge: Familiarity with mobile device security policies MDM solutions and endpoint security in healthcare environments.

• Platform builder mentality: Experience creating internal security platforms or self-service security tools (like Backstage plugins) that enable developers to implement security correctly.

• Healthcare industry context: Experience in healthcare life sciences or regulated industries with understanding of compliance requirements and data protection needs in medical technology.

Were still keen to hear from you if you dont match all the above points! Our needs are diverse and growing and you are encouraged to apply if you have a strong combination of these skills.

5) Our offer

• Join a purpose-driven startup: We are working collectively to fight cancer and improve patient outcomes. Come help us make a difference!

• Cutting-edge AI research and development with involvement of Charité TU Berlin and our other partners

• Work with a welcoming diverse and highly international team of colleagues

• Opportunity to take responsibility and grow your role within the startup

• Expand your skills by benefitting from our Learning & Development yearly budget of 1000 (plus 2 L&D days) language classes and internal development programs

• Mentoring program youll learn from great experts

• Flexible working hours and teleworking policy

• Enjoy your well-deserved time off within our 30 paid vacation days per year

• We are family & pet friendly and support flexible parental leave options

• Pick a subsidized membership of your choice among public transport sports and well-being

• Enjoy our social gatherings lunches and off-site events for a fun and inclusive work environment

• Optional company pension scheme

Join us to make a difference!