Cyber-Compliance Engineer (Security Automation & GRC)

Join one of Berlins fastest-growing SaaS/Fintech startups as we scale our global footprint. We arent looking for a paperwork officerwe need a technical engineer who views compliance as a product this role youll be part of a flat hierarchy where your code protects our customers and our reputation. Youll help us move beyond point-in-time audits to a state of Continuous Compliance ensuring our cloud infrastructure is secure by design and compliant by default.

• Location: Berlin (Kreuzberg/Mitte) / Hybrid
• Language: English (Working language) German is a plus.

Tasks

Compliance-as-Code: Build and maintain automated evidence-collection pipelines to satisfy ISO 27001 SOC2 Type II and the EU AI Act.

Cloud Guardrails: Implement automated security policies in AWS/GCP using Terraform or CloudFormation to prevent compliance drift.

Audit Orchestration: Act as the technical lead for external audits using automation to reduce manual screenshotting and spreadsheet management.

Vulnerability Management: Work closely with the DevOps team to prioritize and remediate technical risks found in CI/CD pipelines.

Third-Party Risk Tech: Evaluate the security posture of our tech vendors using automated assessment tools rather than just static questionnaires.

Requirements

• The Tech Stack: 3 years in a technical security or DevSecOps role. You should be comfortable with Python or Go for automation and have deep knowledge of Kubernetes and Cloud Security (AWS/Azure).
• The Regulatory Lens: Hands-on experience with European frameworks (GDPR NIS2) and a strong understanding of international standards (ISO/SOC2).
• The Startup Mindset: You prefer building a tool to solve a problem rather than writing a 50-page manual. You thrive in fast-paced environments where things change weekly.
• Communication: Ability to explain the why behind a security control to a Product Manager and the how to a Senior Developer.

Benefits

Equity: Participation in our VSOP (Employee Stock Option Plan)we want you to own a piece of what you build.

Learning Budget: 2000 annual budget for certifications (CISA CISSP AWS Security) or tech conferences.

Berlin Perks: Public transport subsidy (Deutschlandticket) flexible work from anywhere weeks and a dog-friendly office in the heart of the city.

Ready to Secure our Future

If youre tired of manual spreadsheets and want to build the automated future of GRC (Governance Risk and Compliance) wed love to meet you. We value diverse perspectives and encourage people from underrepresented backgrounds in tech to apply.

What to expect from our hiring process:

1. The Coffee Chat (30 min): A brief intro call with our Talent Lead to discuss your background and what youre looking for in your next role.
2. Technical Deep Dive (60 min): A session with our CISO or Lead Engineer to talk through cloud security architecture and how you approach Compliance-as-Code.
3. The Practical Challenge: A short take-home technical exercise or a collaborative whiteboarding session (no brain teasers just real-world problems).
4. Cultural Fit & Founder Meet (45 min): A chance to meet one of our founders and your potential teammates to see if were the right fit for each other.
5. The Offer: If its a match well move fast to get you onboarded!

Apply now with your CV or LinkedIn profile. No cover letter requiredwed rather see your GitHub or a brief note on a compliance project youre proud of!