Cyber-Compliance Engineer (Security Automation & GRC)

Join one of Berlin’s fastest-growing [SaaS/Fintech] startups as we scale our global footprint. We aren't looking for a "paperwork officer"—we need a technical engineer who views compliance as a product feature. In this role, you’ll be part of a flat hierarchy where your code protects our customers and our reputation. You’ll help us move beyond "point-in-time" audits to a state of Continuous Compliance, ensuring our cloud infrastructure is secure by design and compliant by default. Location: Berlin (Kreuzberg/Mitte) / Hybrid Language: English (Working language), German is a plus. Tasks Compliance-as-Code: Build and maintain automated evidence-collection pipelines to satisfy ISO 27001, SOC2 Type II, and the EU AI Act. Cloud Guardrails: Implement automated security policies in AWS/GCP using Terraform or CloudFormation to prevent compliance drift. Audit Orchestration: Act as the technical lead for external audits, using automation to reduce manual "screenshotting" and spreadsheet management. Vulnerability Management: Work closely with the DevOps team to prioritize and remediate technical risks found in CI/CD pipelines. Third-Party Risk Tech: Evaluate the security posture of our tech vendors using automated assessment tools rather than just static questionnaires. Requirements The Tech Stack: 3+ years in a technical security or DevSecOps role. You should be comfortable with Python or Go for automation and have deep knowledge of Kubernetes and Cloud Security (AWS/Azure). The Regulatory Lens: Hands-on experience with European frameworks (GDPR, NIS2) and a strong understanding of international standards (ISO/SOC2). The "Startup" Mindset: You prefer building a tool to solve a problem rather than writing a 50-page manual. You thrive in fast-paced environments where things change weekly. Communication: Ability to explain the "why" behind a security control to a Product Manager and the "how" to a Senior Developer. Benefits Equity: Participation in our VSOP (Employee Stock Option Plan)—we want you to own a piece of what you build. Learning Budget: €2,000 annual budget for certifications (CISA, CISSP, AWS Security) or tech conferences. Berlin Perks: Public transport subsidy (Deutschlandticket), flexible "work from anywhere" weeks, and a dog-friendly office in the heart of the city. Ready to Secure our Future? If you’re tired of manual spreadsheets and want to build the automated future of GRC (Governance, Risk, and Compliance), we’d love to meet you. We value diverse perspectives and encourage people from underrepresented backgrounds in tech to apply. What to expect from our hiring process: The Coffee Chat (30 min): A brief intro call with our Talent Lead to discuss your background and what you’re looking for in your next role. Technical Deep Dive (60 min): A session with our CISO or Lead Engineer to talk through cloud security architecture and how you approach "Compliance-as-Code." The Practical Challenge: A short, take-home technical exercise or a collaborative "whiteboarding" session (no "brain teasers," just real-world problems). Cultural Fit & Founder Meet (45 min): A chance to meet one of our founders and your potential teammates to see if we’re the right fit for each other. The Offer: If it’s a match, we’ll move fast to get you onboarded! Apply now with your CV or LinkedIn profile. No cover letter required—we’d rather see your GitHub or a brief note on a compliance project you’re proud of! Find Jobs in Germany on Arbeitnow

Join one of Berlin’s fastest-growing [SaaS/Fintech] startups as we scale our global footprint. We aren't looking for a "paperwork officer"—we need a technical engineer who views compliance as a product feature. In this role, you’ll be part of a flat hierarchy where your code protects our customers and our reputation. You’ll help us move beyond "point-in-time" audits to a state of Continuous Compliance, ensuring our cloud infrastructure is secure by design and compliant by default. Location: Berlin (Kreuzberg/Mitte) / Hybrid Language: English (Working language), German is a plus. Tasks Compliance-as-Code: Build and maintain automated evidence-collection pipelines to satisfy ISO 27001, SOC2 Type II, and the EU AI Act. Cloud Guardrails: Implement automated security policies in AWS/GCP using Terraform or CloudFormation to prevent compliance drift. Audit Orchestration: Act as the technical lead for external audits, using automation to reduce manual "screenshotting" and spreadsheet management. Vulnerability Management: Work closely with the DevOps team to prioritize and remediate technical risks found in CI/CD pipelines. Third-Party Risk Tech: Evaluate the security posture of our tech vendors using automated assessment tools rather than just static questionnaires. Requirements The Tech Stack: 3+ years in a technical security or DevSecOps role. You should be comfortable with Python or Go for automation and have deep knowledge of Kubernetes and Cloud Security (AWS/Azure). The Regulatory Lens: Hands-on experience with European frameworks (GDPR, NIS2) and a strong understanding of international standards (ISO/SOC2). The "Startup" Mindset: You prefer building a tool to solve a problem rather than writing a 50-page manual. You thrive in fast-paced environments where things change weekly. Communication: Ability to explain the "why" behind a security control to a Product Manager and the "how" to a Senior Developer. Benefits Equity: Participation in our VSOP (Employee Stock Option Plan)—we want you to own a piece of what you build. Learning Budget: €2,000 annual budget for certifications (CISA, CISSP, AWS Security) or tech conferences. Berlin Perks: Public transport subsidy (Deutschlandticket), flexible "work from anywhere" weeks, and a dog-friendly office in the heart of the city. Ready to Secure our Future? If you’re tired of manual spreadsheets and want to build the automated future of GRC (Governance, Risk, and Compliance), we’d love to meet you. We value diverse perspectives and encourage people from underrepresented backgrounds in tech to apply. What to expect from our hiring process: The Coffee Chat (30 min): A brief intro call with our Talent Lead to discuss your background and what you’re looking for in your next role. Technical Deep Dive (60 min): A session with our CISO or Lead Engineer to talk through cloud security architecture and how you approach "Compliance-as-Code." The Practical Challenge: A short, take-home technical exercise or a collaborative "whiteboarding" session (no "brain teasers," just real-world problems). Cultural Fit & Founder Meet (45 min): A chance to meet one of our founders and your potential teammates to see if we’re the right fit for each other. The Offer: If it’s a match, we’ll move fast to get you onboarded! Apply now with your CV or LinkedIn profile. No cover letter required—we’d rather see your GitHub or a brief note on a compliance project you’re proud of! Find Jobs in Germany on Arbeitnow