Cyber-Compliance Engineer (Security Automation & GRC)

Join one of Berlin’s fastest-growing (SaaS/Fintech) startups as we scale our global footprint. We aren't looking for a "paperwork officer"—we need a technical engineer who views compliance as a product feature. In this role, you’ll be part of a flat hierarchy where your code protects our customers and our reputation. You’ll help us move beyond "point-in-time" audits to a state of Continuous Compliance , ensuring our cloud infrastructure is secure by design and compliant by default.

• Location: Berlin (Kreuzberg/Mitte) / Hybrid
• Language: English (Working language), German is a plus.

Tasks

Compliance-as-Code: Build and maintain automated evidence-collection pipelines to satisfy ISO 27001, SOC2 Type II , and the EU AI Act .

Cloud Guardrails: Implement automated security policies in AWS/GCP using Terraform or CloudFormation to prevent compliance drift.

Audit Orchestration: Act as the technical lead for external audits, using automation to reduce manual "screenshotting" and spreadsheet management.

Vulnerability Management: Work closely with the DevOps team to prioritize and remediate technical risks found in CI/CD pipelines.

Third-Party Risk Tech: Evaluate the security posture of our tech vendors using automated assessment tools rather than just static questionnaires.

Requirements

• The Tech Stack: 3+ years in a technical security or DevSecOps role. You should be comfortable with Python or Go for automation and have deep knowledge of Kubernetes and Cloud Security (AWS/Azure) .
• The Regulatory Lens: Hands-on experience with European frameworks (GDPR, NIS2 ) and a strong understanding of international standards (ISO/SOC2).
• The "Startup" Mindset: You prefer building a tool to solve a problem rather than writing a 50-page manual. You thrive in fast-paced environments where things change weekly.
• Communication: Ability to explain the why behind a security control to a Product Manager and the how to a Senior Developer.

Benefits

Equity: Participation in our VSOP (Employee Stock Option Plan)—we want you to own a piece of what you build.

Learning Budget: €2,000 annual budget for certifications (CISA, CISSP, AWS Security) or tech conferences.

Berlin Perks: Public transport subsidy (Deutschlandticket), flexible "work from anywhere" weeks, and a dog-friendly office in the heart of the city.