Job Details
Review the full job description, requirements, salary, and employer details. Apply directly or add to your auto-apply queue.
- Read requirements and qualifications carefully
- Check salary range and contract terms
- Apply with your AI CV and cover letter
- Save to wishlist for later
Back to Jobs
Cyber-Compliance Engineer (Security Automation & GRC)
Matproof — Berlin, Europe
2 views
Deadline: May 18, 2026
Company
Matproof
Location
Berlin, Europe
Salary
Negotiable
Deadline
May 18, 2026
Job Description
Join one of Berlin’s fastest-growing [SaaS/Fintech] startups as we scale our global footprint. We aren't looking for a "paperwork officer"—we need a technical engineer who views compliance as a product feature. In this role, you’ll be part of a flat hierarchy where your code protects our customers and our reputation. You’ll help us move beyond "point-in-time" audits to a state of Continuous Compliance, ensuring our cloud infrastructure is secure by design and compliant by default.
Location: Berlin (Kreuzberg/Mitte) / Hybrid
Language: English (Working language), German is a plus.
Tasks
Compliance-as-Code: Build and maintain automated evidence-collection pipelines to satisfy ISO 27001, SOC2 Type II, and the EU AI Act.
Cloud Guardrails: Implement automated security policies in AWS/GCP using Terraform or CloudFormation to prevent compliance drift.
Audit Orchestration: Act as the technical lead for external audits, using automation to reduce manual "screenshotting" and spreadsheet management.
Vulnerability Management: Work closely with the DevOps team to prioritize and remediate technical risks found in CI/CD pipelines.
Third-Party Risk Tech: Evaluate the security posture of our tech vendors using automated assessment tools rather than just static questionnaires.
Requirements
The Tech Stack: 3+ years in a technical security or DevSecOps role. You should be comfortable with Python or Go for automation and have deep knowledge of Kubernetes and Cloud Security (AWS/Azure).
The Regulatory Lens: Hands-on experience with European frameworks (GDPR, NIS2) and a strong understanding of international standards (ISO/SOC2).
The "Startup" Mindset: You prefer building a tool to solve a problem rather than writing a 50-page manual. You thrive in fast-paced environments where things change weekly.
Communication: Ability to explain the "why" behind a security control to a Product Manager and the "how" to a Senior Developer.
Benefits
Equity: Participation in our VSOP (Employee Stock Option Plan)—we want you to own a piece of what you build.
Learning Budget: €2,000 annual budget for certifications (CISA, CISSP, AWS Security) or tech conferences.
Berlin Perks: Public transport subsidy (Deutschlandticket), flexible "work from anywhere" weeks, and a dog-friendly office in the heart of the city.
Ready to Secure our Future?
If you’re tired of manual spreadsheets and want to build the automated future of GRC (Governance, Risk, and Compliance), we’d love to meet you. We value diverse perspectives and encourage people from underrepresented backgrounds in tech to apply.
What to expect from our hiring process:
The Coffee Chat (30 min): A brief intro call with our Talent Lead to discuss your background and what you’re looking for in your next role.
Technical Deep Dive (60 min): A session with our CISO or Lead Engineer to talk through cloud security architecture and how you approach "Compliance-as-Code."
The Practical Challenge: A short, take-home technical exercise or a collaborative "whiteboarding" session (no "brain teasers," just real-world problems).
Cultural Fit & Founder Meet (45 min): A chance to meet one of our founders and your potential teammates to see if we’re the right fit for each other.
The Offer: If it’s a match, we’ll move fast to get you onboarded!
Apply now with your CV or LinkedIn profile. No cover letter required—we’d rather see your GitHub or a brief note on a compliance project you’re proud of!
Find Jobs in Germany on Arbeitnow
Location: Berlin (Kreuzberg/Mitte) / Hybrid
Language: English (Working language), German is a plus.
Tasks
Compliance-as-Code: Build and maintain automated evidence-collection pipelines to satisfy ISO 27001, SOC2 Type II, and the EU AI Act.
Cloud Guardrails: Implement automated security policies in AWS/GCP using Terraform or CloudFormation to prevent compliance drift.
Audit Orchestration: Act as the technical lead for external audits, using automation to reduce manual "screenshotting" and spreadsheet management.
Vulnerability Management: Work closely with the DevOps team to prioritize and remediate technical risks found in CI/CD pipelines.
Third-Party Risk Tech: Evaluate the security posture of our tech vendors using automated assessment tools rather than just static questionnaires.
Requirements
The Tech Stack: 3+ years in a technical security or DevSecOps role. You should be comfortable with Python or Go for automation and have deep knowledge of Kubernetes and Cloud Security (AWS/Azure).
The Regulatory Lens: Hands-on experience with European frameworks (GDPR, NIS2) and a strong understanding of international standards (ISO/SOC2).
The "Startup" Mindset: You prefer building a tool to solve a problem rather than writing a 50-page manual. You thrive in fast-paced environments where things change weekly.
Communication: Ability to explain the "why" behind a security control to a Product Manager and the "how" to a Senior Developer.
Benefits
Equity: Participation in our VSOP (Employee Stock Option Plan)—we want you to own a piece of what you build.
Learning Budget: €2,000 annual budget for certifications (CISA, CISSP, AWS Security) or tech conferences.
Berlin Perks: Public transport subsidy (Deutschlandticket), flexible "work from anywhere" weeks, and a dog-friendly office in the heart of the city.
Ready to Secure our Future?
If you’re tired of manual spreadsheets and want to build the automated future of GRC (Governance, Risk, and Compliance), we’d love to meet you. We value diverse perspectives and encourage people from underrepresented backgrounds in tech to apply.
What to expect from our hiring process:
The Coffee Chat (30 min): A brief intro call with our Talent Lead to discuss your background and what you’re looking for in your next role.
Technical Deep Dive (60 min): A session with our CISO or Lead Engineer to talk through cloud security architecture and how you approach "Compliance-as-Code."
The Practical Challenge: A short, take-home technical exercise or a collaborative "whiteboarding" session (no "brain teasers," just real-world problems).
Cultural Fit & Founder Meet (45 min): A chance to meet one of our founders and your potential teammates to see if we’re the right fit for each other.
The Offer: If it’s a match, we’ll move fast to get you onboarded!
Apply now with your CV or LinkedIn profile. No cover letter required—we’d rather see your GitHub or a brief note on a compliance project you’re proud of!
Find Jobs in Germany on Arbeitnow
You need an account to apply for jobs.
Log in to Apply