Cyber-Compliance Engineer (Security Automation & GRC)

Description

Job Overview

• Role: Cyber-Compliance Engineer (Security Automation & GRC)
• Company: Matproof
• Location: Berlin
• Employment Type: professional / experienced
• Category / Department: Engineering
• Salary: Competitive / Not Disclosed — confirm during interview
• Key Skills / Technologies: Engineering
• Listing Source: Arbeitnow

Job Description

Join one of Berlin’s fastest-growing [SaaS/Fintech] startups as we scale our global footprint. We aren't looking for a "paperwork officer"—we need a technical engineer who views compliance as a product feature. In this role, you’ll be part of a flat hierarchy where your code protects our customers and our reputation. You’ll help us move beyond "point-in-time" audits to a state of Continuous Compliance, ensuring our cloud infrastructure is secure by design and compliant by default.

• Location: Berlin (Kreuzberg/Mitte) / Hybrid
• Language: English (Working language), German is a plus.

Tasks

Compliance-as-Code: Build and maintain automated evidence-collection pipelines to satisfy ISO 27001, SOC2 Type II, and the EU AI Act.

Cloud Guardrails: Implement automated security policies in AWS/GCP using Terraform or CloudFormation to prevent compliance drift.

Audit Orchestration: Act as the technical lead for external audits, using automation to reduce manual "screenshotting" and spreadsheet management.

Vulnerability Management: Work closely with the DevOps team to prioritize and remediate technical risks found in CI/CD pipelines.

Third-Party Risk Tech: Evaluate the security posture of our tech vendors using automated assessment tools rather than just static questionnaires.

Requirements

• The Tech Stack: 3+ years in a technical security or DevSecOps role. You should be comfortable with Python or Go for automation and have deep knowledge of Kubernetes and Cloud Security (AWS/Azure).
• The Regulatory Lens: Hands-on experience with European frameworks (GDPR, NIS2) and a strong understanding of international standards (ISO/SOC2).
• The "Startup" Mindset: You prefer building a tool to solve a problem rather than writing a 50-page manual. You thrive in fast-paced environments where things change weekly.
• Communication: Ability to explain the "why" behind a security control to a Product Manager and the "how" to a Senior Developer.

Benefits

Equity: Participation in our VSOP (Employee Stock Option Plan)—we want you to own a piece of what you build.

Learning Budget: €2,000 annual budget for certifications (CISA, CISSP, AWS Security) or tech conferences.

Berlin Perks: Public transport subsidy (Deutschlandticket), flexible "work from anywhere" weeks, and a dog-friendly office in the heart of the city.

Ready to Secure our Future?

If you’re tired of manual spreadsheets and want to build the automated future of GRC (Governance, Risk, and Compliance), we’d love to meet you. We value diverse perspectives and encourage people from underrepresented backgrounds in tech to apply.

What to expect from our hiring process:

1. The Coffee Chat (30 min): A brief intro call with our Talent Lead to discuss your background and what you’re looking for in your next role.
2. Technical Deep Dive (60 min): A session with our CISO or Lead Engineer to talk through cloud security architecture and how you approach "Compliance-as-Code."
3. The Practical Challenge: A short, take-home technical exercise or a collaborative "whiteboarding" session (no "brain teasers," just real-world problems).
4. Cultural Fit & Founder Meet (45 min): A chance to meet one of our founders and your potential teammates to see if we’re the right fit for each other.
5. The Offer: If it’s a match, we’ll move fast to get you onboarded!

we’d rather see your GitHub or a brief note on a compliance project you’re proud of!

Find Jobs in Germany on Arbeitnow

Salary & Compensation

The salary for this position has not been publicly disclosed. Compensation is typically determined based on your experience, skills, and interview performance. Use your research on industry benchmarks and the cost of living in the role's location to negotiate effectively.

In addition to base salary, many employers in this sector offer a comprehensive benefits package that may include:

• Annual or performance-based bonuses
• Health, dental, and vision insurance
• Provident Fund (PF) and Gratuity contributions (India)
• Paid Time Off (PTO), sick leave, and public holidays
• Professional development budget and learning allowances
• Stock options or Employee Stock Ownership Plans (ESOPs) at select companies
• Flexible or remote working allowances
• Parental leave and family health coverage

Note: The specific benefits offered by this employer should be confirmed during the offer stage. Not all benefits listed above may apply to every organisation or role type.

Work Arrangement

Type: On-Site / Full-Time

This is an on-site, full-time position. You will be expected to report to the office or designated work location during standard business hours, Monday through Friday. Some companies offer flexible start and end times or occasional work-from-home days at the manager's discretion. The company fosters a collaborative environment with open workspaces, dedicated meeting rooms, and structured team events.

Typical Interview Process

While each organisation structures its hiring differently, candidates for this type of role typically go through the following stages:

1. Resume / Application screening by the recruiting team
2. Technical phone or video screening (30–45 min) covering fundamentals
3. Take-home coding assignment or technical assessment
4. Two to three rounds of technical interviews (algorithms, system design, or domain knowledge)
5. Behavioral / culture-fit interview with the hiring manager
6. Offer discussion and reference checks

Tip: Candidates are encouraged to review common data structures, algorithms, and system design concepts before the technical rounds.

About the Employer

Matproof is the organisation posting this opportunity. While full company details are available on the original job listing, here is what you should research before applying:

• Company size and culture: Review the company's LinkedIn profile, Glassdoor reviews, and their official website to understand team size, work culture, and employee satisfaction.
• Products and services: Familiarise yourself with what the company builds, sells, or delivers. Being knowledgeable about their offerings will set you apart during interviews.
• Recent news: Search for any recent fundraising, acquisitions, product launches, or leadership changes — these often come up in interviews and signal company health.
• Location and offices: The role is based in or around Berlin. Confirm office address, remote policy details, and travel requirements during the process.
• Where this listing was found: This job was sourced from Arbeitnow.

How to Apply & Preparation Tips

To apply for the Cyber-Compliance Engineer (Security Automation & GRC) position, follow these steps:

1. Tailor your resume: Customise your CV to match the specific requirements listed in the job description. Use keywords from the posting to pass Applicant Tracking System (ATS) filters.
2. Write a compelling cover letter: Even if not mandatory, a concise cover letter demonstrating your enthusiasm and fit for the role significantly improves your chances.
3. Apply via the original listing: Use the apply link on the original job post to submit your application. Avoid applying through third-party channels that may delay or lose your submission.
4. Prepare for phone screening: Be ready for an initial call within 3–7 business days of applying. Have your resume and a quiet space ready.
5. Follow up professionally: If you haven't heard back in 7–10 business days, a brief, polite follow-up email to the recruiter is acceptable and often appreciated.

Key skills relevant to this role include: Engineering. Ensure these are prominently featured on your resume and LinkedIn profile.

Disclaimer: This listing is aggregated from a public job board for informational purposes. JobSetuu does not guarantee the accuracy or current availability of this position. Always verify the details on the employer's official careers page before applying.