Senior Cloud Security Engineer (d/f/m)

We believe that AI has the potential to revolutionize how cancer and other complex diseases are diagnosed and treated. We also believe that AI is a tool, not an identity - without access to high quality data and a scientifically rigorous, transparent approach to model development, AI is just a buzzword. That's where we come in.

Aignostics is a spin-off from one of Europe's largest and most prestigious university hospitals (Charité), with employees in Berlin and New York. We have received over $50M in funding from leading investors and are a growing team of over 100 interdisciplinary professionals. We work with academic partners as well as leading global life sciences companies.

As a Senior Cloud Security Engineer at Aignostics, you will be a key member of our Platform Engineering & IT department, reporting to the Head of Platform Engineering & IT. Working hand in hand with our team and external collaborators in academia and industry, you will safeguard the infrastructure that powers digital pathology innovation. You'll own security end-to-end - from edge deployments at partner sites and workforce endpoint devices through to GKE clusters, Cloud Run, storage services, network architecture, central IAM, and AI training pipelines. You'll be responsible for conceptualizing, leading, and owning security initiatives that protect sensitive healthcare data, ensure compliance with industry standards, and enable our developers to build secure-by-default solutions.

This is a unique opportunity to join a fun, diverse, and growing team of 100+ data scientists, software developers, biologists, and pathologists to shape the next generation of cancer treatments. You will be part of a driven community that works in an agile, supportive and interdisciplinary research environment where your results make a difference to patients. In our established startup, you have the opportunity to grow personally and technically, take responsibility and benefit from a dynamic work environment.

At Aignostics, we believe that fighting cancer is a job for people of all identities, backgrounds, and cultures. We value and celebrate diversity and inclusion and are committed to offering equal employment and promotion opportunities for all applicants and employees. Applicants will be considered regardless of their age, disability, ethnicity, race, gender identity or expression, sexual orientation, religion, and other characteristics. We thrive through collaboration and believe the more inclusive we are, the better our work will be.

• Secure our cloud foundation in GCP and AWS: Design and implement security controls for our GCP and AWS infrastructure, including Kubernetes, storage services, VPCs, Cloud Run, and cloud-native workloads to protect sensitive healthcare data and AI models.
• Architect central identity management: Evolve our central Identity Provider (IDP) - unifying authentication, authorization, self-service access, and privileged access management across cloud services.
• Manage vulnerabilities at scale: Strengthen our CVE management processes and automate vulnerability scanning for containers and infrastructure.
• Automate security at scale: Develop security-as-code solutions using Terraform, create CI/CD security gates using policy-as-code, and build automated remediation workflows to embed security into our development lifecycle.
• Enable secure development: Partner with engineering and data science teams to provide security consultation, create self-service security patterns, and educate developers on security best practices.

• Proven experience: 5+ years in cloud security or platform security engineering, with a track record of securing complex, cloud-native infrastructure in production environments.
• GCP/AWS security expertise: Deep experience securing GCP and/or AWS environments, with strong knowledge of IAM, PAM, network security, and container platforms.
• Identity and access management: Proven experience conceptualizing and implementing centralized identity provider solutions, SSO & SCIM, and authentication frameworks.
• Vulnerability management: Experience building CVE management programs, implementing automated scanning solutions, and driving remediation processes.
• Security automation skills: Strong programming and scripting abilities (Python, Bash, Go) to automate security processes, build security tools, and integrate security into CI/CD pipelines.
• Outstanding communicator: Ability to explain complex security concepts to technical and non-technical audiences, drive security decisions, and collaborate across teams (fluent in English, German is a plus).
• Compliance knowledge: Understanding of security compliance frameworks (ISO 27001, GDPR, HIPAA) and experience implementing controls to meet regulatory requirements.

• GitOps expertise: Experience working with Argo CD, Terraform, GitOps pipelines, and implementing policy-as-code with tools like OPA/Gatekeeper or Kyverno.
• Security monitoring chops: Hands-on with Prometheus, Grafana (Loki/Tempo), SIEM platforms like OX Security, or GCP Security Command Center to detect and respond to threats.
• Secrets management experience: Practice with HashiCorp Vault, Google Secret Manager, or similar tools for secure credential management and rotation.
• DevSecOps mindset: Experience embedding security into CI/CD pipelines, implementing automated security scanning, and creating security gates without blocking developer velocity.
• Endpoint security knowledge: Familiarity with mobile device security policies, MDM solutions, and endpoint security in healthcare environments.
• Platform builder mentality: Experience creating internal security platforms or self-service security tools (like Backstage plugins) that enable developers to implement security correctly.
• Healthcare industry context: Experience in healthcare, life sciences, or regulated industries, with understanding of compliance requirements and data protection needs in medical technology.

We're still keen to hear from you if you don't match all the above points! Our needs are diverse and growing, and you are encouraged to apply if you have a strong combination of these skills.

• Join a purpose-driven startup: We are working collectively to fight cancer and improve patient outcomes. Come help us make a difference!
• Cutting-edge AI research and development, with involvement of Charité, TU Berlin and our other partners
• Work with a welcoming, diverse and highly international team of colleagues
• Opportunity to take responsibility and grow your role within the startup
• Expand your skills by benefitting from our Learning & Development yearly budget of 1,000€ (plus 2 L&D days), language classes and internal development programs
• Mentoring program, you'll learn from great experts
• Flexible working hours and teleworking policy
• Enjoy your well-deserved time off within our 30 paid vacation days per year
• We are family & pet friendly and support flexible parental leave options
• Pick a subsidized membership of your choice among public transport, sports and well-being
• Enjoy our social gatherings, lunches, and off-site events for a fun and inclusive work environment
• Optional company pension scheme

Join us to make a difference!

Department Platform Engineering and IT | Role: Senior Cloud Security Engineer | Locations: Berlin, Remote (Hybrid) | Employment type: Full-time