logo
See all jobs

DevSecOps Engineer (m/w/d)

Permanent employee, Full-time · Berlin
Your mission
We are seeking an experienced DevSecOps Engineer to drive secure development practices, enforce compliance, and strengthen our cloud and software delivery infrastructure. You will play a key role in integrating security across our CI/CD pipeline, infrastructure, and operational workflows. 
You will work closely with engineering, compliance, and IT to embed security and privacy throughout the software development lifecycle while supporting scalable and resilient infrastructure on AWS. 
  • Automate DevSecOps processes including infrastructure provisioning, security scanning, and evidence collection workflows.
  • Integrate security tooling (e.g., SAST, DAST, secret scanning) into GitLab CI/CD pipelines.
  • Implement and maintain security gates, pre-commit hooks, and policy checks for PRs.
  • Automate infrastructure provisioning using Terraform and enforce least-privilege access (IAM, RBAC).
  • Ensure environment segregation (dev/test/prod) and enforce cloud security controls (security groups, NACLs, AWS Config).
  • Drive secure release strategies including blue/green, canary, and rollback mechanisms.
  • Build centralized logging and monitoring (CloudWatch, Datadog) with alerting for anomalies and error conditions.
  • Build, maintain, and periodically test disaster recovery, backup, and incident response mechanisms.
  • Manage SSO integrations (e.g., Auth0, Keycloak) and enforce MFA across admin and user accounts.
  • Conduct access reviews, automate evidence collection for compliance (e.g., Drata), and support internal audits.
  • Collaborate on secure SDLC policies, release governance, and architecture documentation.
Your profile
Required experience 
  • 5+ years of experience in DevSecOps, Cloud Security, or Infrastructure Security roles.
  • Expertise with AWS services, IAM, security best practices, and compliance tooling.
  • Strong proficiency with Terraform (IAC) and GitLab (CI/CD pipelines, PR validation).
  • Solid understanding of cloud-native security patterns, secret management (AWS Secrets Manager, Vault), and access controls.
  • Familiarity with vulnerability scanning, static/dynamic analysis tools, and centralized logging platforms.
  • Comfortable working in Microsoft-centric environments (Teams, Azure AD). 
Good to have
  • Experience with compliance frameworks (e.g., SOC 2, ISO 27001).
  • Exposure to security automation platforms like Drata.
  • Ability to collaborate cross-functionally with engineers, auditors, and product stakeholders.
Why us?
  • The opportunity to make a real difference for cancer patients.
  • Competitive salary, stock options, and extra benefits.
  • A beautiful office near Alexanderplatz with an on-site gym, private showers, free drinks and snacks, rooftop bar, co-working space, and a quiet room for meditation or prayer.
  • Competing at the global top-tier of cancer research together with the founders, who are renowned researchers in the field of AI for biomarker development from medical imaging.
  • An extremely fast-paced and high-growth VC-funded start-up environment with key ownership from day 1.
Apply for this job
About us

StratifAI is an innovative Berlin-based precision oncology startup developing the next generation of AI-based cancer biomarkers. The founders have published over 100 articles in top-tier journals and founded StratifAI to translate these novel ideas into patient care.

Our products enable cancer patients to receive the right treatment at the right time - both for existing drugs on the market, and by supporting pharmaceutical companies in developing the drugs of tomorrow.

Apply for this job
Data privacy statement
Uploading document. Please wait.
Please add all mandatory information with a * to send your application.