YOUR MISSION

We are seeking an experienced DevSecOps Engineer to drive secure development practices, enforce compliance, and strengthen our cloud and software delivery infrastructure. You will play a key role in integrating security across our CI/CD pipeline, infrastructure, and operational workflows.

You will work closely with engineering, compliance, and IT to embed security and privacy throughout the software development lifecycle while supporting scalable and resilient infrastructure on AWS.

• Automate DevSecOps processes including infrastructure provisioning, security scanning, and evidence collection workflows.
• Integrate security tooling (e.g., SAST, DAST, secret scanning) into GitLab CI/CD pipelines.
• Implement and maintain security gates, pre-commit hooks, and policy checks for PRs.
• Automate infrastructure provisioning using Terraform and enforce least-privilege access (IAM, RBAC).
• Ensure environment segregation (dev/test/prod) and enforce cloud security controls (security groups, NACLs, AWS Config).
• Drive secure release strategies including blue/green, canary, and rollback mechanisms.
• Build centralized logging and monitoring (CloudWatch, Datadog) with alerting for anomalies and error conditions.
• Build, maintain, and periodically test disaster recovery, backup, and incident response mechanisms.
• Manage SSO integrations (e.g., Auth0, Keycloak) and enforce MFA across admin and user accounts.
• Conduct access reviews, automate evidence collection for compliance (e.g., Drata), and support internal audits.
• Collaborate on secure SDLC policies, release governance, and architecture documentation.

REQUIRED EXPERIENCE

• 5+ years of experience in DevSecOps, Cloud Security, or Infrastructure Security roles.
• Expertise with AWS services, IAM, security best practices, and compliance tooling.
• Strong proficiency with Terraform (IAC) and GitLab (CI/CD pipelines, PR validation).
• Solid understanding of cloud-native security patterns, secret management (AWS Secrets Manager, Vault), and access controls.
• Familiarity with vulnerability scanning, static/dynamic analysis tools, and centralized logging platforms.
• Comfortable working in Microsoft-centric environments (Teams, Azure AD).

ABOUT US

StratifAI is an innovative Berlin-based precision oncology startup developing the next generation of AI-based cancer biomarkers. The founders have published over 100 articles in top-tier journals and founded StratifAI to translate these novel ideas into patient care.
Our products enable cancer patients to receive the right treatment at the right time - both for existing drugs on the market, and by supporting pharmaceutical companies in developing the drugs of tomorrow

Please refer the Job description for details