Why us? We believe that AI has the potential to revolutionize how cancer and other complex diseases are diagnosed and treated. We also believe that AI is a tool, not an identity – without access to high quality data and a scientifically rigorous, transparent approach to model development, AI is just a buzzword. That’s where we come in.

Aignostics is a spin-off from one of Europe's largest and most prestigious university hospitals (Charité), with employees in Berlin and New York. We have received over $50M in funding from leading investors and are a growing team of over 100 interdisciplinary professionals. We work with academic partners as well as leading global life sciences companies.

As a Senior Platform Security Engineer at Aignostics, you will be a key member of our Platform Engineering & IT department, reporting to the Head of Platform Engineering & IT. Working hand in hand with our team and external collaborators in academia and industry, you will safeguard the infrastructure that powers digital pathology innovation. You'll own platform security implementation end-to-end — from edge deployments at partner sites and workforce endpoint devices through to GKE clusters, Cloud Run, storage services, network architecture, central IAM, and AI training pipelines. You collaborate with our CISO on conceptualizing, and owning platform security implementation initiatives that protect sensitive healthcare data, implementing solutions compliant with industry standards, and enable our developers to build secure-by-default solutions. This is a unique opportunity to join a fun, diverse, and growing team of 100+ data scientists, software developers, biologists, and pathologists to shape the next generation of cancer treatments. You will be part of a driven community that works in an agile, supportive and interdisciplinary research environment where your results make a difference to patients. In our established startup, you have the opportunity to grow personally and technically, take responsibility and benefit from a dynamic work environment.

At Aignostics, we believe that fighting cancer is a job for people of all identities, backgrounds, and cultures. We value and celebrate diversity and inclusion and are committed to offering equal employment and promotion opportunities for all applicants and employees. Applicants will be considered regardless of their age, disability, ethnicity, race, gender identity or expression, sexual orientation, religion, and other characteristics. We thrive through collaboration and believe the more inclusive we are, the better our work will be.

Where your expertise is needed

• Secure our cloud foundation in GCP and AWS: Design and implement technical security controls for our GCP and AWS infrastructure, including Kubernetes, storage services, VPCs, Cloud Run, and cloud-native workloads to protect sensitive healthcare data and AI models in alignment with our existing ISO 27001 controls.
• Secure our working environment: Support the integration of platform components and services into our Central Identity Provider (IDP) and the improvement of self-service access, and privileged access management across cloud services.
• Manage vulnerabilities at scale: Strengthen our CVE management processes and automate vulnerability scanning for containers and infrastructure.
• Automate security at scale: Develop security-as-code solutions using Terraform, create CI/CD security gates using policy-as-code, and build automated remediation workflows to embed security into our development lifecycle.

What We Are Looking For

• Proven experience: 5+ years in cloud security or platform security engineering, with a track record of securing complex, cloud-native infrastructure in production environments.
• Cloud security expertise: Deep experience securing GCP and/or AWS environments, with strong knowledge of IAM, PAM, network security, and container platforms.

Ideally, you also bring

• GitOps expertise: Experience working with Argo CD, Terraform, GitOps pipelines, and implementing policy-as-code with tools like OPA/Gatekeeper or Kyverno.
• Security monitoring chops: Hands-on with Prometheus, Grafana (Loki/Tempo), OX Security, or GCP Security Command Center to detect and respond to threats.
• Secrets management experience: Experience with HashiCorp Vault, Google Secret Manager, or similar tools for secure credential management and rotation.
• DevSecOps mindset: Experience embedding security into CI/CD pipelines, implementing automated security scanning, and creating security gates without blocking developer velocity.

We're still keen to hear from you if you don't match all the above points! Our needs are diverse and growing, and you are encouraged to apply if you have a strong combination of these skills.

Our offer

• Join a purpose-driven startup: We are working collectively to fight cancer and improve patient outcomes. Come help us make a difference!

Join us to make a difference!

We are an international, interdisciplinary team that is powering the next generation of precision medicine and advancing the fields of AI and pathology.