Lead and develop a team of GRC subject matter experts responsible for the lifecycle, quality, and product integration of Vanta's security and compliance frameworks. Own end-to-end framework release processes while partnering with Product and Engineering.
230k – 311k
Remote7+ YOESecurity Engineering
About the role
What you’ll do
Hire, mentor, and develop a team of SMEs covering commercial frameworks, government frameworks, test authoring, framework quality uplift, and framework maintenance
Build a stable, motivated team environment with clear operating rhythms and delegate effectively to grow ownership and capability
Connect the team's roadmap and content priorities to Vanta's broader product and company strategy
Create open feedback loops and adapt communication of priorities, decisions, and risks across audiences
Lead the team through change while holding yourself and them accountable for commitments
Own and govern Vanta's framework release process end-to-end, partnering with Product and Engineering
Drive program management work including new framework launches, updates, customer escalations, content requests, and licensing/pricing input
Track team performance and report KPIs including framework release velocity, content quality, adoption, and customer impact
Break down ambiguous priorities across framework launches, updates, test authoring, and quality uplift into actionable decisions
Lead the quality uplift effort for older commercial frameworks to ensure consistent standards for control wording, evidence specificity, and testing method
Set direction for crosswalks and mappings across security and privacy frameworks, including canonical control IDs and evidence data dictionaries
Steer the team's contribution to the broader GRC product surface including risk management, POA&M, policy management, access reviews, Trust Center, and third-party risk management
Partner with Product Management and Design to ensure SMEs are effective product advisors across discovery, PRD authoring, UI/UX review, and usability testing
Champion AI-assisted compliance by coaching SMEs to translate domain knowledge into machine-readable specs and partnering with Engineering and ML to ship LLM-powered guidance
Partner with Sales, Customer Success, and Product Marketing to represent the framework portfolio externally
Serve as a senior escalation point for customer issues related to framework content, scoping, and interpretation
How to be successful
7+ years of GRC and/or Information Security experience with hands-on implementation or assessment across multiple frameworks (SOC 2, ISO 27001/27701, HIPAA, PCI DSS, NIST CSF/800-53)
2+ years of experience managing technical or subject matter expert teams
Experience owning or contributing to programs that span Product, Engineering, and GTM
Strong program management instincts and comfort defining process and driving prioritization
Deep GRC craft including controls, risks, testing approaches, evidence standards, and program operations
Product mindset with ability to coach the team on translating customer and regulatory needs into productizable capabilities
Technical and automation fluency with AI-augmented tools to accelerate drafting of specs, mappings, and test logic
Analytical and detail-oriented with skill in precise control wording, mapping accuracy, and evidence specificity
Excellent written and verbal communication and ability to partner effectively with engineers, designers, GTM teams, auditors, and customers
Build and own core components of KYA (Know Your Agent), a cryptographic identity substrate for AI agents using verifiable credentials, JWS, OAuth, and Merkle logs. Requires production experience shipping cryptographically correct identity systems in Python and Go.
230k – 340k
Hybrid5+ YOESecurity Engineering
Security Engineer, Detection and Response
NotionSan Francisco, CA +1
Build and operate detection systems for cloud, identity, endpoints, and SaaS. Design high-signal detections, improve detection platforms, and participate in incident response.
230k – 260k
Hybrid6+ YOESecurity Engineering
Security Engineer - Tech Lead
Luma AIPalo Alto, CA
Lead design and implementation of security foundations including access governance, RBAC/ABAC, secrets management, and agent permissions for AI platforms. Partner with teams to embed secure practices while maintaining velocity; requires hands-on coding and production security experience.
230k – 360k
HybridSecurity Engineering
Security Architecture Lead
ReplitFoster City, CA
Leads security architecture for a multi-tenant SaaS platform, defining vision, mentoring engineers, conducting reviews, and managing risks. Requires 8+ years in security engineering, technical leadership, and cloud-native expertise, especially GCP.
228k – 363k
Hybrid8+ YOESecurity Engineering
Senior Security Engineer
VantaUnited States
Senior Security Engineer owning risk identification, threat modeling, vulnerability management, and secure architecture projects. Partners with engineering to build security culture and tools while minimizing operational friction. Requires independent ownership, software development experience, and strong collaboration skills.