GRC Engineer responsible for designing and improving governance, risk management, and compliance programs at a generative AI platform company. Manage certifications (SOC 2, ISO 27001, GDPR), lead risk assessments, support customer security reviews, and develop automation for cloud and AI infrastructure controls.
150k – 250k/yr
On-site5+ YOESecurity Engineering
About the role
What You'll Do
Governance & Compliance
Manage and improve security compliance programs, including SOC 2, ISO 27001, GDPR, and emerging AI governance frameworks.
Coordinate internal and external audits.
Maintain security policies, standards, procedures, and control documentation.
Develop compliance automation and continuous monitoring processes.
Support security awareness and policy governance initiatives.
Risk Management
Lead enterprise risk assessments and risk register management.
Perform vendor and third-party risk assessments.
Conduct control gap analyses and remediation tracking.
Facilitate risk reviews with stakeholders across engineering and business teams.
Develop metrics and reporting for risk and compliance leadership.
Customer Security & Trust
Support enterprise security reviews and customer due diligence requests.
Assist with security questionnaires, audits, and RFP responses.
Help maintain trust center content and security documentation.
Partner with Sales, Legal, and Customer Success to address customer security concerns.
Security Engineering & Control Validation
Collaborate with Security and Infrastructure teams to implement and validate security controls.
Evaluate cloud and AI infrastructure against security requirements.
Assess effectiveness of technical safeguards including identity and access management, logging and monitoring, vulnerability management, incident response, and data protection controls.
Support evidence collection and control testing.
Program Development
Build scalable GRC processes that reduce manual effort.
Identify opportunities for compliance automation.
Develop governance frameworks for emerging AI and machine learning technologies.
Support strategic security initiatives and certifications.
Requirements
Technical security knowledge combined with compliance expertise.
Strong cross-functional collaboration skills.
Understanding of cloud infrastructure, modern security practices, and compliance frameworks.
Ability to translate technical controls into business and regulatory requirements.
Build and scale Mercor's novel identity and access management infrastructure across thousands of Slack workspaces and HR systems for a 100k+ expert network. Requires strong product engineering, large-scale distributed systems experience, and security-minded design instincts.
150k – 325k/yr
On-site5+ YOESecurity Engineering
IT Security Operations Engineer
AKASASan Francisco, CA
IT Security Operations Engineer responsible for implementing DLP, email security, endpoint protection, Okta/Google Workspace hardening, automation, compliance evidence collection, and incident response in a hybrid healthcare AI startup.
150k – 190k/yr
Hybrid4+ YOESecurity Engineering
Security Engineer
NovigNew York, NY
Build and maintain security automation pipelines, AI agents, SOAR/SIEM integrations, vulnerability management, and IAM systems for a sports prediction market platform.
150k – 200k/yr
On-site5+ YOESecurity Engineering
Manager, Security Incident Response Team (USA)
GitLabUnited States
Leads the Security Incident Response Team in the Americas, managing engineers through threat hunting, investigations, triage, and large-scale responses while coaching performance and driving process improvements using AI and automation.
150k – 235k/yr
RemoteSecurity Engineering
Security Engineer (Purple Team)
Applied IntuitionSunnyvale, CA
Performs offensive security testing, penetration assessments, and risk analysis on vehicle software platforms and embedded systems. Collaborates with engineering teams to design secure architectures and implement mitigations for automotive products.