Skip to content
NinjaTraderNinjaTraderChicago, IL

GRC Engineer

Mid-level GRC Engineer building automation and tooling to scale compliance for SOC 2, ISO 27001, and SOX. Hands-on role combining scripting, audit coordination, risk management, and cross-functional partnership with engineering teams.

130k – 145k
Hybrid3+ YOESecurity Engineering

About the role

Automation & Tooling

  • Build and maintain automation for continuous control monitoring, evidence collection, and audit readiness through scripts, APIs, and GRC platform integrations
  • Integrate compliance workflows with cloud providers, identity systems, ticketing platforms, and CI/CD pipelines to automatically collect control data and evidence
  • Reduce manual compliance work by codifying control checks and pulling evidence directly from source systems
  • Develop dashboards and reporting that provide stakeholders with real-time visibility into control health and audit readiness

Audits & Frameworks

  • Run and coordinate audits for SOC 2 (Type I and Type II), ISO 27001, and SOX, including scoping, evidence collection, control walkthroughs, and auditor coordination
  • Map controls across multiple compliance frameworks to reduce duplication and maintain a unified control library
  • Track audit findings and control gaps through remediation and closure with business and technical stakeholders
  • Maintain audit-ready documentation including policies, procedures, control narratives, and evidence repositories

Risk Management

  • Identify, assess, and document organizational risks while maintaining the enterprise risk register
  • Support risk assessments, including likelihood and impact scoring, treatment planning, and remediation tracking
  • Partner with Engineering and IT to evaluate the control impact of new systems, vendors, and architectural changes
  • Contribute to the third-party risk management program

Cross-Functional Partnership

  • Partner with control owners to ensure controls are operating effectively and generating appropriate evidence
  • Translate compliance requirements into practical, engineering-focused guidance
  • Support customer security questionnaires, trust requests, and due diligence activities

Requirements

  • 3–5 years of experience in GRC, IT audit, security compliance, or a related field
  • Hands-on experience supporting or leading audits for SOC 2, ISO 27001, SOX, or a comparable framework
  • Working knowledge of SOC 2 Trust Services Criteria, ISO 27001 Annex A, COSO/SOX ITGCs, NIST, or similar control frameworks
  • Experience with scripting and automation using Python or a similar language, including working with REST APIs to automate evidence collection
  • Familiarity with at least one major cloud platform (AWS, GCP, or Azure) and its security and logging services
  • Strong understanding of access management, change management, logging and monitoring, vulnerability management, and SDLC controls
  • Excellent written communication skills with the ability to create clear control documentation, risk assessments, and stakeholder reporting
  • Ability to manage multiple priorities while driving audit findings and remediation efforts to completion

Nice-to-Haves

  • Experience with Infrastructure as Code (Terraform) and CI/CD pipeline security
  • Exposure to SOX ITGC testing within a public company or pre-IPO environment
  • Experience using SQL or data analysis for evidence collection and control sampling
  • Certifications such as CISA, CISSP, CCSK, ISO 27001 Lead Implementer or Lead Auditor, or cloud security certifications
  • Experience working directly with external auditors and managing audit timelines

Compensation

The salary range for this role will be $130,000.00 - $145,000.00 USD. In addition, this position will also receive an annual target bonus of 10%. Bonus pay at NinjaTrader is based on individual performance (50%) as well as company/team performance (50%).

Salary and bonus earnings are only two components of the total compensation package offered by NinjaTrader. NinjaTrader offers a 401K plan through ADP under which the company will match up to 3.5% of employee contributions. Annual paid time off allowance accrues at a rate of 18 days per year (some positions may qualify for more) plus seven paid holidays.

Skills

GRCSOC 2ISO 27001SoxPythonREST APIsAWSGCPAzureTerraformSQLNist
Mercor

Security Engineer, Cloud Infrastructure

MercorSan Francisco, CA +1

Designs and implements cloud security architectures including multi-account AWS isolation, Kubernetes hardening, and CSPM with Wiz for enterprise tenant separation. Requires 5+ years in cloud/infrastructure security, IaC expertise, and production experience.

130k – 500k
Hybrid5+ YOESecurity Engineering
Mercor

Security Engineer, Application Security

MercorSan Francisco, CA +1

Owns application security by embedding review workflows in SDLC, building SAST/DAST pipelines in CI/CD, managing vulnerability remediation, and operating bug bounty programs. Requires 5+ years experience finding/fixing vulnerabilities, strong skills in Python/TypeScript/Go, and SAST/DAST tooling.

130k – 500k
On-site5+ YOESecurity Engineering
Socket

Threat Analyst

SocketUnited States

Analyzes software supply chain threats using AI scanners, conducts malware analysis and threat hunting, builds automation tools, and integrates research into products to protect open source ecosystems. Requires 3+ years in security operations and master's degree.

126k – 170k
Remote3+ YOESecurity Engineering
Upstart

Infrastructure Security Engineer

UpstartUnited States

Designs and implements security controls for cloud infrastructure, Kubernetes, and deployment systems. Partners with engineering teams to review architectures, automate preventative measures, and remediate vulnerabilities. Requires 3+ years experience, Bachelor's degree, and proficiency in AWS, IaC tools, and programming.

134k – 186k
Remote3+ YOESecurity Engineering
Applied Intuition

Product Security Engineer

Applied IntuitionSunnyvale, CA

Embeds security into product design and development lifecycle by analyzing architectures, conducting threat modeling and assessments, maturing vulnerability management, and guiding developers on secure practices. Requires 5+ years in product/application security with expertise in cloud, containers, and automation tools.

125k – 160k
On-site5+ YOESecurity Engineering