Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.
120k – 180k
On-site3+ YOESecurity Engineering
About the role
Responsibilities
Run five compliance programs end-to-end: own the audit calendar, evidence collection, remediation tracking, and auditor relationships (Sensiba for SOC 2/ISO; A-LIGN for Microsoft SSPA).
Administer Drata: keep monitors green, assign and validate evidence, manage policies and the trust center.
Own the vendor bench: drive the weekly Rhymetec vCISO engagement, manage renewals and contracts across the security/compliance vendor portfolio.
Run the standing processes: security questionnaire escalation, inbound vendor security reviews, bug bounty coordination (triage, researcher comms, payouts), trainings and access-review cadences.
Be the customer-facing compliance voice: trust center, DPAs, subprocessor list, and enterprise security requirements (Microsoft, Coinbase, Okta-style programs).
Coordinate technical work by routing to Engineering DRIs with clear asks; keep leadership out of the coordination loop.
Requirements
3+ years in GRC / compliance program management / security operations with direct audit ownership.
Hands-on compliance-platform administration (Drata, Vanta, or similar).
Vendor and auditor relationship management as the accountable owner.
Meticulous follow-through — a dropped thread is an audit finding.
Bias toward automation and pushing work to tests/vendors rather than doing it manually forever.
Nice-to-Haves
ISO 42001 / AI governance exposure.
GDPR operations (DSARs, RoPA, consent tooling).
Early-stage startup experience as a sole compliance owner.
Compensation and Benefits
Competitive compensation and equity.
20 days paid time off every year.
401k or RRSP.
$420/month wellness stipend.
100% coverage for Health, dental, vision.
Free Ubers to and from work.
Free lunch and dinners.
Annual team offsite (previously went to Alaska, Hawaii).
Own the full product security lifecycle for space communications systems, from threat modeling and secure architecture to penetration testing, vulnerability management, cryptography, and compliance with FedRAMP, CMMC, and NIST standards. Requires 5+ years of product/application security leadership, deep expertise in SAST/DAST, secrets management, CI/CD hardening, and applied cryptography; TS/SCI clearance eligibility required.
120k – 190k
On-site5+ YOESecurity Engineering
Security Engineer, Platform
ResendUnited States
As a Security Engineer, Platform, you will be responsible for building and improving the security foundations of Resend’s platform, including API keys, service permissions, and secrets management. You will also help design secure defaults for new services and improve detection and response for suspicious access.
120k – 140k
Remote5+ YOESecurity Engineering
Cloud Security Engineer
WorkWaveUnited States
Cloud Security Engineer leads secure cloud configurations in AWS (primary), Azure, and GCP, owning governance, IAM, vulnerability management, and secure-by-default patterns for engineering teams. Requires 5+ years experience with deep AWS security expertise and Terraform proficiency.
120k – 145k
Remote5+ YOESecurity Engineering
Security engineer, application security
WriterNew York, NY +1
Builds security into AI platform through threat modeling, SAST/DAST in CI/CD, code reviews, and secure architecture design. Requires 4+ years app sec experience, programming in Python/Java/Go/JS, and DevSecOps tools expertise.
119k – 210k
Hybrid4+ YOESecurity Engineering
System Safety Engineer, Autonomy Trucking
Applied IntuitionSunnyvale, CA
Defines and manages safety architecture, requirements, and analysis (FMEA, FTA, STPA) for L4 autonomous trucking software/hardware. Requires 3+ years system safety experience, automotive standards expertise (ISO 26262), and engineering background in ADAS/autonomy.