Skip to content
HarveyHarveySan Francisco, CA

Compliance Analyst

This Compliance Analyst role at Harvey involves owning and maintaining compliance documentation, coordinating evidence collection, and supporting third-party assessments. The role requires hands-on compliance work, close collaboration with Engineering and Security teams, and a detail-oriented approach to ensure program health and continuous monitoring.

99k – 149k/yr
Hybrid3+ YOESecurity Engineering

About the role

What You'll Do

  • Own and maintain core compliance documentation — including compliance packages and security assessment reports — keeping them accurate and audit-ready
  • Coordinate evidence collection across Engineering, Infrastructure, and Security for regulated assessments
  • Support third-party assessor engagements end-to-end: scheduling, preparing teams, triaging findings, and drafting responses
  • Conduct gap analyses against applicable frameworks and produce remediation tracking artifacts teams can act on directly
  • Manage continuous monitoring activities including control reviews, change notifications, and incident documentation to maintain compliance status
  • Partner with Engineering and Security to validate control implementations and translate regulatory language into testable technical configurations

What You Have

  • 3–5+ years in information security compliance with hands-on exposure to government and industry frameworks in a SaaS or cloud environment
  • Solid working knowledge of applicable government compliance frameworks; ability to map controls to technical implementations and evaluate evidence quality
  • Experience maintaining compliance documentation and tracking remediation activities; familiarity with compliance automation tooling
  • Exceptional attention to detail — able to manage multiple concurrent workstreams and keep documentation aligned with a dynamic cloud environment
  • Clear communicator: able to write crisp control implementation statements and explain compliance requirements to engineering audiences

Compensation

$99,200 - $148,800

Skills

Information Security ComplianceGovernment Compliance FrameworksSaaSCloud EnvironmentsCompliance Automation Tooling
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k/yr
RemoteSecurity Engineering
Trail of Bits

Security Engineer, Application Security

Trail of BitsUnited States

Conduct low-level code security assessments, architecture reviews, and threat modeling for client applications. Build custom security tools bridging vulnerability research and application security. Requires manual code review, binary analysis, and programming proficiency in multiple languages.

100k – 200k/yr
Remote5+ YOESecurity Engineering
BlackCloak

Security Engineer (Security Operations, Zero Trust)

BlackCloakUnited States

Security Engineer focused on security operations, incident response, and Zero Trust implementation. Designs, deploys, and supports security tools like SIEM, EDR, and Cloudflare; triages alerts, automates responses, and collaborates on cloud/IAM security. Requires 3-5 years experience in cloud-native security engineering.

100k – 140k/yr
Remote3+ YOESecurity Engineering
Astra

GRC Program Manager

AstraUnited States

Owns end-to-end execution of GRC programs including SOC 1/2, PCI DSS, and ISO 27001 audits, control design, risk assessments, and vendor management. Partners with engineering to implement technical controls and documentation for scalable compliance in fintech.

95k – 135k/yr
Remote3+ YOESecurity Engineering
Metropolis

Security Engineer II

MetropolisLos Angeles, CA

Security Engineer II responsible for monitoring security alerts, responding to incidents, administering enterprise security tools, and supporting cloud and identity security initiatives. Requires 3+ years in cybersecurity or related fields with strong scripting and troubleshooting skills.

105k – 150k/yr
On-site3+ YOESecurity Engineering