Senior Security Engineer focused on GRC automation: building AI-assisted workflows, Drata integrations, and compliance automation infrastructure for SOC 2, ISO 27001, and NIST frameworks.
153k – 214k
Remote5+ YOESecurity Engineering
About the role
Responsibilities
Lead the implementation and integration of the GRC platform (Drata), ensuring it is fully operationalized across key systems and workflows
Build out automated workflows for control testing, evidence collection, and audit readiness
Design and deploy AI-assisted compliance workflows — including agentic evidence collection, LLM-powered vendor questionnaire review, and automated control narrative drafting — with clear validation logic
Develop and maintain integrations between the GRC platform and systems of record (ticketing systems, IAM, asset inventories, configuration management)
Manage project delivery across multiple GRC automation initiatives simultaneously — maintaining clear scope, milestones, and stakeholder visibility
Design dashboards and reporting to track control health, trust signals, and audit performance
Collaborate with Security, GRC, and Engineering teams to embed compliance into operational processes like employee onboarding, change management, and incident response
Own the roadmap for automated, resilient internal assurance infrastructure — setting priorities, making build vs. buy decisions, and communicating progress to GRC leadership
Requirements
5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles
Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring
Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments
Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools
Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems
Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53
Project management and delivery ownership — experience managing multi-workstream compliance or security projects end-to-end
Experience building AI-assisted workflows with LLMs, agentic tools, or automation pipelines to solve GRC or compliance problems
Confident in auditor-facing settings with ability to represent automation work clearly to external auditors and executive audiences
Nice-to-Haves
Hands-on experience with event-driven automation platforms like Tines
Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards in Looker or Metabase
Strong understanding of cloud-native security architecture (AWS IAM, encryption, logging)
Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content
Familiarity with EU AI Act, NIST AI RMF, or emerging AI governance frameworks
Design and build scalable cloud-native security data pipelines and detection systems. Collaborate on detection engineering and Kubernetes security controls while participating in on-call rotations.
153k – 270k
On-site5+ YOESecurity Engineering
Senior Developer, Product Security
1PasswordUnited States
Senior security-focused developer implementing new security features and secure libraries for iOS and hybrid apps at 1Password. Requires 5+ years of security development experience, 3+ years with iOS and Rust.
153k – 214k
Remote5+ YOESecurity Engineering
Senior Security Research Scientist
CensysSan Francisco, CA +3
Conducts internet-wide security research using scan data to identify trends, vulnerabilities, and threats. Analyzes large datasets with tools like BigQuery and Snowflake, partners with engineering teams, and shares insights publicly. Requires deep knowledge of internet protocols.
153k – 212k
RemoteSecurity Engineering
Senior Developer (Windows), Product Security
1PasswordUnited States
Senior Developer builds Windows security features using Rust and other languages, develops secure libraries, resolves vulnerabilities, and leads secure coding practices. Requires 4+ years experience in Windows security development and cryptography.
153k – 214k
Remote4+ YOESecurity Engineering
Senior GRC Lead
BrexSeattle, WA
Senior GRC Engineer at Brex automating compliance workflows, building security tool integrations and GRC automations, implementing controls for frameworks like SOC 2/PCI/ISO, and supporting audits while translating regulatory needs into technical solutions. Requires 5+ years GRC/security engineering experience, Python/API skills, and a builder mindset for scalable automation.