Security Engineer

What we're looking for

• 3+ years of experience in security engineering, DevSecOps, solutions engineering, GRC automation, or compliance roles
• Experience working with GRC, compliance, or audit teams to support automation for evidence collection, control testing, or security monitoring
• Hands-on experience working with GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) — configuration, integration, or implementation experience
• Scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools
• Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems
• Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53
• Organizational and delivery skills — manage workstreams with clear milestones, communicate progress proactively
• Curiosity and experience with AI-assisted workflows — experimented with LLMs, agentic tools, or automation pipelines in a GRC or compliance context
• Comfortable in auditor-facing settings

Bonus points for

• Hands-on experience with event-driven automation platforms like Tines
• Experience building evidence pipelines, tagging telemetry, or creating compliance dashboards
• Familiarity with cloud-native security architecture (e.g., AWS IAM, encryption, logging)
• Experience in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content
• Familiarity with EU AI Act, NIST AI RMF, or emerging AI governance frameworks
• CISA, Security+, or equivalent certification

What you can expect

• Contribute to the implementation and integration of our GRC platform, executing on integrations and automations that connect Drata to key systems and workflows
• Build and maintain automated workflows for control testing, evidence collection, and audit readiness
• Help design and deploy AI-assisted compliance workflows — including evidence collection automation, vendor questionnaire support, and control narrative drafting — with validation steps built in
• Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management)
• Manage project workstreams with clear scope and milestones
• Build dashboards and reporting to track control health, trust signals, and audit performance
• Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes like employee onboarding, change management, and incident response
• Contribute to the roadmap for automated, resilient internal assurance infrastructure

Compensation

• USA: $123,000 - $172,000 USD base + benefits, equity, PTO
• Canada: $111,000 - $155,000 CAD base + benefits, equity, PTO