# Senior Security Engineer, GRC Automation **Company:** [1Password](https://hotfix.jobs/companies/1password) **Location:** Remote **Salary:** $153K-$214K **Experience:** 5+ years **Skills:** Python, JavaScript, APIs, Webhooks, Drata, Vanta, Tines, Jupiterone, SOC 2, ISO 27001, Nist 800-53, Looker, Metabase, Aws Iam, LLMs **Posted:** 2026-05-26 > Senior Security Engineer focused on GRC automation: building AI-assisted workflows, Drata integrations, and compliance automation infrastructure for SOC 2, ISO 27001, and NIST frameworks. ## Job Description ## Responsibilities - Lead the implementation and integration of the GRC platform (Drata), ensuring it is fully operationalized across key systems and workflows - Build out automated workflows for control testing, evidence collection, and audit readiness - Design and deploy AI-assisted compliance workflows — including agentic evidence collection, LLM-powered vendor questionnaire review, and automated control narrative drafting — with clear validation logic - Develop and maintain integrations between the GRC platform and systems of record (ticketing systems, IAM, asset inventories, configuration management) - Manage project delivery across multiple GRC automation initiatives simultaneously — maintaining clear scope, milestones, and stakeholder visibility - Design dashboards and reporting to track control health, trust signals, and audit performance - Collaborate with Security, GRC, and Engineering teams to embed compliance into operational processes like employee onboarding, change management, and incident response - Own the roadmap for automated, resilient internal assurance infrastructure — setting priorities, making build vs. buy decisions, and communicating progress to GRC leadership ## Requirements - 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles - Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring - Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments - Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools - Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems - Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53 - Project management and delivery ownership — experience managing multi-workstream compliance or security projects end-to-end - Experience building AI-assisted workflows with LLMs, agentic tools, or automation pipelines to solve GRC or compliance problems - Confident in auditor-facing settings with ability to represent automation work clearly to external auditors and executive audiences ## Nice-to-Haves - Hands-on experience with event-driven automation platforms like Tines - Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards in Looker or Metabase - Strong understanding of cloud-native security architecture (AWS IAM, encryption, logging) - Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content - Familiarity with EU AI Act, NIST AI RMF, or emerging AI governance frameworks - CISA, CISSP, or equivalent certification **Apply:** https://hotfix.jobs/jobs/senior-security-engineer-grc-automation-at-1password-f98adfe6-1d11-4261-8b93-b191471047f4 **Canonical:** https://hotfix.jobs/jobs/senior-security-engineer-grc-automation-at-1password-f98adfe6-1d11-4261-8b93-b191471047f4