Risk Automation Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Design and construct automation pipelines that operate without manual intervention, managing the entire risk assessment lifecycle—from intake and scoping to evidence collection, control testing, findings generation, and remediation tracking—utilizing AI-driven workflows and tools like Claude Code.

• Create and execute automated vendor risk lifecycle management processes, encompassing onboarding questionnaires, periodic reassessment triggers, continuous monitoring integrations, and contract-based offboarding workflows that necessitate no manual coordination for standard vendor tiers.

• Develop and uphold near-real-time risk posture dashboards and reporting pipelines that programmatically compile data from cloud infrastructure, security tools, vulnerability scanners, and GRC platforms, providing leadership with ongoing insights into the organization’s changing risk landscape.

• Establish secure agentic AI pipelines that independently triage, classify, and route risk-related tasks, escalating to human reviewers only when decisions surpass defined confidence thresholds or policy limits.

• Create integrations between GRC platforms, cloud and vendor provider APIs, CI/CD pipelines, and internal systems, facilitating continuous control monitoring and evidence collection that replaces the need for periodic, manual audit preparations.

• Resolve procedural ambiguity by formalizing risk management processes into self-service, event-driven workflows, ensuring stakeholders across the organization never have to inquire about how to initiate or progress through a risk or vendor process.

• Implement security-first engineering practices across all automation efforts, including secrets management, least-privilege access, audit logging, input validation, and guardrails on AI agent behavior, to guarantee that automated pipelines function within established trust boundaries.

• Act as an internal force multiplier by promoting and advocating for AI-assisted engineering practices, including prompt engineering, agentic tool usage, and LLM-powered code generation, to enhance the capabilities of the broader Risk and Compliance teams.

• Undertake additional responsibilities as assigned.

⛳️ Requirements

• Bachelor's degree in Computer Science, Cybersecurity, Software Engineering, or a related field; or an equivalent combination of education and demonstrated engineering experience in integration and automation.

• Over 5 years of direct software engineering, DevOps, or security automation experience in live environments.

• At least 2 years of experience working in or directly supporting risk management functions or GRC operations.

• Proven experience in building and deploying automation pipelines in production settings using Python, Go, Bash, or similar languages, with infrastructure-as-code tools such as Terraform.

• A history of leveraging AI/LLM tools (e.g., Claude Code, GitHub Copilot, or similar) to enhance engineering output and create agentic or semi-autonomous workflows.

• Familiarity with risk registers and GRC platforms (e.g., Archer, ServiceNow, TrustCloud, Vanta, Drata, Hyperproof) and the capability to integrate these programmatically into automated workflows.

• Understanding of risk management frameworks (NIST CSF, PCI DSS, ISO 27001, SOC 2, FFIEC) and how controls translate into technical implementations.

• Proficiency with AI-assisted development tools (Claude Code, GitHub Copilot, or similar agentic coding assistants) and the capability to design, prompt-engineer, and orchestrate AI agents for security automation workflows.

• Strong command of Python, Go, or TypeScript, with the ability to independently deliver production-quality code.

• Comprehensive knowledge of cloud platforms (AWS preferred), including IAM, Lambda, Step Functions, EventBridge, API Gateway, and associated serverless/event-driven services.

• Solid software engineering fundamentals: version control (Git), code review, testing, CI/CD, API design, and the ability to create production-quality, maintainable code—beyond just scripts.

• A systems-thinking mindset, capable of navigating organizational silos and designing automation that considers process dependencies, edge cases, and potential failure modes.

• Acquaintance with security data engineering concepts: API and database integration, data normalization, and constructing automated evidence-collection pipelines for compliance and audit support.

• Exceptional written and verbal communication skills, with the ability to articulate complex automation architectures into clear documentation, runbooks, and knowledge-transfer materials for cross-functional teams.

• A self-directed engineering approach with a proactive attitude, a low tolerance for manual labor, and a commitment to reducing repetitive work through automation. You regard repeated manual processes as a bug, not a task.

🏝️ Benefits

• Medical insurance

• Dental insurance

• Vision insurance

• 401(k) with company match

• Flexible PTO plus 12 paid holidays

• Paid sick leave

• Paid parental leave

• Family leave

• Lifestyle spending account

• Tuition reimbursement

• Cell phone stipend