Senior Security Engineer, GRC Automation

This is a fully remote position, open to applicants in California.

📋 Description

• Design and develop automation, dashboards, and integrations that enhance our Governance, Risk, and Compliance (GRC) operations.

• Collaborate closely with the Senior Manager of GRC to create scalable automation that supports our security and privacy obligations — from ensuring audit readiness to managing customer trust workflows.

• Operationalize and expand our GRC platform (Drata), creating AI-assisted workflows that streamline evidence collection, control monitoring, and vendor risk management, while taking ownership of project delivery from scoping to go-live.

• Engage with auditors, maintaining ownership of the technical narrative regarding your contributions and their purpose.

• Lead the implementation and integration of our GRC platform, ensuring it is fully operational across essential systems and workflows.

• Develop automated workflows for control testing, evidence gathering, and audit preparedness.

• Oversee project delivery across multiple GRC automation initiatives concurrently, ensuring clear scope, milestones, and stakeholder visibility without compromising quality.

⛳️ Requirements

• A minimum of 5 years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles.

• Demonstrated expertise working alongside GRC, compliance, or audit teams to create automation that facilitates evidence collection, control testing, or security monitoring.

• Hands-on experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production settings.

• Proficient scripting and integration capabilities using Python, JavaScript, APIs, webhooks, or workflow automation tools.

• Ability to collaborate cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical solutions.

• Knowledge of compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and their application to real-world infrastructure and operations.

• Experience in project management and delivery ownership — handling multi-workstream compliance or security projects from start to finish: scoping, milestones, stakeholder communication, and timely delivery without needing constant PM oversight.

• Background in building AI-assisted workflows — experience with LLMs, agentic tools, or automation pipelines (beyond basic click-through tools) to address a GRC or compliance challenge, with the ability to explain what you developed, its purpose, and how you validated the outcomes.

• Comfortable in auditor-facing situations — you possess a strong presence during technical presentations and can effectively communicate your automation work to external auditors, senior stakeholders, and executive audiences, distinguishing between what you built and its implications.

🏝️ Benefits

• Immediate access to 1Password's benefits program (health, dental, 401k, and more).

• Generous paid time off policy.

• Equity grant opportunity.

• Participation in our incentive programs.