CrawlJobs Logo

Senior Security Engineer, GRC Automation

https://www.1password.com Logo

1Password

Location Icon

Location:
United States; Canada

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

156000.00 - 210000.00 USD; CAD / Year
Save Job
Save Icon
Apply Position

Job Description:

1Password is looking for a Senior Security Engineer – GRC to design and implement automation, dashboards, and integrations that power our Governance, Risk, and Compliance (GRC) operations. You’ll partner directly with the Senior Manager of GRC to build automation that scales our security and privacy commitments — from audit readiness and policy enforcement to customer trust workflows. A key focus for this role will be operationalizing our newly selected GRC platform, integrating it with our internal systems, and ensuring it supports automated, scalable assurance processes across the organization. This is a hands-on technical role for someone who’s passionate about making GRC repeatable, visible, and built into how the company works. It sits at the intersection of security engineering, compliance, and platform operations — ideal for someone with a solutions engineering or DevSecOps background who thrives in high-context, high-impact environments.

Job Responsibility:

  • Lead the implementation and integration of our GRC platform, ensuring it is fully operationalized across key systems and workflows
  • Build out automated workflows for control testing, evidence collection, and audit readiness
  • Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management)
  • Design dashboards and reporting to track control health, trust signals, and audit performance
  • Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes like employee onboarding, change management, and incident response
  • Shape the roadmap for automated, resilient internal assurance infrastructure that grows alongside the business

Requirements:

  • 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles
  • Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring
  • Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments
  • Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools
  • Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems
  • Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they map to real-world infrastructure and operations

Nice to have:

  • Hands-on experience with event-driven automation platforms like Tines and their use in control validation and alerting
  • Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards in tools like Looker or Metabase
  • Strong understanding of cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging)
  • Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content
What we offer:
  • Health and wellbeing: Maternity and parental leave top-up programs
  • Competitive health benefits
  • Generous PTO policy
  • Growth and future: RSU program for most employees
  • Retirement matching program
  • Free 1Password account
  • Community: Paid volunteer days
  • Peer-to-peer recognition through Bonusly
  • Remote-first work environment

Additional Information:

Job Posted:
February 21, 2026

Employment Type:
Fulltime
Work Type:
Remote work
Icon
1Password - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Senior Security Engineer, GRC Automation

Senior Security Engineer

We’re looking for an experienced security engineer to join our highly collaborat...
Location
Location
Canada; United States
Salary
Salary:
143000.00 - 210000.00 USD; CAD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 5+ years of combined experience in security, GRC, risk, or a related space with hands-on technical work building automation solutions as they relate to compliance controls, evidence, GRC platforms, etc.
  • experience in effectively analyzing data and programs for security risk, compliance, and maturity
  • willingness to wear different hats and work on areas where needed
  • must excel in communication, and demonstrate the ability to explain technical security concepts to a non-technical audience
  • must have a highly collaborative and teamwork-focused approach, as well as a heart for mentoring and leveling up your teammates
  • must be able to assess and mitigate corporate risk within the organization
  • sophisticated program/project management abilities
Job Responsibility
Job Responsibility
  • Own, design and manage the continued enhancement of various GRC programs including but not limited to strategy, roadmap, and controls to address regulatory requirements across multiple jurisdictions
  • communicate our compliance framework and various program requirements to all relevant stakeholders (internal and external)
  • engage cross-functionally with groups such as Engineering, Finance, Legal, Product, and Sales to establish a thoughtful, strategic and tactical approach to multiple GRC programs and related processes
  • assist with analysis and preparation for internal and external audits
  • accurately and effectively communicate our compliance position and programs to auditors and customers
  • partner with other members of the security team to establish security guidelines that enable the organization to move fast in a safe and secure manner
  • operate as a technical leader by helping define the GRC roadmap and by leveling up junior employees
  • build strong relationships with partner and stakeholder teams in order to build a scalable GRC program
What we offer
What we offer
  • Maternity and parental leave top-up programs
  • wellness spending allowance
  • generous PTO policy
  • company-wide wellness days off scheduled throughout the year
  • wellness coach membership
  • comprehensive health coverage
  • company equity for all full-time employees
  • retirement matching program
  • training budget, 1Password University access, and learning sessions
  • free 1Password account (and friends and family discount!)
  • Fulltime
Read More
Arrow Right

Senior Security GRC Engineer

The Senior Security GRC Engineer at Atlassian will be instrumental in implementi...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.atlassian.com Logo
Atlassian
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-7+ years experience in a similar role, preferably in a large-scale SaaS/Product environment
  • Expertise and experience working in security-focused roles
  • Experience with application security, especially web applications
  • Experience in cloud security architecture and infrastructure
  • Experience providing SME knowledge and guidance to stakeholders and engineering functions
  • Experience working with internal/external audit and leadership teams
  • Solid knowledge of cybersecurity principles, risk management strategies, and IT governance frameworks
  • Strong communication and interpersonal skills, with the ability to interact with stakeholders at all levels and explain complex security concepts in an understandable way
  • Relevant certifications such as CISSP, CISM, or CRISC would be beneficial
  • Scripting experience to automate recurring tasks (JQL, SQL, Python, Go)
Job Responsibility
Job Responsibility
  • Deliver technical expertise and innovation, providing security guidance to teams and promoting the adoption of industry-leading methodologies to build secure products by default
  • Drive technical solutions in security and risk management
  • Leverage data analytics and visualization, deriving actionable insights from security governance, risk, and compliance data
  • Promote automation and tooling, encouraging the use of the latest security tools to enhance product security processes
  • Proactively identify and mitigate risks, recognizing potential security threats or compliance concerns specific to product security
  • Collaborate with product security teams, implementing security controls and best practices
  • Regularly evaluate and report, assessing the effectiveness of security controls
  • Influence and align stakeholders, working with security engineers and stakeholders to drive alignment on security initiatives
  • Stay informed on regulatory awareness and compliance, keeping up with the latest developments in legislative, regulatory, and industry security requirements
What we offer
What we offer
  • health coverage
  • paid volunteer days
  • wellness resources
  • Fulltime
Read More
Arrow Right
New

Senior Security Engineer, Privacy

As a Senior Security Engineer, Privacy, you will serve as a trusted advisor at t...
Location
Location
Canada; England; France; Germany; Italy; Portugal; Spain; United States
Salary
Salary:
88000.00 - 110000.00 EUR / Year
docker.com Logo
Docker
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6–8 years of experience in information technology, security engineering, governance, risk and compliance, privacy engineering, or closely related roles
  • Proven experience designing and implementing GRC programs with a strong emphasis on automation, engineering, and scalable processes
  • Hands-on experience implementing or operating privacy programs aligned with GDPR and ISO/IEC 27701, including privacy-by-design and privacy-by-default principles
  • Strong understanding of privacy engineering concepts such as data minimization, purpose limitation, data lifecycle management, and technical data protection controls
  • Proficiency in one or more programming or scripting languages such as Python or Golang, with experience building automation for compliance and privacy workflows
  • Experience working with APIs, webhooks, and integrating GRC, privacy, and security tooling
  • Hands-on experience with public cloud environments (AWS, Azure, or GCP), including applying privacy and data protection controls across backup systems, data lakes, and distributed cloud storage services
  • Experience integrating security and compliance requirements into SDLC and CI/CD pipelines using DevSecOps practices
  • Solid understanding of security frameworks and regulatory standards such as ISO 27xxx, SOC 2, GDPR, and NIST, and how they apply to SaaS environments
  • Knowledge of information security risk management and common security technologies (e.g., SIEM, vulnerability management, data loss prevention, endpoint protection)
Job Responsibility
Job Responsibility
  • Embed privacy-by-design principles into Docker products, services, and internal platforms, aligned with ISO/IEC 27001, ISO/IEC 27701, SOC 2, and global privacy regulations
  • Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines
  • Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness
  • Implement and customize GRC and privacy tooling using APIs, scripting, and automation to streamline evidence collection, control validation, and compliance operations
  • Lead and automate data discovery, classification, and data mapping across Docker systems to maintain accurate Records of Processing Activities (RoPA) and support data lifecycle governance
  • Conduct and operationalize security risk assessments and Data Protection Impact Assessments (DPIAs), integrating findings into Docker’s risk register and remediation tracking
  • Define, implement, and validate data protection and data lifecycle controls, including data minimization, retention, deletion, and access controls
  • Build and maintain dashboards and security/privacy metrics to provide real-time visibility into risk, compliance posture, and program effectiveness
  • Support internal and external audits by providing high-quality, automated evidence and serving as a subject matter expert for security and privacy controls
  • Draft, maintain, and map security and privacy policies, standards, and procedures to relevant regulatory and industry frameworks
What we offer
What we offer
  • Freedom & flexibility
  • fit your work around your life
  • Designated quarterly Whaleness Days plus end of year Whaleness break
  • Home office setup
  • we want you comfortable while you work
  • 16 weeks of paid Parental leave
  • Technology stipend equivalent to $100 net/month
  • PTO plan that encourages you to take time to do the things you enjoy
  • Training stipend for conferences, courses and classes
  • Equity
  • Fulltime
Read More
Arrow Right
New

Senior Security Engineer

We’re looking for a Senior Security Engineer to lead and scale our security moni...
Location
Location
Spain
Salary
Salary:
Not provided
maisa.ai Logo
Maisa
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years in security engineering, detection & response, or SOC/IR roles, with strong hands-on technical depth
  • Proven experience building and operating SIEM (Splunk, Elastic, or other equivalent SIEM platforms) detections, alerting, and dashboards in production environments
  • Strong incident response skills: investigation, evidence collection and custody-chain enforcement, containment strategies, and communications
  • Solid knowledge of AWS security (CloudTrail, GuardDuty concepts, IAM, VPC flow logs, CloudWatch, etc.) and common cloud attack techniques
  • Practical experience securing Kubernetes environments (cluster telemetry, runtime signals, RBAC, admission controls, workload identity)
  • Ability to write and maintain detections/playbooks as code (Python, Go, or similar), and comfort with automation and APIs
  • Strong understanding of attacker behavior, log sources, and detection tradeoffs (precision vs. recall)
Job Responsibility
Job Responsibility
  • Own detection engineering end-to-end: build, tune, and maintain threat detections across cloud, Kubernetes, workloads, and identity, focusing on high-fidelity signals and actionable alerts
  • Operate and evolve SIEM & SOAR: develop ingestion pipelines, parsing/normalization, enrichment, correlation, dashboards, and automated playbooks (triage, containment, evidence collection)
  • Threat detection & alerting strategy: define alert standards (severity, SLAs, routing), reduce noise, and establish measurable detection coverage mapped to frameworks (e.g., MITRE ATT&CK)
  • Incident response leadership: act as an incident responder and escalation point. Coordinate investigations, containment, eradication, recovery, and build incident reports
  • improve processes based on learnings
  • Detection content lifecycle: write, test, deploy, and continuously tune detection rules
  • maintain version control, peer review, and CI/CD for detections/playbooks
  • Threat hunting & proactive analysis: conduct hypothesis-driven hunts, identify gaps, and translate findings into new detections and automated response
  • Cross-functional collaboration: partner with GRC, SRE, and Engineering teams to harden services, improve observability, and roll out secure-by-default controls
  • Documentation and enablement: create runbooks, playbooks, and training so on-call responders and stakeholders can act quickly and consistently
  • Fulltime
Read More
Arrow Right
New

Senior Technical Program Manager

The Senior Technical Program Manager, Security & GRC will work directly with our...
Location
Location
United States
Salary
Salary:
200000.00 - 220000.00 USD / Year
humaninterest.com Logo
Human Interest
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in CS, Engineering, or a related field
  • Started career as a Security Engineer, Systems Administrator, or Analyst
  • TPM professional for 5+ years, specifically managing high-stakes security, privacy, or infrastructure initiatives
  • Deep understanding of the Security SDLC and experience navigating cloud-native service architectures (AWS/GCP) with a focus on security guardrails
  • Experience translating regulatory frameworks (e.g., SOC2, ISO 27001, FedRAMP, or GDPR) into concrete technical requirements
  • Proven ability to 'go deep' and comfortable looking at architectural diagrams, API docs, or cloud configurations to find root causes
  • Exceptional communication skills with a knack for explaining the 'why' behind a security control to a developer and the 'how' of a technical fix to an auditor
  • Strong ability to leverage data—from vulnerability scanners to Jira velocity—to tell a story and drive cross-functional decision-making
Job Responsibility
Job Responsibility
  • Technical security orchestration: Partner with Security Engineering, Risk, Product, and Infrastructure teams to bake security and compliance 'into the kiln'
  • Help design risk solutions: Dive deep into the security stack to not only identify execution blockers but actively architect the technical solutions to implement them
  • Help architect our security mission: Define the technical milestones for high-stakes initiatives like Zero Trust and IAM overhauls, translating a broad vision into a precise execution roadmap
  • Drive high-velocity operations: Lead agile security sprints that harmonize vulnerability remediation and threat detection with feature development
  • Optimize the 'rhythm of the business' by automating manual GRC workflows, eliminating manual friction and moving us toward Compliance as Code
  • Translate telemetry into narrative: Distill complex security data and telemetry into compelling risk narratives for leadership while maintaining high-fidelity technical depth for engineers
  • Optimize the defensive roadmap: Command long-term strategic planning by aligning cloud infrastructure costs and security tooling with the company’s overarching defensive goals
  • Cultivate organizational excellence: Uphold a relentless culture of focus and accountability, identifying systemic inefficiencies and driving impact through superior tooling and process engineering
What we offer
What we offer
  • A great 401(k) plan: Our own! Our 401(k) includes a dollar-for-dollar employer match up to 4% of compensation (immediately vested) and $0 plan fees
  • Top-of-the-line health plans, as well as dental and vision insurance
  • Competitive time off and parental leave
  • Addition Wealth: Unlimited access to digital tools, financial professionals, and a knowledge center to help you understand your equity and support your financial wellness
  • Lyra: Enhanced Mental Health Support for Employees and dependents
  • Carrot: Fertility healthcare and family forming benefits
  • Candidly: Student loan resource to help you and your family plan, borrow, and repay student debt
  • Monthly work-from-home stipend
  • quarterly lifestyle stipend
  • Engaging team-building experiences, ranging from virtual social events to team offsites, promoting collaboration and camaraderie
  • Fulltime
Read More
Arrow Right
New

Senior GRC specialist

At JFrog, we’re reinventing DevOps to help the world’s greatest companies innova...
Location
Location
Israel , Netanya/Tel Aviv
Salary
Salary:
Not provided
jfrog.com Logo
JFrog
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of direct experience in Information Security GRC, Risk Management, or Audit, preferably acquired within a high-growth SaaS or cloud-native environment
  • A proactive, self-starting mentality with strong analytical, project management, and problem-solving skills, with proven ability to validate your own work and drive tasks to completion independently
  • Demonstrable expertise in managing core compliance programs (SOC 2, ISO 27001)
  • Experience pursuing net-new compliance certifications and initiatives (e.g., R, C5, TISAX, IRAP)
  • Experience developing, drafting, and implementing security policies and standards from the ground up in a tech-focused environment, harmonizing controls across frameworks to create agile standards
  • Experience leading complex security audits, serving as a primary liaison and "in-the-room" lead during internal and external audits
  • Strong understanding of information security principles, risk management, and control frameworks in a cloud-first environment (AWS, GCP, Azure)
  • Exceptional communication and interpersonal skills, with a proven ability to build relationships and influence change across engineering, product, and business teams, and the ability to write concise, "Executive Ready" policies and risk reports
  • Hands-on experience with GRC platforms and a drive to automate manual GRC workflows
  • Bachelor’s degree in Cybersecurity, Information Technology, Law, or a related field, or equivalent practical experience
Job Responsibility
Job Responsibility
  • Drive Security Framework Adoption (New Markets): Lead the strategic adoption of net-new security frameworks to unlock business markets
  • Oversee the Security Certification Program: Oversee the end-to-end execution of our security assurance portfolio (ISO 27001, SOC 2)
  • Lead Security Audits: Serve as a primary GRC contact for internal and external audits. You'll coordinate evidence gathering, craft management responses, and drive the remediation of findings
  • Lead Governance Initiatives: Develop, maintain, and enhance the enterprise-wide security GRC framework, policies, standards, and procedures, ensuring they align with our cloud-native and SaaS environment
  • Risk Management & TPRM: Evolve our Third-Party (TPRM) and Internal Security Risk programs, including executing and documenting comprehensive risk assessments, ensuring that findings are remediated and clearly aligned with JFrog’s risk appetite
  • Collaborate Cross-Functionally: Partner with engineering, product, IT, and legal teams to embed security controls into daily business operations, ideally automated
  • Mentor & Advise: Act as a subject matter expert on governance and risk for the wider organization and provide mentorship to junior GRC team members
Read More
Arrow Right

Security GRC Analyst

We’re looking for a Security GRC Analyst to help support and advance Intercom’s ...
Location
Location
Ireland , Dublin
Salary
Salary:
Not provided
intercom.com Logo
Intercom
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience building collaborative relationships with a diverse range of stakeholders, including executive leadership, management, Legal, Privacy, Engineering, and external auditors
  • Experience with cloud security practices, including tooling, strategy, and methodology
  • experience with AWS security is preferred
  • Knowledge of information security technologies, compliance and regulatory requirements, information governance, and privacy best practices
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, SOC 2, and HIPAA, as well as NIST frameworks including 800-53 and the NIST Cybersecurity Framework
  • Demonstrates a high level of personal integrity, with the ability to handle confidential information professionally and exercise sound judgment and maturity
  • Demonstrates the ability to scope, plan, and delegate work effectively
  • Demonstrates strong cross-functional communication skills, both written and verbal
  • Demonstrates a high degree of autonomy and ownership in their approach to work
Job Responsibility
Job Responsibility
  • Develop, enhance, and operationalise entity-level security and privacy policies, processes, and controls to mitigate risk and comply with applicable laws and regulations
  • Continuously monitor and assess Intercom’s security and privacy controls, working closely with teams such as Legal, Engineering, Sales, and Customer Support to refine and improve control design
  • Drive the implementation of security assurance strategies, including ownership of internal and external assurance resources and improvements to Intercom’s security assurance materials
  • Maintain and manage the enterprise security risk register, partnering with senior leaders to identify, assess, and reduce security risks
  • Improve operational efficiency through process improvements, technical solutions, and automation where possible
What we offer
What we offer
  • Competitive salary and equity in a fast-growing start-up
  • We serve lunch every weekday, plus a variety of snack foods and a fully stocked kitchen
  • Regular compensation reviews – we reward great work!
  • Pension scheme & match up to 4%
  • Peace of mind with life assurance, as well as comprehensive health and dental insurance for you and your dependents
  • Flexible paid time off policy
  • Paid maternity leave, as well as 6 weeks paternity leave for fathers, to let you spend valuable time with your loved ones
  • If you’re cycling, we’ve got you covered on the Cycle-to-Work Scheme, with secure bike storage too
  • MacBooks are our standard, but we also offer Windows for certain roles when needed
  • Fulltime
Read More
Arrow Right

Staff Trust, Risk and Compliance Engineer

As a Staff Trust, Risk, and Compliance Engineer you will operate at the center o...
Location
Location
Czechia , Prague
Salary
Salary:
Not provided
rapid7.com Logo
Rapid7
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience (typically 10+ years) building bridge-layers between complex business requirements and technical operations
  • Deep understanding of managing complex lifecycles—whether in Trust, Risk, and Compliance (NIST, ISO) or other highly regulated, high-scale technical fields
  • A proven track record of designing systems that don't just "work" but scale
  • A design-thinking–led microservices architecture that allows the TRC stack to adapt and evolve organically
  • Strong engineering mindset applied to governance, risk, and compliance challenges
  • Advanced technical fluency, including: Cloud environments (AWS)
  • APIs, automation, and scripting (e.g., Python)
  • Commercial GRC platforms and security tooling
  • Ability to influence direction, negotiate outcomes, and shape how peers and leaders approach problems
  • Strong judgment and communication skills
Job Responsibility
Job Responsibility
  • Design and drive end-to-end Trust, Risk, and Compliance programs across multiple complex regulatory and compliance regimes
  • Architect and evolve Rapid7’s TRC technology ecosystem, connecting applicability, assessment, implementation, operation, and meaningful reporting
  • Improve TRC maturity at scale, reducing uncertainty and friction while strengthening risk management outcomes
  • Operate autonomously across most situations, managing timelines, dependencies, and escalations without being chased
  • Run multiple complex initiatives in parallel with broad, cross-functional scope
  • Partner with senior leaders across Information Security, Engineering, Platform, IT, Enterprise Applications, and the business to shape direction and outcomes
  • Apply deep engineering judgment to navigate and integrate Rapid7’s technical stack, including AWS, Okta, commercial GRC platforms, Tableau, Terraform and Rapid7 products (such as InsightCloudSec, Surface Command, and InsightVM), and other security tooling
  • Leverage APIs, automation, scripting (e.g., Python), data, and AI-driven approaches to modernize how TRC operates
  • Integrate with productivity and collaboration tools (e.g., Slack, Google Workspace, Atlassian Portfolio) to deliver a seamless Trust, Risk, and Compliance experience
  • Influence how Rapid7 employees (“Moose”) think about security and compliance — shifting left, embedding controls early, and avoiding reactive cleanup
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy