Applications Security and Compliance Engineer

About The Position

Requirements

• 3+ years of experience in information security, compliance engineering, application security, or GRC-related roles.
• Hands-on experience implementing or operating a GRC platform such as Drata.
• Experience integrating SaaS platforms, cloud services, and security tools for automated evidence collection.
• Working knowledge of application security concepts including SAST and open source risk.
• Familiarity with compliance frameworks such as SOC 2 and ISO 27001.
• Strong documentation, communication, and cross-functional collaboration skills.
• Strong scripting, development, or automation skills

Nice To Haves

• Experience supporting cloud-native SaaS environments.
• Experience with Snyk or similar application security tooling.
• Scripting or automation experience (e.g., Python, APIs, workflows).
• Prior experience supporting external audits or continuous compliance programs.

Responsibilities

• Lead the implementation, configuration, and ongoing administration of the Drata GRC platform, including control frameworks, testing schedules, and evidence workflows.
• Establish, maintain, and optimize integrations between Drata and source systems such as cloud infrastructure, identity providers, code repositories, and security tooling.
• Design and implement automated control testing and evidence collection to reduce manual effort and improve audit reliability.
• Monitor control health, identify integration or testing failures, and drive timely remediation.
• Support the Compliance Analyst team in their use of Drata, including workflows, evidence expectations, and continuous compliance operations.
• Partner with compliance leadership to ensure accurate representation of control status and maturity.
• Develop and maintain compliance metrics and dashboards for leadership, including audit readiness, control coverage, and risk trends.
• Assist with audit preparation and execution for frameworks such as SOC 2, ISO 27001, and other regulatory requirements.
• Support Application Security programs using Snyk, including SAST, open source dependency monitoring, and vulnerability remediation workflows.
• Partner with Engineering teams to embed security into CI/CD pipelines and development processes.
• Track, triage, and report on application security findings in collaboration with product and engineering stakeholders.
• Contribute to broader Information Security initiatives such as control design, process improvement, tooling enhancements, and risk reduction efforts.
• Collaborate with CloudOps, Engineering, Legal, Privacy, and Compliance teams on security and compliance-related projects.
• Maintain clear documentation for controls, procedures, integrations, and operational processes.

Benefits

• We create inspiring workplaces for some of the biggest and best companies in the world. And we do it within our own teams every day. That’s one reason we made the Fortune 100 Best Companies to Work For® list in 2021. Join us and watch people thrive at work—including you. With seven global offices and employees working around the world, we’re committed to creating an atmosphere where every person can share their talents and reach their potential.