Compliance Engineer

DISCO•New York, NY

4d•$155,000 - $190,000•Onsite

About The Position

DISCO is a legal tech software company focused on owning the legal tech market and becoming the leader in legal technology. The company's mission is to provide a unified technology platform for the practice of law, automating tasks to allow lawyers to focus on judgment. The Compliance Engineer will be part of the DevOps team, driving the implementation of compliance requirements established by Security and GRC stakeholders. This role will enhance system reliability, scalability, and security, and automate the "audit burden" for engineers, shaping the future cloud strategy and assuring partners. DISCO provides a cloud-native, AI-powered legal solution simplifying ediscovery, legal document review, and case management. The company believes AI is a core enabler of work and expects employees to use AI tools to drive efficiency and improve outcomes.

Requirements

A minimum of 5 years in a technical compliance, security, or DevOps-adjacent role, preferably within a SaaS environment.
Strong understanding of key compliance frameworks, including SOX 404, ISO-27001, SOC2, and IT general controls (ITGC).
2-4 years of hands-on experience in DevOps or Platform Engineering, specifically working with AWS, cloud-native applications, and automating deployment/scaling of containerized applications using Infrastructure as Code.
A desire and/or experience in leveraging compliance automation platforms (e.g., Anecdotes) to build and maintain automated evidence-gathering tools.
An engineering background with a preference for collaborative work, including mentoring others and partnering with cross-functional engineering teams to build and maintain highly performant systems.
Candidates must be legally authorized to work in the United States without sponsorship now or in the future. DISCO is not currently sponsoring visas, including, but not limited to, H-1B, TN, or EAD, and we are not accepting visa transfers.

Nice To Haves

Exposure to and understanding of security and compliance frameworks such as FedRAMP, NIST 800-53, or CSRF.
Experience building and managing PaaS (Platform as a Service) for internal development teams.
Experience with Cloud Networking (VLAN, routing).
Experience with other cloud platforms, specifically Azure and GCP.
Familiarity with Windows Server and Administration (Active Directory, Group Policy Objects).
Experience with ASP.NET Deployments (WebDeploy).
General experience with Software Development and any tech stack.

Responsibilities

Serve as the Engineering technical contact for annual SOX, SOC2 Type II, and ISO-27001 audits while automating evidence collection into "Continuous Compliance" workflows with minimal disruption to engineering velocity.
Work with DevOps Engineers to implement "Compliance as Code," establishing automated guardrails and performing internal reviews of infrastructure configurations.
Manage the technical lifecycle of user access, enforce Segregation of Duties (SoD), and review deprovisioning workflows to ensure compliance with security policies.
Support GRC teams by providing technical expertise during sales cycles, responding to RFPs, and maintaining the Security Trust Center and compliance documentation.