GRC Engineer

CloudflareSan Francisco, CA
Onsite

About The Position

Security is at the heart of Cloudflare’s mission to help build a better Internet. Anytime we push code, it automatically affects the millions of Internet properties (powering websites, remote teams, APIs, mobile apps, etc.) running on our global network. Cloudflare's network is one of the largest in the world, spanning over 330 cities in more than 125 countries, and operating within 50 milliseconds of 95% of the Internet-connected population. The Security Governance, Risk and Compliance team (GRC) is a sub-team of Security. Our job is to make sure that Cloudflare has the right controls in place to secure our systems and customer data. We work cross-functionally with almost every team at Cloudflare to implement new controls, manage risk, and demonstrate our security posture to auditors and customers.

Requirements

  • Have 5+ years of experience in security, compliance, automation, or engineering functions in a fast-paced environment.
  • You are a builder and enjoy building technical solutions to complex and messy problems.
  • Experience designing or implementing AI-powered automation and agentic workflows.
  • Understand the unique risks of non-deterministic systems and how to govern them.
  • Deep experience with Infrastructure as Code (Terraform, Pulumi) and Policy as Code (OPA/Rego) implementation.
  • Know how to enforce security guardrails before code is ever deployed.
  • Proficient in Python, Go, or other scripting languages for automation, API interactions, and data parsing.
  • Comfortable working with REST APIs to glue disparate security tools together.
  • Proven experience building modern web applications, including JavaScript/TypeScript and React, and collaborating effectively across frontend and backend boundaries.
  • Driven by curiosity, anchored by empathy, and defined by a relentless ability to get things done.
  • Seek to understand the "why," support your peers, and ship high-quality outcomes.

Nice To Haves

  • Demonstrated passion for security and software development, such as personal projects, open-source contributions, or active participation in the security research community.
  • You’ve built something with our developer platform using our products (e.g., Cloudflare Workers, R2, D1, or Workers AI).
  • You understand our ecosystem because you’ve used it.

Responsibilities

  • Develop and implement automated solutions to improve GRC processes and operations, integrating with existing security, engineering, and AI tools.
  • Build modules and maintain our GRC platform and other similar initiatives.
  • Architect and maintain a technical governance framework for the safe deployment of autonomous AI agents.
  • Ensure that agentic workflows operate within deterministic "action gates" and predefined risk thresholds.
  • Support Cloudflare’s security assessments (e.g., SOC 2, ISO 27001, PCI DSS, FedRAMP).
  • Treat "Audit Readiness" as a product, ensuring our global edge network remains compliant through automated drift detection and self-healing configurations.
  • Work cross-functionally with Legal, People, Engineering, and Finance teams to integrate security into the fabric of the company, moving away from "gatekeeping" toward a paved-road security model where compliance is the default state for every developer.

Benefits

  • medical, dental, and vision insurance
  • a 401(k) plan with company match
  • flexible paid time off
  • fertility & family-forming benefits
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service