Senior Security Engineer II

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related technical field, or equivalent practical experience
• 5+ years of experience in security, compliance, or audit-focused engineering roles
• Hands-on experience implementing compliance-as-code or automated compliance frameworks, including policy-as-code, continuous control monitoring, or automated evidence collection
• Proven experience leading ISO/IEC 27001 and SOC 2 audits end-to-end
• Experience supporting or leading additional frameworks such as Cyber Essentials, NIST, or similar
• Strong understanding of NIST SP 800-63 and identity/authentication controls
• Hands-on experience with a GRC platform (AuditBoard, Drata, Vanta, or similar) — required
• Experience with control frameworks, risk assessments, and evidence-based auditing
• Ability to translate technical implementations into audit-ready controls and documentation
• Strong stakeholder management and auditor-facing communication skills
• Experience in cloud-native or SaaS environments (AWS, Azure, or GCP preferred)

Nice To Haves

• Certifications such as CISSP, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor
• Experience scaling compliance programs in high-growth environments
• Familiarity with policy-as-code tools (e.g., OPA/Rego, AWS Config, Azure Policy) and infrastructure-as-code (e.g., Terraform, CloudFormation)
• Experience integrating security and compliance controls into CI/CD pipelines and cloud-native environments

Responsibilities

• Lead end-to-end audits across multiple frameworks, including ISO/IEC 27001, SOC 1/2 (AICPA Trust Services Criteria), Cyber Essentials, and NIST-based frameworks (including identity controls aligned to NIST SP 800-63)
• Own the full audit lifecycle, including scoping, readiness assessments, control design, evidence collection, auditor coordination, and remediation tracking
• Act as a primary owner for the organization’s audit and compliance program, setting direction for control design, audit readiness, and continuous compliance practices
• Map and rationalize controls across frameworks (e.g., ISO ↔ SOC ↔ NIST) to reduce duplication and improve efficiency
• Implement compliance-as-code practices, embedding security controls into infrastructure and application workflows using policy-as-code and automation
• Partner with engineering teams to integrate compliance checks into CI/CD pipelines and cloud environments to enable continuous compliance monitoring
• Partner with security and engineering teams to design and embed scalable, automated, audit-aligned controls directly into systems and workflows
• Leverage APIs and integrations within GRC platforms and engineering systems to automate evidence collection and control validation
• Administer and optimize a GRC platform (e.g., AuditBoard, Drata, Vanta), including control management, automated evidence collection, risk register maintenance, and audit workflows
• Maintain audit-ready documentation with clear traceability between controls, risks, and supporting evidence
• Influence security and engineering teams to adopt scalable, audit-aligned control implementations
• Define and track compliance metrics, leveraging automation and data analytics to support continuous audit readiness and control effectiveness
• Drive continuous improvement initiatives across the security and compliance program
• Develop and maintain policies, standards, and procedures aligned with evolving regulatory and security requirements
• Support identity and access management controls aligned with NIST SP 800-63 (Digital Identity Guidelines)
• Provide guidance and training to internal stakeholders on audit expectations and control responsibilities
• All other duties as assigned