Compliance Automation Engineer

Summary

Join Vanta's Security team as a Compliance Automation Engineer, GRC and contribute to securing the internet and protecting consumer data. You will support FedRAMP Authorization efforts, managing critical authorization audit readiness and continuous monitoring. Responsibilities include designing and developing automation solutions for evidence collection, building and maintaining scripts and APIs, supporting internal and external audits, and automating control testing and reporting. You will work with cross-functional teams to define technical control requirements, embed compliance checks into workflows, and manage compliance deliverables. Leveraging AI/ML tools to improve efficiency and drive remediation efforts is also a key aspect of this role. This position requires strong scripting and automation skills, expertise in public sector security frameworks, and experience with various security tools and technologies.

Requirements

• 3+ years of experience in scripting, automation, or backend engineering roles with a focus on security, infrastructure, or compliance
• Expertise with public sector security frameworks like FedRAMP and CMMC
• Experience with other NIST frameworks like NIST CSF, 800-53, 800-171, RMF
• Ability to write scripts and basic code to automate audit and evidence gathering processes
• Proficiency in at least one or more common scripting languages like Python, Go, PowerShell, Bash, Ruby, or JavaScript
• Experience consuming and building RESTful APIs to integrate various security, IT, and GRC tools
• Experience querying APIs, building command-line tools, and working with structured data (JSON, CSV, YAML, OSCAL)
• Ability to query and manipulate data in various datastores to extract compliance-relevant information
• Familiarity with Cloud Infrastructure, Version Control Systems, Risk Management, Vulnerabilities, and their related security processes
• Experience in product and program management
• Experience in building productive relationships and driving collaboration with both technical and non-technical teams
• Knowledge of audit processes and evidence requirements for cybersecurity frameworks

Responsibilities

• Design and develop automation solutions for evidence collection across infrastructure, endpoints, and SaaS platforms (e.g., AWS, GCP, GitHub, Okta)
• Build and maintain scripts and APIs to interface with compliance tooling
• Support recurring internal and external audits (FedRAMP, SOC 2, ISO 27001, HIPAA, etc.) by ensuring automated and reliable control monitoring
• Automate control testing and reporting pipelines to reduce manual effort and improve accuracy
• Support internal GRC platforms, dashboards, and metrics to communicate compliance posture and audit findings
• Work with the compliance team to define technical control requirements and translate them into measurable, testable systems
• Work with Engineering partners to embed compliance checks into CI/CD pipelines and infrastructure deployment workflows
• Establish and manage the POAM and Continuous Monitoring processes and run monthly PMO meetings
• Manage compliance deliverables for public sector stakeholders and manage ongoing updates
• Leverage AI/ML tools to drive automation and improve efficiency and outcomes for audit and monitoring processes
• Drive remediation for Security Team gaps and dependencies - this includes investigating and POCing solutions to replace existing tech where needed
• Drive remediation of FedRMAP authorization gaps
• Support policy and process implementation for business and engineering processes to support authorization
• Support the implementation of technical controls within the security and engineering teams
• Contribute to the development of machine readable reports for Product Team
• Gather performance metrics and report KPIs to security team leaders
• Become an expert on the Vanta public sector product offerings and provide regular feedback to product teams
• Support the team responding to public sector security questionnaires
• Partner to help improve existing and launch new security and compliance processes, programs, and policies where needed
• Support audit readiness across Vanta’s compliance frameworks as needed

Preferred Qualifications

• Security compliance management experience within a SaaS environment
• Experience working with other security frameworks like SOC2 and ISO27001
• Security certifications (e.g. CISA, CISSP, CRISC) and/or formal education

Benefits

• Industry-competitive compensation
• 100% covered medical, dental, and vision benefits with dependents coverage
• 16 weeks fully-paid parental Leave for all new parents
• Health & wellness and remote workplace stipends
• Family planning benefits through Carrot Fertility
• 401(k) matching
• Flexible work hours and location
• Open PTO policy
• 11 paid holidays in the US