Staff Security Engineer

Summary

Join Chainguard as the first GRC-focused Security Engineer to build and scale a mature compliance program. You will own upcoming SOC 2 Type II and ISO 27001 audits, shape security policies and procedures, and collaborate with cross-functional teams. This role involves identifying and mitigating compliance and security risks, streamlining compliance processes through automation, and explaining audit findings to various stakeholders. You will be instrumental in defining software supply chain security industry-wide. Chainguard values intentional action, collective success, and a thoughtful approach to compliance. This is a foundational role with significant impact.

Requirements

• You’ve run multiple SOC 2 Type II audits and ISO 27001 efforts
• Experience with risk assessments, control design and testing, and remediation management
• Familiarity with GRC platforms like Vanta and risk assessment methodologies, and a solid sense for how to automate the boring parts
• You can manage competing priorities and keep projects on track
• You can explain audit findings to both execs and engineers without causing confusion (or panic)

Responsibilities

• Create immediate impact: You’ll immediately own the upcoming SOC 2 Type II and ISO 27001 audits
• Greenfield opportunity: You’re the first in this seat. You’ll have room to shape security policies, standards, and procedures while building the function and processes
• Cross-functional exposure: You’ll work daily with security engineers, legal, HR, and product teams
• Be the calm in the audit storm: Serve as the point of contact between auditors and Chainguardians, translating “audit-speak” into plain English
• Spot the risk:. Help identify, assess, and mitigate compliance and security risks before they become “surprise incidents.”
• Level us up: Recommend ways to streamline our compliance engine ideally with the help of automation and modern GRC platforms

Preferred Qualifications

• Bonus points if you’ve survived a FedRAMP audit and lived to tell the tale
• Bonus points if you’ve got a technical background or engineering experience

Benefits

• Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a $400 monthly stipend for coworking spaces, phone and internet costs
• Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!)
• 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck
• ��� Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset
• 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year