Compliance Automation Engineer, GRC

Salary: $139K - $164K Location Type: Remote Employment Type: Full-Time

Position Overview

At Vanta, our mission is to secure the internet and protect consumer data. We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it. Vanta is growing quickly and we're continually moving upmarket, dealing with sophisticated customers with complex security and compliance environments and needs. Our Security team uses our own Security and Privacy GRC experience to meet customer demand to help grow our market share as the industry leader in compliance and security.

As a Compliance Automation Engineer, GRC at Vanta, you will support FedRAMP Authorization efforts on the Vanta Security Team, working closely with cross-functional Engineering and Product teams. Your focus will be managing critical authorization audit readiness and continuous monitoring processes, automating evidence collection wherever possible.

If this sounds like you, and you're excited to use your Security and GRC experience to help grow and sell our product, we'd love to hear from you.

Visit our Vanta Engineering Blog to learn more about what our team is working on!

Responsibilities

• Design and develop automation solutions for evidence collection across infrastructure, endpoints, and SaaS platforms (e.g., AWS, GCP, GitHub, Okta).
• Build and maintain scripts and APIs to interface with compliance tooling.
• Support recurring internal and external audits (FedRAMP, SOC 2, ISO 27001, HIPAA, etc.) by ensuring automated and reliable control monitoring.
• Automate control testing and reporting pipelines to reduce manual effort and improve accuracy.
• Support internal GRC platforms, dashboards, and metrics to communicate compliance posture and audit findings.
• Work with the compliance team to define technical control requirements and translate them into measurable, testable systems.
• Work with Engineering partners to embed compliance checks into CI/CD pipelines and infrastructure deployment workflows.
• Establish and manage the POAM and Continuous Monitoring processes and run monthly PMO meetings.
• Manage compliance deliverables for public sector stakeholders and manage ongoing updates.
• Leverage AI/ML tools to drive automation and improve efficiency and outcomes for audit and monitoring processes.
• Drive remediation for Security Team gaps and dependencies - this includes investigating and POCing solutions to replace existing tech where needed.
• Drive remediation of FedRAMP authorization gaps.
• Support policy and process implementation for business and engineering processes to support authorization.
• Support the implementation of technical controls within the security and engineering teams.
• Contribute to the development of machine-readable reports for Product Team.
• Gather performance metrics and report KPIs to security team leaders.
• Become an expert on the Vanta public sector product offerings and provide regular feedback to product teams.
• Support the team responding to public sector security questionnaires.
• Partner to help improve existing and launch new security and compliance processes, programs, and policies where needed.
• Support audit readiness across Vanta’s compliance frameworks as needed.

Requirements

• Experience: 3+ years of experience in scripting, automation, or backend engineering roles with a focus on security, infrastructure, or compliance.
• Public Sector Frameworks: Expertise with public sector security frameworks like FedRAMP and CMMC.
• NIST Frameworks: Experience with other NIST frameworks like NIST CSF, 800-53, 800-171, RMF.
• Scripting & Automation: Ability to write scripts and basic code to automate audit and evidence gathering processes.
• Programming Languages: Proficiency in at least one or more common scripting languages like Python, Go, PowerShell, Bash, Ruby, or JavaScript.
• API Experience: Experience consuming and building RESTful APIs to integrate various security, IT, and GRC tools.

Company Information

At Vanta, our mission is to secure the internet and protect consumer data. We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it. Vanta is growing quickly and we're continually moving upmarket, dealing with sophisticated customers with complex security and compliance environments and needs. Our Security team uses our own Security and Privacy GRC experience to meet customer demand to help grow our market share as the industry leader in compliance and security.