Secure the Future with 1Password: Senior Security Engineer – GRC
At 1Password, we're not just building a password manager; we're forging the bedrock of a secure and productive digital world. We empower organizations to unleash employee productivity without sacrificing security. How? By ensuring every identity is authentic, every sign-in is fortified, and every device is trusted. As pioneers of Extended Access Management, we're redefining cybersecurity for today's human and AI-driven workforce. If you're driven by the challenge of securing millions and want to work with a team of passionate and curious minds, let's talk!
We're on the hunt for a Senior Security Engineer – GRC to architect and implement the automation, dashboards, and integrations that fuel our Governance, Risk, and Compliance (GRC) operations. This is where your expertise shapes a safer and simpler digital future for all.
Imagine This: You'll be partnering directly with the Senior Manager of GRC to craft automation solutions that scale our security and privacy commitments. Your core mission? To operationalize our cutting-edge GRC platform, seamlessly integrating it with our internal systems, and ensuring it powers automated, scalable assurance processes across the entire organization.
This is your sweet spot if you're a hands-on technical guru who's passionate about making GRC repeatable, transparent, and ingrained in the company's DNA. This role is the perfect intersection of security engineering, compliance, and platform operations – an ideal fit for a solutions engineering or DevSecOps ace who thrives in high-impact, high-context environments.
Location: This is a remote opportunity within the US or Canada.
What You'll Bring to the Table:
Experience: 5+ years in security engineering, DevSecOps, solutions engineering, or GRC automation.
GRC Expertise: Proven experience collaborating with GRC, compliance, or audit teams to build automation that streamlines evidence collection, control testing, and security monitoring.
Platform Implementation: Hands-on experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments.
Scripting Prowess: Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools.
Collaboration Skills: Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems.
Compliance Frameworks: Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they translate into real-world infrastructure and operations.
Bonus Points If You Have:
Event-Driven Automation: Hands-on experience with event-driven automation platforms like Tines and their application in control validation and alerting.
Evidence Pipelines: Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards using tools like Looker or Metabase.
Cloud-Native Security: Strong understanding of cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging).
Customer Trust/Privacy: Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content.
Here's What You'll Be Doing:
Lead GRC Platform Implementation: Ensure the smooth implementation and full operationalization of our GRC platform across key systems and workflows.
Automate Workflows: Develop automated workflows for control testing, evidence collection, and audit readiness.
Build Integrations: Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management).
Design Dashboards & Reporting: Design dashboards and reporting mechanisms to track control health, trust signals, and audit performance.
Cross-Functional Collaboration: Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes like employee onboarding, change management, and incident response.
Shape the Future: Contribute to the roadmap for automated, resilient internal assurance infrastructure that scales with our business growth.
USA-based roles only: The annual base salary for this role is between $156,000 USD and $210,000 USD, plus immediate participation in 1Password's benefits program (health, dental, 401k and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs.
Canada-based roles only: The annual base salary for this role is between $143,000 CAD and $193,000 CAD, plus immediate participation in 1Password’s generous benefits program (health, dental, RRSP and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs.
At 1Password, we approach each individual's compensation with a promise of fair market value and internal equity commensurate with experience and specific skill set.