Key skills
Security engineeringDevSecOpsGRC automationComplianceAudit readinessDrataVantaTinesJupiterOnePythonJavaScriptAPI integrationWorkflow automationSOC 2ISO 27001NIST 800-53AI-assisted workflowsEvent-driven automationAWS IAMEncryptionLoggingCISA certificationSecurity+ certificationAIAgenticAWSIAMChange ManagementSales
About this role
1Password is a leading cybersecurity company focused on creating a safe digital future. They are seeking a Security Engineer – GRC Automation to design and implement automation and integrations for their Governance, Risk, and Compliance operations, ensuring security and privacy commitments are met.
Responsibilities:
- Contribute to the implementation and integration of our GRC platform, executing on integrations and automations that connect Drata to key systems and workflows
- Build and maintain automated workflows for control testing, evidence collection, and audit readiness under the direction of senior GRC engineers
- Help design and deploy AI-assisted compliance workflows — including evidence collection automation, vendor questionnaire support, and control narrative drafting — with validation steps built in
- Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management)
- Manage your project workstreams with clear scope and milestones — communicating progress and flagging blockers proactively
- Build dashboards and reporting to track control health, trust signals, and audit performance
- Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes like employee onboarding, change management, and incident response
- Contribute to the roadmap for automated, resilient internal assurance infrastructure — bringing ideas, executing with quality, and growing toward owning larger workstreams over time
Requirements:
- 3+ years of experience in security engineering, DevSecOps, solutions engineering, GRC automation, or compliance roles
- Experience working with GRC, compliance, or audit teams to support automation for evidence collection, control testing, or security monitoring
- Hands-on experience working with GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) — configuration, integration, or implementation experience is strong signal
- Scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools — you've built something, not just configured it
- Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems
- Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they map to real-world infrastructure and operations
- Organizational and delivery skills — you can manage your workstreams with clear milestones, communicate progress proactively, and keep multiple tasks moving without losing quality
- Curiosity and experience with AI-assisted workflows — you've experimented with LLMs, agentic tools, or automation pipelines in a GRC or compliance context and can describe what you tried, what worked, and what you'd do differently
- Comfortable in auditor-facing settings — you can explain your work clearly to external auditors and senior stakeholders. You know the difference between what you built and what it proves
- Hands-on experience with event-driven automation platforms like Tines and their use in control validation and alerting
- Experience building evidence pipelines, tagging telemetry, or creating compliance dashboards
- Familiarity with cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging)
- Experience in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content
- Familiarity with EU AI Act, NIST AI RMF, or emerging AI governance frameworks — increasingly relevant as 1Password governs access for AI agents alongside human users
- CISA, Security+, or equivalent certification, or actively working toward one