Compliance Automation Engineer

at Vanta
🇺🇸 United States - Remote
🔧 DevOps🔵 Mid-level

Job description

At Vanta, our mission is to secure the internet and protect consumer data. We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it.

Vanta is growing quickly and we’re continually moving upmarket, dealing with sophisticated customers with complex security and compliance environments and needs. Our Security team uses our own Security and Privacy GRC experience to meet customer demand to help grow our market share as the industry leader in compliance and security.

As a Compliance Automation Engineer, GRC at Vanta, you will support FedRAMP Authorization efforts on the Vanta Security Team, working closely with cross-functional Engineering and Product teams. Your focus will be managing critical authorization audit readiness and continuous monitoring process, automating evidence collection wherever possible.

If this sounds like you, and you’re excited to use your Security and GRC experience to help grow and sell our product, we’d love to hear from you.

Visit our Vanta Engineering Blog to learn more about what our team is working on!

What you’ll do as a Compliance Automation Engineer, GRC at Vanta:

  • Design and develop automation solutions for evidence collection across infrastructure, endpoints, and SaaS platforms (e.g., AWS, GCP, GitHub, Okta).

  • Build and maintain scripts and APIs to interface with compliance tooling

  • Support recurring internal and external audits (FedRAMP, SOC 2, ISO 27001, HIPAA, etc.) by ensuring automated and reliable control monitoring

  • Automate control testing and reporting pipelines to reduce manual effort and improve accuracy

  • Support internal GRC platforms, dashboards, and metrics to communicate compliance posture and audit findings

  • Work with the compliance team to define technical control requirements and translate them into measurable, testable systems

  • Work with Engineering partners to embed compliance checks into CI/CD pipelines and infrastructure deployment workflows

  • Establish and manage the POAM and Continuous Monitoring processes and run monthly PMO meetings

  • Manage compliance deliverables for public sector stakeholders and manage ongoing updates

  • Leverage AI/ML tools to drive automation and improve efficiency and outcomes for audit and monitoring processes

  • Drive remediation for Security Team gaps and dependencies - this includes investigating and POCing solutions to replace existing tech where needed

  • Drive remediation of FedRMAP authorization gaps

  • Support policy and process implementation for business and engineering processes to support authorization

  • Support the implementation of technical controls within the security and engineering teams

  • Contribute to the development of machine readable reports for Product Team

  • Gather performance metrics and report KPIs to security team leaders

  • Become an expert on the Vanta public sector product offerings and provide regular feedback to product teams

  • Support the team responding to public sector security questionnaires

  • Partner to help improve existing and launch new security and compliance processes, programs, and policies where needed

  • Support audit readiness across Vanta’s compliance frameworks as needed

How to be successful in this role:

  • 3+ years of experience in scripting, automation, or backend engineering roles with a focus on security, infrastructure, or compliance

  • Expertise with public sector security frameworks like FedRAMP and CMMC

  • Experience with other NIST frameworks like NIST CSF, 800-53, 800-171, RMF

  • Ability to write scripts and basic code to automate audit and evidence gathering processes

  • Proficiency in at least one or more common scripting languages like Python, Go, PowerShell, Bash, Ruby, or JavaScript,

  • Experience consuming and building RESTful APIs to integrate various security, IT, and GRC tools

  • Experience querying APIs, building command-line tools, and working with structured data (JSON, CSV, YAML, OSCAL)

  • Ability to query and manipulate data in various datastores to extract compliance-relevant information

  • Familiarity with Cloud Infrastructure, Version Control Systems, Risk Management, Vulnerabilities, and their related security processes

  • Experience in product and program management

  • Experience in building productive relationships and driving collaboration with both technical and non-technical teams

  • Knowledge of audit processes and evidence requirements for cybersecurity frameworks

  • Security compliance management experience within a SaaS environment preferred, but not required

  • Experience working with other security frameworks like SOC2 and ISO27001 preferred but not required

  • Security certifications (e.g. CISA, CISSP, CRISC) and/or formal education strongly preferred, but not required

What you can expect as a Vantan:

  • Industry-competitive compensation

  • 100% covered medical, dental, and vision benefits with dependents coverage

  • 16 weeks fully-paid parental Leave for all new parents

  • Health & wellness and remote workplace stipends

  • Family planning benefits through Carrot Fertility

  • 401(k) matching

  • Flexible work hours and location

  • Open PTO policy

  • 11 paid holidays in the US

  • Offices in SF, NYC, London, Dublin, and Sydney

To provide greater transparency to candidates, we share base pay ranges for all US-based job postings regardless of state. We set standard base pay ranges for all roles based on function, level, and country location, benchmarked against similar-stage growth companies. Final offer amounts are determined by multiple factors and may vary based on candidate location, skills, depth of work experience, and relevant licenses/credentials.

#LI-remote

At Vanta, we are committed to hiring diverse talent of different backgrounds and as such, it is important to us to provide an inclusive work environment for all. We do not discriminate on the basis of race, gender identity, age, religion, sexual orientation, veteran or disability status, or any other protected class. As an equal opportunity employer, we encourage and welcome people of all backgrounds to apply.

About Vanta

We started in 2018, in the wake of several high-profile data breaches. Online security was only becoming more important, but we knew firsthand how hard it could be for fast-growing companies to invest the time and manpower it takes to build a solid security foundation. Vanta was inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security.From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world’s leading Trust Management Platform, our vision remains unchanged.

Now more than ever, making security continuous—not just a point-in-time check— is essential. Thousands of companies rely on Vanta to build, maintain and demonstrate their trust— all in a way that’s real-time and transparent.

Share this job:
Please let Vanta know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Vanta logo

Vanta

Automated security compliance

  • Founded in 2016
  • 70 remote jobs

Latest Jobs at Vanta

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply