Key skills
GRC automationSecurity engineeringDevSecOpsGRC platform integrationPythonJavaScriptAPIsCompliance frameworksAI governanceAIAgenticLookerAWSIAMChange ManagementSales
About this role
1Password is a rapidly growing company recognized for its innovative cybersecurity solutions. They are seeking a Senior Security Engineer to design and implement automation and integrations for their Governance, Risk, and Compliance operations, ensuring scalable security and privacy commitments.
Responsibilities:
- Lead the implementation and integration of our GRC platform, ensuring it is fully operationalized across key systems and workflows
- Build automated workflows for control testing, evidence collection, and audit readiness
- Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management)
- Design dashboards and reporting to track control health, trust signals, and audit performance
- Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes such as onboarding, change management, and incident response
- Shape the roadmap for automated, resilient internal assurance infrastructure that grows alongside the business
- Help define and operationalize scalable assurance approaches for internal AI usage and AI-enabled product capabilities
- Build automated workflows that support AI governance activities such as control mapping, policy enforcement, and audit readiness
- Partner with Security, Privacy, Legal, Product, and Engineering to translate AI-related trust and compliance requirements into practical, measurable systems and controls
- Evaluate and improve how GRC processes account for non-deterministic systems, connected AI agents, and AI-powered third-party vendors
Requirements:
- 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles
- Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring
- Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments
- Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools
- Ability to work cross-functionally with Security, Compliance, Legal, and Infrastructure teams to translate policies into scalable technical systems
- Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they map to real-world infrastructure and operations
- Experience applying automation or AI tools to improve GRC, audit, or assurance workflows, with an understanding of validation, accuracy, and trust tradeoffs
- Familiarity with AI governance, privacy, and security considerations for LLMs and agentic systems (e.g., sensitive data exposure, prompt injection, system misuse)
- Ability to evaluate where AI-driven approaches are appropriate in GRC workflows versus where deterministic controls and human review are required
- Builder mindset with modern tools (including AI), with the ability to experiment, evaluate, and operationalize solutions rather than only consume them
- Hands-on experience with event-driven automation platforms like Tines and their use in control validation and alerting
- Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards (e.g., Looker, Metabase)
- Strong understanding of cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging)
- Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content
- Experience supporting AI governance, AI risk assessments, or privacy-by-design reviews for AI-enabled systems
- Experience applying AI to audit, compliance, or third-party risk workflows in a way that improves scale while preserving trust, traceability, and human oversight