Key skills
GRC automationSecurity engineeringDevSecOpsGRC platform integrationScripting skillsCompliance frameworksCloud-native securityEvent-driven automationBuilding evidence pipelinesCross-functional collaborationJavaScriptPythonLookerAWSIAMChange ManagementSales
About this role
1Password is a rapidly growing company focused on enhancing digital security and productivity. They are seeking a Senior Security Engineer to design and implement automation for Governance, Risk, and Compliance operations, ensuring scalable security and privacy commitments across the organization.
Responsibilities:
- Lead the implementation and integration of our GRC platform, ensuring it is fully operationalized across key systems and workflows
- Build out automated workflows for control testing, evidence collection, and audit readiness
- Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management)
- Design dashboards and reporting to track control health, trust signals, and audit performance
- Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes like employee onboarding, change management, and incident response
- Shape the roadmap for automated, resilient internal assurance infrastructure that grows alongside the business
Requirements:
- 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles
- Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring
- Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments
- Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools
- Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems
- Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they map to real-world infrastructure and operations
- Hands-on experience with event-driven automation platforms like Tines and their use in control validation and alerting
- Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards in tools like Looker or Metabase
- Strong understanding of cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging)
- Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content