GRC Engineer

Work Model: 100% Onsite - Local Candidates Only

Role Overview

We are seeking a highly skilled and handson GRC Engineer to join our team in San Jose, CA. This role requires strong expertise in Python development, API design, and modern cloudnative architectures, combined with a solid understanding of Governance, Risk, and Compliance (GRC) frameworks.

The ideal candidate will have a builder mindset capable of designing and developing secure, scalable systems while ensuring regulatory compliance and risk mitigation across applications and infrastructure.

Key Responsibilities

Governance, Risk & Compliance

• Design, implement, and maintain GRC controls aligned with organizational security and compliance requirements.
• Support compliance initiatives across frameworks such as SOC 2, ISO 27001, GDPR, HIPAA, and PCIDSS.
• Partner with security, engineering, and audit teams to identify risks and implement mitigation strategies.
• Develop automated compliance and risk monitoring solutions.

Engineering & Development

• Build and maintain backend services and APIs using Python and Node.js.
• Design and implement RESTful APIs and microservices following secure coding best practices.
• Develop scalable, faulttolerant applications leveraging modern architectures.
• Apply strong database design principles and write efficient queries to support compliance-related data workflows.

CloudNative & Platform Engineering

• Develop and deploy applications using Docker and Kubernetes.
• Support containerized workloads and microservices in production environments.
• Collaborate with platform teams to ensure infrastructure adheres to security and compliance standards.

Collaboration & Operations

• Work closely with product, security, and engineering teams to translate compliance requirements into technical solutions.
• Participate in design reviews, threat modeling, and security assessments.
• Contribute to documentation, operational runbooks, and audit evidence preparation.
• Provide support for compliance incidents, security findings, and remediation activities.

Required Skills & Qualifications

• 6-8 years of professional experience in software engineering or securityfocused engineering roles.
• Strong handson experience with Python.
• Experience with Node.js for API and backend development.
• Proven experience designing and implementing REST APIs and microservices.
• Strong understanding of containerization and orchestration using Docker and Kubernetes.
• Solid database skills (relational and/or NoSQL).
• Demonstrated experience building secure and scalable systems.
• Strong understanding of GRC concepts, risk management, and compliance frameworks.
• Excellent problemsolving and communication skills.
• Ability to work 100% onsite in San Jose, CA (local candidates only).

Preferred / NicetoHave Skills

• Experience automating compliance workflows and controls.
• Familiarity with security tooling, monitoring, and logging platforms.
• Exposure to cloud platforms and cloudnative security best practices.
• Prior experience supporting audits and regulatory assessments.