At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world's largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies.

We protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks.

Key Responsibilities

Public Sector & Compliance Governance

• Serve as the Subject Matter Expert (SME) on NIST 800-53 control families and FedRAMP requirements.
• Manage Cloudflare's continuous monitoring program, inclusive of annual assessments and significant change requests.
• Collect, validate, and organize FedRAMP evidence and artifacts to present to auditors, FedRAMP customers, and the FedRAMP PMO.
• Help guide our overall security policy and governance architecture to ensure alignment with evolving government regulations.

Audit Lifecycle Management

• Orchestrate end-to-end audit activities for standards such as PCI, SOC2, ISO, NIST, and FedRAMP.
• Coordinate with auditors to manage data center access, compliance certificate collection, and evidence defense.
• Work cross-functionally with Engineering, Legal, Product, and Operational teams to maintain management and technical controls.
• Support compliance and regulatory projects, including implementation of new legislation / regulation.

Identity & Access Management (IAM) Operations

• Execute monthly Periodic Access Reviews (PARs): Compare portal user lists against ACLs to ensure least-privilege access is maintained across all data centers.
• Manage the lifecycle of portal access: Auditing access, provisioning/deprovisioning users, and maintaining accurate documentation.
• Oversee physical access requests to data centers and ensure strict adherence to security policies.
• Drive the resolution of daily DCSC Jira tickets for portal access, physical access, audits, and site decommissioning.
• Automate and streamline access review processes where possible, utilizing standard communication templates to site managers.

Partner Relations & Reporting

• Own, influence, and orchestrate relationships within the partner Offering teams that can help drive Cloudflare offerings and strategic positioning.
• Monitor and implement changes to individual accountability regime requirements (such as UK, Ireland, Singapore and Australia).
• Maintain centralized documentation, databases, dashboards, and reporting mechanisms to track compliance health.

Requirements

• 3-6 years working in Security Compliance, Information Security, or Risk Management.
• Deep familiarity with all NIST 800-53 control families and FedRAMP requirements.
• Ability to work closely with auditors and articulate technical concepts.
• Experience in auditing of network, operating system, and application security.
• Proven experience managing an audit throughout the full audit lifecycle (from readiness to final report).
• Familiarity with additional security standards and frameworks such as ISO 27000, SOC 2, PCI DSS, ISMAP and IRAP.
• Ability to work cross-functionally with internal stakeholders and strong communications skills.
• High tolerance for ambiguity and ability to work efficiently and independently in a fast-paced, high-volume environment.
• Some travel may be required to engage with regulators and auditors.
• Certifications: CISSP, CIPP, CIPM, CIPT, CISA, or CRISC.
• A relevant professional experience working with technology partners, alliances, or third-party vendors, ideally in the following disciplines: Data center Security Compliance, Access Management, audit administration at a leading high-tech company; offering management.
• Technical skills including the ability to understand (1) product roadmaps; (2) market trends and factors; and (3) complex partner requirements.
• Strong technical proficiency with spreadsheet software (Excel/Google Sheets) including pivot tables and VLOOKUPs for data reconciliation.
• Organized & Disciplined, with a strong focus on driving outcomes.

Preferred

• Prior experience with Data Centre Security Compliance disciplines and audit programs and past history working at a hyperscaler or high-growth tech company.
• Superb organizational skills and demonstrated history managing complex processes including audit cycles, Facts gathering and analytical skills.

XML job scraping automation by YubHub

Accelerate your career by joining Okta, the World’s Identity Provider, as a member of our Cybersecurity & Privacy Legal team. We free everyone to safely use any technology , anywhere, on any device or app. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication and automation that transforms how people move through the digital world, putting Identity at the heart of business security and growth.

As Corporate Counsel – Privacy Commercial, you will lead a small privacy commercial team responsible for advising and supporting commercial legal and sales organisations on privacy and data protection, primarily drafting and negotiating data processing addenda, information security exhibits and related commercial documents with some of the biggest names across every industry that trust Okta to help their organisations work faster, boost revenue and stay secure.

You will work on cutting-edge projects in a cloud-first, SaaS environment where you can apply your experience providing strong legal support to help Okta deliver world-class products to our thousands of global customers.

Responsibilities: Advise, draft and negotiate privacy and data protection terms associated with outbound cloud service Master Subscription Agreements, Data Processing Addenda, Information Security Exhibits and other documentation related to sales transactions, while partnering closely with Okta’s Commercial Legal team. Provide day-to-day legal support surrounding privacy and data protection-related contract requests and respond promptly and effectively to legal questions from internal clients with pragmatic and business-oriented guidance. Support the procurement team in drafting and negotiating privacy and data protection-related terms associated with vendor agreements. Support the investigation of potential privacy and security incidents, including analysing relevant legal and regulatory responsibilities, and providing guidance to internal clients on mitigation, remediation, and resolution efforts. Develop, implement and maintain standards, processes, runbooks and guidance surrounding privacy and data protection-related issues for Go-to-Market transactions, and partnering closely with members of the Legal, Security, Compliance and Engineering teams, among other key stakeholders. Build critical relationships in order to effectively provide practical and strategic advice to assist the business in meeting its objectives, while ensuring privacy and information security compliance. Advise on recommended courses of action and legal risk, with the ability to judge when to escalate identified issues as appropriate. Assist in the maintenance and review of various privacy and security programs and processes, including updates to privacy and security policies, plans, procedures, standards, certifications and customer-facing documentation. Ensure compliance with all applicable global privacy and data protection laws, such as the General Data Protection Regulation, United States’ federal and state regulations and other global legal frameworks by monitoring and staying up to speed and a thought leader on global privacy and data protection laws and frameworks. Maintain an understanding of technical controls and assist in the creation of audit and monitoring frameworks to support stable, controlled operations. Review privacy and data protection-related marketing and other external communications content for accuracy and completeness. Support the management of outside counsel and consultants and contribute to other interesting legal projects, as needed.

Requirements: 4+ years of relevant law firm and/or in-house experience, including at least 2 years working primarily on privacy and data protection-related transactional matters, preferably at a SaaS technology company. Familiarity and comfort with the culture of a fast-paced enterprise software company and knowledge of SaaS products. Experience working with highly-regulated customers, especially those in the financial services industry, preferred. Excellent written and verbal communication, presentation, drafting and negotiation skills. Sound and practical legal and business judgment, as well as the ability to think strategically and develop strong working relationships with key internal clients. Knowledge in global privacy, data protection and security frameworks, including GDPR, CCPA, CPRA, HIPAA, NIST, ISO, FedRAMP and PCI-DSS. Ability to maintain strong working relationships with a variety of internal clients and business partners from a variety of functions. A self-motivated individual with grit who takes initiative and is comfortable rolling up their sleeves. Team-oriented with a sense of humour and high emotional intelligence. Ability to organise, prioritise and manage deadlines. Strong academic background and J.D. from highly-regarded school. Certified Information Privacy Professional (Europe, U.S., Canada and/or Asia) or Certified Information Privacy Manager is a plus.

Benefits: The annual base salary range for this position for candidates located in Ireland is between €115,000-€158,000 EUR. Okta offers equity (where applicable), bonus, and comprehensive healthcare coverage and financial benefits including paid time off and parental leave in accordance with our applicable plans and policies. To learn more about our Total Rewards program, please visit: https://rewards.okta.com/irl.

The Okta Experience: Supporting Your Well-being Driving Social Impact Developing Talent and Fostering Connection + Community

We are intentional about connection. Our global community, spanning over 20 offices worldwide, is united by a drive to innovate. Your journey begins with an immersive, in-person onboarding experience designed to accelerate your impact and connect you to our mission and team from day one. Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation. Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, please click here to view our full NYC AEDT Notice. Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Personnel and Job Candidate Privacy Notice at https://www.okta.com/legal/personnel-policy.

XML job scraping automation by YubHub

The ideal candidate will have a Bachelor's degree in Computer Science or a related field, or equivalent experience, with 5+ years of security compliance or audit-related experience, FedRAMP and/or DISA SRG auditing (3PAO) or implementation (CSP) experience, NIST 800-53 and RMF experience, a comprehensive understanding of security controls across all domains, a general understanding of key technical security controls in cloud environments (AWS, Azure, GCP), strong written and verbal communication skills, and experience working effectively across the spectrum of individual contributors and senior leadership within an organisation.

XML job scraping automation by YubHub

You will own the renewal process from early outreach through booking, mitigate renewal risk before it becomes urgent, and identify opportunities for expansion, services, and training that deepen customer value. You will work closely with Account Executives, Customer Success Managers, and distributor and channel partners to deliver accurate, on-time renewals in a fast-moving remote environment.

This is a strong fit if you enjoy managing a high volume of work with precision, operating effectively in a remote environment, and helping customers navigate complex procurement and compliance requirements.

In your first year, you will build trust across your book of business, bring discipline to pipeline and forecasting, and create consistent renewal motions that support customer success, risk mitigation, and long-term adoption of GitLab in the US public sector.

Responsibilities:

• Own the full renewal cycle for a high-volume portfolio of US Public Sector accounts, from early engagement through quoting, negotiation, procurement, and booking.

• Manage renewal quotes, order forms, and amendments in alignment with GitLab policies and public sector procurement requirements, including FedRAMP considerations and relevant contracting vehicles.

• Maintain accurate pipeline and forecast data in Salesforce, including stages, close dates, amounts, and risk status.

• Assess adoption signals, usage trends, and customer context to identify renewal risk early. Build and track mitigation plans with account teams and customer success partners, with clear owners, timelines, and next steps.

• Coordinate customer check-ins focused on realized value, deployment health, and upcoming renewal milestones.

• Identify opportunities for expansion, cross-sell, professional services, training, and consolidation within your book of business.

• Work cross-functionally with Account Executives, Customer Success Managers, Solution Architects, Professional Services, distributors, and channel partners to move renewals and growth opportunities forward.

Requirements:

• Experience owning renewals, account management, or customer success motions for complex SaaS accounts in a customer-facing B2B environment.

• Experience working through a distributor or channel partner ecosystem, with the ability to manage the commercial and relationship complexity of partner-led transactions.

• Familiarity with the US Public Sector, including Federal, State, Local, or Education buying processes, contracting vehicles, and compliance-related requirements.

• Excellent organizational skills with the ability to manage many concurrent opportunities, stakeholders, and deadlines while maintaining accuracy.

• Proficiency using Salesforce or a similar CRM platform for pipeline management, forecasting, and activity tracking.

• Working knowledge of contract renewal processes and tools such as CPQ tools, subscription management systems, or billing platforms.

• Clear written and verbal communication skills for customers, partners, and internal stakeholders, including executive audiences.

• A self-directed and team-oriented approach, with the ability to work effectively in a fully remote, asynchronous environment.

About the team:

The US Public Sector team enables government and education organizations as they modernize how they build and deliver software. We work with customers navigating complex procurement environments while helping them adopt GitLab as the one DevSecOps platform , improving collaboration, reducing manual processes, and delivering secure software faster.

We partner closely across sales, customer success, services, and the channel ecosystem, operating asynchronously in a remote environment to support public sector missions with consistency and transparency.

A key focus is helping agencies and institutions balance security, compliance, and operational efficiency as they scale digital transformation with GitLab.

XML job scraping automation by YubHub

As a Senior Compliance Engineer at Anduril Industries, you will be responsible for driving automation, compliance, and security engineering principles into the design, integration, and operation of Anduril's internal systems. This is a technically hands-on role that requires a strong DevSecOps background with deep expertise in cloud infrastructure security, embedded systems security, and federal compliance frameworks.

Key Responsibilities

• Design, develop, and maintain Infrastructure as Code (IaC) and Policy as Code (PaC) that enforce compliance with NIST SP 800-171 and 800-53, CMMC, and other applicable frameworks, enabling developers to deploy CMMC-certified applications using pre-packaged, compliant infrastructure templates.
• Architect, build, and deploy robust, scalable security controls across Anduril's corporate, development, and production cloud environments (AWS, Azure, GCP) and on-premise environments.
• Develop and automate IaC pipelines for managing and scaling cloud deployments securely and efficiently, including automated pipelines for deploying infrastructure, applications, and updates.
• Build automation for procedural compliance controls, generating compliance and audit artifacts at scale without manual intervention.
• Develop security models that integrate Continuous Monitoring (ConMon), DISA STIG scanning, and compliance reporting into a unified, automated workflow.

Compliance Engineering & Framework Implementation

• Analyze, interpret, and operationalize federal and industry cybersecurity regulations, including NIST SP 800-171 and 800-53, CMMC, FedRAMP, and SOC 2, translating regulatory language into actionable engineering guidance and enforceable technical controls.
• Evaluate system architectures and configurations to ensure alignment with required security controls for moderate-impact information systems.
• Interface directly with infrastructure teams to verify and enforce compliance across existing on-premise and cloud stacks, identifying gaps and driving remediation.

Cross-Functional Collaboration & Enablement

• Partner with engineers, the DevSecOps Team, and the Automation Team to implement and verify security controls in both corporate and product software environments.
• Act as a force multiplier by embedding security best practices into the workflows of infrastructure, application, and product teams, particularly for environments holding mission-critical data.

Strategic & Advisory

• Develop strategies and implementation plans for compliance-related matters, advising management on risk posture, regulatory changes, and investment priorities.
• Institute best-practice procedures for compliance and risk mitigation across the organization.

Required Qualifications

• 3+ years of professional experience in Cloud Security, DevSecOps, Site Reliability Engineering (SRE), or a related security engineering role.
• Background in one or more of the following disciplines: Systems Security Engineering, Cybersecurity, Systems Engineering, Software Engineering, Computer Engineering, or Computer Science.
• Proven experience building and securing complex cloud environments at scale.
• 3+ years of hands-on experience working with compliance frameworks such as CMMC, NIST SP 800-171 and/or 800-53, and FedRAMP.

XML job scraping automation by YubHub

The company's family of systems is powered by Lattice OS, an AI-powered operating system that turns thousands of data streams into a real-time, 3D command and control centre.

As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion and networking technology to the military in months, not years.

We are seeking a mission-driven Cloud Infrastructure Engineer to take a leading role in designing and implementing world-class defensive controls. This is a high-impact role with the autonomy to shape security architecture and protect the technology that is changing the future of defence.

Key Responsibilities:

• Design and Own Security Architecture: Architect, build and deploy robust, scalable security controls for our corporate, development and production cloud environments (AWS, Azure, GCP).

• Automate Everything: Develop and automate infrastructure-as-code (IaC) to manage and scale our cloud deployments securely and efficiently.

• Proactively Defend: Continuously monitor, identify and remediate security weaknesses and configuration drift across our entire cloud footprint.

• Be a Force Multiplier: Partner with infrastructure, application and product teams to embed security best practices into their workflows and secure environments holding mission-critical data.

• Enable Scale and Reliability: Engineer systems and processes that ensure our platforms are highly available, resilient and prepared for rapid growth.

• Serve as a Cloud Security Expert: Act as the go-to subject matter expert for teams across Anduril, providing guidance, mentorship and paved-road solutions for building securely in the cloud.

Requirements:

• Proven experience building and securing complex cloud environments, typically gained through 3+ years in a Cloud Security, DevOps or SRE role.

• Deep proficiency in at least one major cloud provider (AWS, Azure or GCP).

• Strong hands-on experience with Infrastructure as Code (e.g., Terraform, CloudFormation, Bicep).

• Solid programming/scripting ability in one or more languages (e.g., Python, Go, Rust).

• Firm understanding of public cloud networking principles (e.g., VPCs, subnets, routing, security groups).

• Must be a U.S. Person and eligible to obtain and maintain a U.S. Top Secret security clearance.

Preferred Qualifications:

• Experience hardening and monitoring Kubernetes clusters (EKS, GKE, AKS).

• Experience with cloud security posture management (CSPM) or threat detection tooling.

• Familiarity with CI/CD pipelines and securing the software supply chain.

• Knowledge of compliance frameworks such as FedRAMP, MRL, SOC 2 or CMMC.

• On-premises network engineering experience.

XML job scraping automation by YubHub

In this role, you will have a deep specialization in Identity and Access Management (IAM) and FedRAMP High/Moderate environments. You will have hands-on experience supporting IAM solutions, including deep familiarity with protocols such as SAML, SSO, LDAP, and WS-Federation. You will have advanced knowledge of Active Directory, Entra ID (Azure AD), and Okta. You will be an expert in troubleshooting synchronization errors, managing complex group membership logic, and overseeing cross-platform identity lifecycle management. You will have experience supporting major SaaS applications, including Office 365, Google Workspace, Salesforce, and Workday. You will have proven ability to isolate and resolve network-layer impediments. You will be skilled in leveraging diagnostic utilities such as Wireshark, Fiddler, and DNS lookup tools to identify root causes. You will have excellent relationship management skills with the ability to remain calm, composed, and articulate during high-pressure customer situations. You will be a quick study with the ability to master new technologies rapidly in a fast-paced environment. You will have strong analytical and organizational skills; comfortable working both as a collaborative teammate and an independent contributor with minimal supervision. You will have a genuine passion for solving complex problems and advocating for customer success.

XML job scraping automation by YubHub

We are looking for builders and owners who operate with speed and urgency and execute with excellence. This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.

The Okta Security team’s mission is to strengthen Okta’s position as the leading Identity-as-a-Service solution by identifying and resolving risks to the employees, product, and most importantly, our customers. The Security Trust & Culture team works to enhance customer trust in Okta’s identity services . We serve as a strategic resource working closely with Okta’s go-to-market teams.

As a Staff level analyst of Customer Assurance, you will support prioritising and efficiently responding to questions about our security programme and other due diligence related requests. You will act as a critical bridge between our customers and our internal engineering teams, ensuring Okta’s security posture is communicated effectively.

Tasks will include training local Sales teams, managing complex escalations in the regional market, and driving technological changes to help Customer Assurance scale its efforts globally. This position requires a unique combination of skills including an ability to coordinate the analysis of technical issues, to communicate clearly about security-relevant topics with both internal and external customers, to collaborate with internal business units to ensure execution of time-sensitive projects, and to present to upper management or the broader organisation as required.

The ideal candidate will have experience with SaaS cloud security risk assessment and a solid understanding of the core principles of identity management. If you want to make a difference in the security programme of a global cloud provider, we want you on board.

Job Duties and Responsibilities:

Serve as the critical bridge between Okta’s customers and internal Engineering/Product Security teams. You must be able to unpack complex customer security concerns, hold in-depth technical discussions with internal engineering to align on solutions, and translate Okta’s security architecture back to the customer to resolve high-stakes inquiries.

Take end-to-end ownership of highly technical security questionnaires and due-diligence requests, Partner seamlessly with internal subject matter experts,including our specialised Federal/FedRAMP teams,to ensure accurate, timely, and high-quality responses for highly regulated customers.

Drive technological changes within Customer Assurance by identifying and implementing AI and automation strategies to streamline workflows, scale global efforts, and reduce response times.

Train and empower regional Go-To-Market and Sales teams on standard engagement protocols, ensuring they can leverage Customer Assurance resources smoothly to accelerate deals.

Collaborate with the Security Trust & Culture team and Regional CSOs to develop, publish, and maintain forward-facing security collateral, FAQs, and field communications.

Work within a global team, participating or leading global handoffs between American timezones and European or Asian, when required for large security or industry events.

Requirements:

Bachelor’s degree in Computer Science or Management Information Systems, or equivalent work experience in technology or information security fields

Minimum 3 years information security, project management, or related experience

A strong, fundamental understanding of core Security principles, architectures, and operations.

Understanding of IT and cloud methodologies, information security, privacy, identity management, risk assessments and IT regulation and compliance standards

Strong oral, written, and presentation skills

Strong written and verbal communication skills, with a proven ability to distill complex technical concepts into clear, concise responses for both technical customers and internal executive stakeholders.

Helpful Certifications / Skills:

Okta Certified Professional/Administrator

Certificate of Cloud Security Knowledge (CCSK) and/or Certificate of Cloud Auditing Knowledge (CCAK)

Certified Information Security Auditor (CISA)

Experience with generative AI tools or process automation platforms is a strong plus.

Familiarity with Federal or highly regulated compliance frameworks (e.g., FedRAMP, StateRAMP, NIST 800-53, or DoD IL4/IL5)

XML job scraping automation by YubHub

The responsibilities listed below represent the core functions of this role:

• Strategic Audit Leadership: Lead end-to-end FedRAMP and DoD audits, serving as the primary point of contact for external 3PAOs and government agencies.
• Continuous Monitoring Strategy: Oversee and evolve the continuous monitoring (ConMon) program. Design sophisticated reporting mechanisms for vulnerability management and risk posture for executive leadership.
• Engineering Advisory: Act as a senior consultant to Engineering and Product teams, translating complex NIST 800-53 requirements into actionable technical specifications for cloud-native environments.
• Impact Assessment & Risk Management: Lead the assessment of high-impact changes to federal systems. Ensure that system evolutions maintain a rigorous security posture without sacrificing innovation.
• Cross-Functional Alignment: Drive synchronization between GRC, Security, Marketing, Sales, Engineering, and Product to ensure federal requirements are integrated into the broader corporate roadmap.
• Programmatic Gap Analysis: Proactively identify and lead initiatives to close gaps between current capabilities and future regulatory requirements (e.g., emerging NIST standards, new DoD mandates, or IL6 requirements).
• Evidence Automation & FedRAMP 20x Readiness: Drive the build-out and support of automated evidence collection and control validation. Lead the transition toward "FedRAMP 2.0" standards (including OSCAL integration), defining and monitoring Key Security Indicators (KSIs) to provide real-time compliance visibility.

Minimum Required Knowledge, Skills, and Abilities:

• Education: Bachelor’s degree in Computer Science, MIS, Cybersecurity, or a related technical field.
• Experience: 7+ years of experience in security compliance, with at least 4-5 years specifically focused on the FedRAMP/NIST 800-53 framework.
• Automation & Compliance Engineering: Demonstrated experience with automation tools or scripting (e.g., Python, Go, or SQL) for automated evidence collection. Familiarity with API-based control validation and OSCAL-based tooling (e.g., Trestle, LULA, or similar GRC automation frameworks).
• Technical Depth: Deep understanding of cloud-native infrastructure (IaaS, PaaS, SaaS) and how infrastructure components (networking, OS, databases) support a distributed cloud application.
• Framework Mastery: Expert-level knowledge of NIST SP 800-53, FedRAMP High/Moderate, and DoD SRG (IL4, IL5, and familiarity with IL6).
• Operational Knowledge: Proven experience with access management, CI/CD pipelines, disaster recovery, and encryption/key management in a cloud context.
• Analytical Leadership: Ability to analyze complex "edge-case" security scenarios and provide remediation paths that align with both business goals and regulatory requirements.
• Communication: Exceptional presentation skills with the ability to explain technical compliance risks to non-technical executive stakeholders.

Preferred Certifications & Skills:

• Advanced Certifications: CISSP (highly preferred), CISA, or CCSK.
• Cloud Expertise: AWS Certified Solutions Architect or Cloud Practitioner.
• Tooling: Expert-level proficiency with JIRA, ServiceNow, and Okta.
• Technical Background: Prior experience in a DevOps, Security Engineering, or Systems Administration role is a significant plus.

Additional requirements:

• This position requires the ability to access federal environments and/or have access to protected federal data. As a condition of employment for this position, the successful candidate must be able to submit documentation establishing U.S. Person status (e.g. a U.S. Citizen, National, Lawful Permanent Resident, Refugee, or Asylee. 22 CFR 120.15) upon hire.

XML job scraping automation by YubHub

Identity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organisations to safely embrace this new era.

This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence. This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.

As a Senior Corporate Counsel – Cybersecurity, you will lead the cybersecurity legal team, helping build a scalable global cybersecurity practice. You will apply your experience when providing legal guidance on cybersecurity and privacy issues and drafting and negotiating information security exhibits, data processing addenda and related commercial documents with some of the biggest names across every industry that trust Okta to help their organisations work faster, boost revenue, and stay secure.

Responsibilities:

• Lead a team of talented, high-performing cybersecurity legal professionals and serve as a point of escalation to provide cybersecurity legal expertise and guidance to executives, cross-functional leaders and other stakeholders throughout the organisation.

• Advise, draft and negotiate cybersecurity and privacy terms associated with outbound cloud service Master Subscription Agreements, Information Security Exhibits, Data Processing Addendums and other documentation related to sales transactions, while partnering closely with Okta’s Commercial Legal team.

• Provide day-to-day legal support surrounding cybersecurity and privacy-related contract requests and respond promptly and effectively to legal requests from internal clients with pragmatic and business-oriented guidance.

• Provide advice and guidance to Okta Security, Engineering, Product, executives, and other stakeholders on compliance with applicable security and privacy laws and regulations, such as the General Data Protection Regulation, United States’ federal and state regulations, security/privacy by design, frameworks and industry certifications.

• Support the investigation of potential security and privacy incidents, including analysing relevant legal and regulatory responsibilities, and providing guidance to internal clients on mitigation, remediation and resolution efforts.

• Develop, implement and maintain standards, processes, runbooks and guidance surrounding cybersecurity and privacy-related issues for Go-to-Market transactions, and partnering closely with members of the Legal, Security, Compliance and Engineering teams, among other key stakeholders.

• Build critical relationships in order to effectively provide practical and strategic advice to assist the business in meeting its objectives, while ensuring information security and privacy compliance. Advise on recommended courses of action and legal risk, with the ability to judge when to escalate identified issues as appropriate.

• Assist in the maintenance and review of various security and privacy programs and processes, including updates to security and privacy policies, plans, procedures, standards, certifications and customer-facing security and privacy documentation.

• Support the procurement team in drafting and negotiating cybersecurity and privacy terms associated with vendor agreements.

• Maintain an understanding of technical controls and assist in the creation of audit and monitoring frameworks to support stable, controlled operations.

• Review cybersecurity and privacy-related marketing and other external communications content for accuracy and completeness.

• Support the management of outside counsel and consultants, and contribute to other interesting legal projects, as needed.

Required Skills and Experience:

• 8+ years of relevant law firm and/or in-house experience, including at least 2 years working primarily on cybersecurity and privacy-related transactional matters, preferably at a SaaS technology company.

• Familiarity and comfort with the culture of a fast-paced enterprise software company and knowledge of SaaS products.

• Experience working with highly-regulated customers, especially those in the financial services industry, preferred.

• Excellent written and verbal communication, presentation, drafting and negotiation skills.

• Sound and practical legal and business judgment, as well as the ability to think strategically and develop strong working relationships with key internal clients.

• Knowledge in global security, privacy and data protection frameworks, including NIST, ISO, FedRAMP, PCI-DSS, GDPR, CCPA, CPRA and HIPAA.

• Ability to maintain strong working relationships with a variety of internal clients and business partners from a variety of functions.

• A self-motivated individual with grit who takes initiative and is comfortable rolling up their sleeves. Team-oriented with a sense of humour and high emotional intelligence. Ability to organise, prioritise, and manage deadlines.

• Strong academic background and J.D. from highly-regarded school, active bar admission.

The annual base salary range for this position for candidates located in California (excluding San Francisco Bay Area), Colorado, Illinois, New York, and Washington is between $212,000-$292,000 USD

XML job scraping automation by YubHub

At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world’s largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies.

We protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks.

Available Location:

Available locations: Denver, CO

What you'll do as a Senior Solutions Engineer, Majors Accounts

The Solution Engineering organization is responsible for the technical sale of the Cloudflare solution portfolio, ensuring maximal business value, fit-for-purpose solution design and adoption roadmap for our customers. Reporting to the Solution Engineering Manager, the Majors Accounts Solutions Engineer is a Senior level role.

You are a customer-facing technologist within the Cloudflare Solutions Engineering team. You have strong experience in large account pre-sales management as well as excellent verbal and written communications skills suited for executive-level engagement. You are comfortable speaking about the Cloudflare vision and mission with C-level customer executives.

Your role will be to build passionate champions within the technology ranks at your accounts, drive sales for identified opportunities, and leverage your relationships with these technical champions to build a revenue pipeline where no opportunities yet exist. You will work within a high-profile pursuit team dedicated to certain strategic accounts, working closely with the majors account executives attached to these accounts.

Responsibilities

• Build and maintain long-term technical relationships with the technical buyers (executives, managers, and individual contributors) at your assigned accounts, becoming a trusted advisor to those stakeholders.
• Deeply understand the business-critical issues that your accounts are facing, and provide meaningful solution designs to facilitate technical validation of Cloudflare as a part of the customer’s infrastructure, including the coordination of Cloudflare colleagues throughout the sales and procurement cycle.
• Identify and drive technical conversations in every possible line of business within the accounts, engaging key technical buyers with the purpose of uncovering new areas of potential revenue & showing value to all possible parts of your accounts.
• Empower customers in their security and network transformation journeys, helping them to define strategies and architect necessary security controls aligned with Cloudflare product suites.
• Be the voice of the customer internally at Cloudflare, engaging with and influencing Cloudflare’s Product and Engineering teams to meet your customers’ needs.
• Represent and evangelize Cloudflare externally at Developer, Community, Technology, Cybersecurity, and other industry events with thought leadership and expertise.

Desirable Skills, Knowledge, and Experience

• Polished communication and executive presentation skills with the ability to drive a discussion with a broad range of stakeholders (from the web developer to the CISO).
• Relationship building: a proven track record of building deep technical relationships with engineers and senior executives in large and strategic accounts. Experience in managing various stakeholder relationships to build consensus on security solutions/projects.
• Experience managing technical sales within large accounts.
• Developing champion-style relationships
• Driving technical wins
• Assisting with technical validation
• A deep understanding of core industry components of Cloudflare solutions (and a desire to learn more):

Internet security technologies including DDoS and DDoS mitigation, Firewalls, TLS, VPN, DLP Networking technologies including TCP, UDP, DNS, IPv4 + IPv6, BGP routing, GRE, SD-WAN, MPLS, Global Traffic Management HTTP technologies including reverse proxy (e.g., WAF and CDN), forward proxy (secure web gateway), serverless application development Zero-trust network access (ZTNA & SASE) concepts including identity management and authentication Cloud computing technologies such as AWS, GCP, Azure, and others Some scripting or programming experience with one or more of JavaScript, Python, Golang, BASH Understanding of, or experience with, regulatory requirements such as FedRAMP, GDPR, PCI DSS, HIPAA, SOC-2, ISO/IEC.

Compensation

Compensation may be adjusted depending on work location.

For Denver, Colorado-based hires: Estimated annual salary of $208,000 - $254,000. This role is eligible to earn incentive compensation under Cloudflare’s Sales Compensation Plan. The estimated annual salary range includes the on-target incentive compensation that may be attained in this role under the Sales Compensation Plan.

Equity

This role is eligible to participate in Cloudflare’s equity plan.

Benefits

Cloudflare offers a complete package of benefits and programs to support you and your family. Our benefits programs can help you pay health care expenses, support caregiving, build capital for the future, and make life a little easier and fun!

The below is a description of our benefits for employees in the United States, and benefits may vary for employees based outside the U.S.

Health & Welfare Benefits Medical/Rx Insurance Dental Insurance Vision Insurance Flexible Spending Accounts Commuter Spending Accounts Fertility & Family Forming Benefits On-demand mental health support and Employee Assistance Program Global Travel Medical Insurance

Financial Benefits Short and Long Term Disability Insurance Life & Accident Insurance 401(k) Retirement Savings Plan Employee Stock Participation Plan

Time Off Flexible paid time off covering vacation and sick leave Leave programs, including parental, pregnancy health, medical, and bereavement leave

What Makes Cloudflare Special?

We’re not just a highly ambitious, large-scale technology company. We’re a highly ambitious, large-scale technology company with a soul. Fundamental to our mission to help build a better Internet is protecting the free and open Internet.

Project Galileo: Since 2014, we've equipped more than 2,400 journalism and civil society organizations in 111 countries with powerful tools to defend themselves against attacks that would otherwise censor their work, technology already used by Cloudflare’s enterprise customers,at no cost.

Athenian Project: In 2017, we created the Athenian Project to ensure that state and local governments have the highest level of protection and reliability for free, so that their constituents have access to election information and voter registration. Since the project’s inception, we’ve protected over 20 million registered voters and helped to safeguard the integrity of elections in several states.

XML job scraping automation by YubHub

Location: United States

Department: Security

Job Description:

This role can be based remotely anywhere in the United States. The Product Security Team's mission is to left-shift SDLC (Security Development Lifecycle) processes for all code written in Databricks (for customer use or supporting customers internally) to reduce the likelihood of introducing new vulnerabilities in production and minimize the count and effect of externally identified vulnerabilities on Databricks Services.

You will be an individual contributor on the product security team at Databricks, managing SDLC functions for features and products within Databricks. This would include, but is not limited to, security design reviews, threat models, manual code reviews, exploit writing, and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident.

You will work with a global team, spread across various locations in the US and EMEA.

The impact you will have:

• Full SDLC support for new product features being developed in ENG and non-ENG teams. This would include threat modeling, design review, manual code review, exploit writing, etc.

• Work with other security teams to provide support for incident response and vulnerability response as and when needed.

• Work with the results of SAST tools to help evaluate and identify false positives and file defects for real issues.

• Work on DAST tools and related automation for auto-assessment and defect filing.

• Maintain the automation framework and add new features as needed to support different security compliances that Databricks may want to get into – FedRamp, PCI, HIPAA, etc.

• Prioritize security from a risk management perspective, rather than an absolute textbook version.

• Help develop and implement security processes to improve the overall productivity of the product security organization and the SDLC process in general

What we look for:

• 3-10 years' experience with the threat modeling process and ability to find design problems based on a block diagram of data flow.

• Solid understanding on at least two of the following domains: web security, cloud security, systems security, and applied cryptography.

• Proficient with one or more of programming languages (Python/Java/Scala/JavaScript) and ability to read code to identify security defects.

• Strong skills on scripting and automation on exploits.

• Fuzzing skills are good to have.

• Exploit writing skills are a positive and greatly required.

Pay Range Transparency:

Databricks is committed to fair and equitable compensation practices. The pay range(s) for this role is listed below and represents the expected base salary range for non-commissionable roles or on-target earnings for commissionable roles. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to job-related skills, depth of experience, relevant certifications and training, and specific work location. Based on the factors above, Databricks anticipated utilizing the full width of the range. The total compensation package for this position may also include eligibility for annual performance bonus, equity, and the benefits listed above.

For more information regarding which range your location is in visit our page here.

Zone 1 Pay Range: $190,000 - $261,250 USD

Zone 2 Pay Range: $171,000 - $235,200 USD

Zone 3 Pay Range: $161,500 - $222,100 USD

Zone 4 Pay Range: $152,000 - $209,000 USD

XML job scraping automation by YubHub

You will also design and deploy robust supporting security tools for managing and assessing security state, integrate with third-party applications, and interact with cloud APIs (AWS, Azure, GCP, Terraform). Additionally, you will plan and lead end-to-end projects supporting data collection and integration with vulnerability and threat detection efforts.

To succeed in this role, you will need 8+ years of software engineering experience, with 4+ years specifically in security-related engineering. You should have experience with Python, Git/GitHub, and CI/CD automation, and Terraform. Expertise in securing at least one major cloud environment (AWS, Azure, GCP) is also required. Experience with software security and systems that handle sensitive data, as well as data correlation engine, is preferred.

As a leader on our team, you will be expected to mentor peers, drive strategic initiatives, and influence the organization's security direction. You should have excellent communication skills, with the ability to collaborate effectively across teams and present complex ideas clearly to stakeholders at all levels.

XML job scraping automation by YubHub

This is a hands-on security engineering role; not a GRC or project management role. You'll identify the frameworks that apply, architect the vessel's security to satisfy them, and drive authorization to completion. Where standards don't yet exist, you'll define them.

Key Responsibilities:

• Own the security posture for one or more vessel programs from architecture through fielding, serving as the responsible security engineer for the product
• Drive threat modeling across vessel subsystems including embedded compute, communications, navigation, propulsion controls, sensor fusion, and C2 interfaces and define security architectures, trust boundaries, and segmentation strategies based on findings
• Identify and mitigate security risks unique to autonomous maritime platforms, including GPS/GNSS spoofing, RF interference, sensor manipulation, supply chain compromise, and physical access threats
• Own the end-to-end authorization lifecycle for vessel programs, from initial security planning through ATO or equivalent customer authorization milestones
• Navigate DoD cybersecurity authorization frameworks including RMF, CSRMC, and service-specific requirements across Navy, Coast Guard, Marine Corps, and joint programs
• Prepare and maintain authorization artifacts, security documentation, and evidence packages that satisfy Authorizing Officials and program offices
• Identify and map applicable compliance frameworks for each vessel and customer segment including NIST SP 800-53, NIST SP 800-171, CMMC 2.0, FedRAMP, IEC 62443, IMO MASS Code, and IACS UR E26/E27 and proactively define Saronic's compliance posture where standards are still emerging
• Engage directly with government program offices, Authorizing Officials, DOT&E evaluators, and classification societies as a credible technical representative of Saronic's security posture
• Support cybersecurity testing and evaluation efforts, including preparation for operational test events, red team assessments, and cooperative vulnerability assessments
• Partner with supply chain and manufacturing teams to address hardware provenance, firmware integrity, and anti-tamper requirements for production vessels
• Work with Legal and Contracts to ensure security and compliance requirements are accurately reflected in customer agreements, proposals, and contract deliverables

Required Qualifications:

• 6+ years of hands-on experience in product security, systems security engineering, authorization engineering, or a closely related security engineering role for defense or high-assurance platforms
• Strong understanding of DoD cybersecurity authorization processes (RMF, ATO/IATT, CSRMC, continuous ATO) with experience contributing to or driving systems through authorization
• Working knowledge of NIST SP 800-53, NIST SP 800-171, and CMMC 2.0 and their application to weapons systems, autonomous platforms, or similarly complex defense products
• Experience with threat modeling, security architecture, or risk assessment for cyber-physical systems, embedded systems, or operational technology environments
• Strong technical foundation, able to read architecture diagrams, evaluate security controls at a systems level, and hold credible technical conversations with hardware, software, and cloud engineers
• Ability to clearly communicate with both technical and non-technical stakeholders, including production of security documentation and authorization artifacts
• Ownership mindset with the ability to operate in ambiguity, define the path forward, and move work to completion across teams
• Ability to obtain and maintain a security clearance

Preferred Qualifications:

• Experience as a product security lead, systems security engineer, or authorization lead for a defense platform or program of record
• Direct experience engaging with government Authorizing Officials, program offices, or DOT&E as a technical security representative
• Experience in defense technology startups, DARPA programs, or organizations that move at speed within the defense acquisition system
• Familiarity with maritime-specific frameworks including IMO MASS Code, IACS UR E26/E27, IEC 62443, or classification society autonomous vessel rules
• Understanding of autonomous systems security challenges including communications security, electronic warfare hardening, GPS/GNSS resilience, and AI/ML system security
• Experience with ITAR/EAR compliance, supply chain security, or manufacturing security for defense products
• Familiarity with the defense acquisition lifecycle and how authorization milestones integrate into program schedules

Additional Information:

• Benefits: Medical Insurance, Dental and Vision Insurance, Time Off, Parental Leave, Competitive Salary, Retirement Plan, Stock Options, Life and Disability Insurance, Pet Insurance
• This role requires access to export-controlled information or items that require “U.S. Person” status.

XML job scraping automation by YubHub

Key Responsibilities

• Own the security architecture for Saronic's AWS environments, including multi-account strategy, network segmentation, identity architecture, and data protection across commercial AWS and AWS GovCloud

• Design and maintain secure-by-default Terraform modules and IaC standards that teams adopt as the standard path, enforcing least privilege, secure defaults, and compliance requirements

• Implement preventive controls (SCPs, permission boundaries, policy-as-code) and detective controls (Config rules, CloudTrail analysis, GuardDuty) as a unified, layered security model

• Design and enforce IAM patterns across AWS accounts, services, and workloads including least-privilege policies, permission boundaries, cross-account access, federation, and service-to-service authentication

• Implement and govern secrets management using tools such as AWS Secrets Manager or Vault, integrated into CI/CD and runtime environments

• Partner with DevOps and Platform Engineering to embed security into CI/CD pipelines, infrastructure provisioning, and deployment workflows

• Build automated compliance validation into infrastructure pipelines and replace manual security gates with automated guardrails wherever possible

• Create self-service security tooling and patterns that allow teams to operate with speed and autonomy while maintaining compliance

• Integrate logging, monitoring, and alerting across cloud infrastructure to validate control effectiveness and detect misconfigurations or threats

• Build and tune cloud-native detections using CloudTrail, GuardDuty, Config, and SIEM integrations

• Support incident response for cloud security events, drive root-cause analysis, and translate findings into improved guardrails and controls

Required Qualifications:

• 6+ years of hands-on experience in cloud security engineering, infrastructure security, DevSecOps, or a closely related security engineering role

• Expert-level proficiency with Terraform, including module design, state management, policy-as-code, and managing complex multi-environment configurations

• Deep expertise in AWS security services and architecture, including IAM, Organizations, SCPs, Control Tower, CloudTrail, Config, GuardDuty, Security Hub, KMS, and VPC security

• Demonstrated experience building security guardrails and reusable infrastructure patterns that engineering teams adopt without friction

• Strong experience with CI/CD pipeline security, IaC review processes, and automated compliance validation

• Experience operating in AWS GovCloud or FedRAMP-regulated cloud environments

• Strong proficiency in Python, Go, Rust, or equivalent languages for building security automation and tooling

• Ability to obtain and maintain a security clearance

Preferred Qualifications:

• Experience in defence, aerospace, robotics, autonomy, or other high-assurance environments

• Experience designing multi-account AWS landing zones and organisational security architectures from the ground up

• Hands-on experience with Kubernetes security, container security, and service mesh security in cloud-native environments

• Familiarity with NIST SP 800-171, NIST SP 800-53, FedRAMP, or Cloud Computing SRG Impact Levels

• Experience with infrastructure drift detection, automated remediation, and continuous compliance monitoring

• Relevant certifications such as AWS Security Specialty, AWS Solutions Architect Professional, HashiCorp Terraform Associate/Engineer, CCSP, or CISSP

Additional Information

Benefits: Medical Insurance: Comprehensive health insurance plans covering a range of services. Saronic pays 100% of the premium for employees and 80% for dependents. Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care. Saronic pays 100% of the premium under the basic plan for employees and 80% for dependents. Time Off: Generous PTO and Holidays. Parental Leave: Paid maternity and paternity leave to support new parents. Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses. Retirement Plan: 401(k) plan. Stock Options: Equity options to give employees a stake in the company’s success. Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage. Pet Insurance: Discounted pet insurance options including 24/7 Telehealth helpline. Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office

This role requires access to export-controlled information or items that require “U.S. Person” status. As defined by U.S. law, individuals who are any one of the following are considered to be a “U.S. Person”: (1) U.S. citizens, (2) legal permanent residents (a.k.a. green card holders), and (3) certain protected classes of asylees and refugees, as defined in 8 U.S.C. 1324b(a)(3).

XML job scraping automation by YubHub

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

About the Team

OpenAI’s Platform and Infrastructure Engineering organization advances the mission of deploying artificial general intelligence (AGI) for the benefit of all by delivering secure, scalable, and resilient technology solutions. Our team builds and maintains robust infrastructure that safeguards OpenAI’s data and systems while ensuring employees are well-equipped and seamlessly connected. By prioritizing security, reliability, and user-centric solutions, we empower OpenAI employees to drive impactful AI research, corporate operations, and product innovation.

About the Role

As a Client Platform Engineer at OpenAI, you will play a pivotal role in securing, enhancing, and maintaining our endpoint management infrastructure across macOS, Windows, iOS, and Android devices. Your focus will be on building scalable, automated solutions that ensure seamless deployments, advanced security configurations, and efficient operational workflows. You will collaborate closely with IT, Security, and Engineering teams to implement modern endpoint management practices using automation, Infrastructure-as-Code (IaC), and monitoring strategies. This role offers an opportunity to work with cutting-edge tools and contribute to building a security-first, automation-driven endpoint ecosystem.

In this role, you will:

• Design, build, implement, and maintain scalable and performant endpoint management infrastructure to facilitate best-in-class security of the OpenAI fleet comprised of macOS, Windows, iOS, and Android endpoints.

• Deliver critical endpoint management efficiencies and capabilities through bespoke software development and implementation of both industry-standard open source tooling and first-party software solutions.

• Employ modern Infrastructure-as-Code (IaC) methodologies, develop GitOps-driven solutions to deliver consensus-based fleet management capabilities at scale.

• Build and maintain CI/CD pipelines for fleet management infrastructure, deploying to progressively tested environments across multiple clouds (Azure, AWS, GCP).

• Drive initiatives to adopt emerging CPE technologies, industry best practices, and optimize processes for scalability and operational efficiency.

• Partner with cross-functional teams to ensure seamless endpoint user experiences while maintaining strict security standards and continually increasing the bar.

You may be a fit for this role if you have:

• Proficiency in a modern programming language (Python, Golang, Ruby, etc.)

• Extensive hands-on experience with Jamf PRO and Microsoft Intune to ensure comprehensive secure fleet management as well as experience with similar cloud identity providers.

• Demonstrated success and experience with open source endpoint management tooling for configuration management, mobile device management, application management, and telemetry such as Salt, Puppet, Munki, Nano/MicroMDM, osquery, Autopkg, WinGet, etc.

• History of developing and delivering secure, reliable, scalable, and technology solutions.

• Deep knowledge and experience managing corporate infrastructure at scale with Infrastructure-as-Code (IaC) practices & GitOps workflows (Terraform, Ansible, Chef, etc.)

• Experience integrating and operating fleet management infrastructure with CI/CD pipelines and DevOps workflows.

• Proven track record of deploying and operating fleet management infrastructure in public cloud environments (Azure, AWS, GCP).

• A self-starter with strong analytical and problem-solving skills.

You might thrive in this role if you have:

• Deep experience with open-source fleet management tools and frameworks.

• Experience with containerization technologies such as Docker and Kubernetes.

• Familiarity with compliance frameworks such as SOC 2, ISO 27001, FedRAMP, and NIST.

• Strong soft skills, including stakeholder communication and cross-functional collaboration.

• Relevant professional certifications such as CISSP, CISA, CISM, CCSP.

• A security thought leader with contributions to CPE open-source projects or technical communities.

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives, voices, and experiences that form the full spectrum of humanity.

We are an equal opportunity employer, and we do not discriminate on the basis of

XML job scraping automation by YubHub

We are seeking a GRC Automation Lead to join our GRC organisation and build the technical foundation for how we scale our risk and compliance programs. In this role, you will lead the team that designs and implements automated workflows, data pipelines, and integrations that transform manual compliance processes into scalable engineering systems.

This is a greenfield opportunity to establish the team, architecture, and integrations that will define how we approach governance, risk, and compliance at Anthropic. The core challenge is a data problem: compliance information lives across dozens of systems—cloud infrastructure, identity providers, HR platforms, ticketing tools, code repositories—and your job is to design systems that bring it together, normalise it, and make it actionable.

At Anthropic, you'll also have a unique advantage: the ability to design AI-powered workflows where Claude acts as an extension of your team, handling tasks that would traditionally require additional headcount or manual effort. You'll need ingenuity to identify where agentic AI can accelerate evidence collection, interpret unstructured data, triage compliance gaps, and augment human judgment in risk assessments.

Working closely with Security, IT, and Engineering teams, you'll translate compliance and regulatory requirements into solutions that support audit programs including SOC 2, ISO, HIPAA, and FedRAMP, building systems that combine traditional automation with AI capabilities to achieve scale that wouldn't otherwise be possible.

Responsibilities:

• Lead the team that establishes foundational GRC processes and architecture. Design and build automated workflows for risk management and compliance, creating scalable systems that enable continuous monitoring as Anthropic grows.

• Build data pipelines that aggregate risk, control, and asset information from across our technology stack. This means solving hard data integration problems: mapping disparate schemas, handling inconsistent data quality, and creating unified views of compliance posture through dashboards and reporting tools.

• Inform GRC platform strategy and implementation: in partnership with other programs, evaluate, select, and deploy tooling that meets our compliance requirements.

• Translate written policies and compliance requirements into policy-as-code—working with Engineering and Security teams to express requirements as enforceable rules, automated checks, and continuous validation rather than static documents.

• Establish feedback loops between policy and implementation: surface where technical controls diverge from written requirements, identify where policies need to evolve based on infrastructure realities, and ensure that compliance requirements are expressed in terms engineers can act on.

• Design and deploy agentic AI workflows that extend team capacity, using Claude to automate evidence analysis, monitor control effectiveness, draft audit responses, interpret policy documents, and handle other tasks that require reasoning over unstructured information.

• Design and maintain integrations connecting GRC tooling with cloud infrastructure, identity management systems, HRIS platforms, ticketing systems, version control, and CI/CD pipelines—working with engineers to implement integrations that enable automated evidence collection and continuous compliance validation.

• Build and lead the GRC Automation function as we scale: hiring team members, establishing practices, and defining the technical roadmap for governance and compliance automation at Anthropic.

You may be a good fit if you:

• Have 3-4+ years of experience managing technical individual contributors or systems-focused teams, with a proven track record of building or scaling small teams (2-5 people) in security, compliance, automation, or operations functions.

• Are a systems thinker first. You understand how complex environments work: how data flows between systems, where integration points exist, what breaks when systems don't talk to each other. Your strength is designing the right architecture and environment for security monitoring, not necessarily implementing it yourself.

• Have 5+ years of experience designing automated workflows, data pipelines, or system integrations, whether through traditional development, low-code platforms, GRC tools, or process automation. We care about your ability to solve integration problems, not your programming language proficiency.

• Proficiency to write production level code in at least one programming language (e.g., Python, Rust, Go)

• Have a relentless focus on data integration: you understand how to pull data from multiple sources, normalise it, join it meaningfully, and surface insights. You're comfortable reasoning about messy, inconsistent data and designing systems that handle edge cases gracefully.

• Understand APIs and integration patterns conceptually: REST APIs, webhooks, authentication flows, polling vs. push architectures, and can evaluate systems based on how well they expose data and support automation, even if you're not writing the integration code yourself.

• Can work independently with minimal guidance, taking ownership of complex problems from design through implementation while managing ambiguity inherent in early-stage programs.

• Have strong analytical and problem-solving skills, with the ability to break down complex problems into manageable parts and develop creative solutions.

• Are able to communicate complex technical ideas to both technical and non-technical stakeholders, with a strong focus on collaboration and teamwork.

• Are passionate about staying up-to-date with industry trends and emerging technologies, with a willingness to learn and adapt to new tools and techniques.

XML job scraping automation by YubHub