Senior Security Engineer, GRC Automation

Senior Security Engineer, GRC Automation 1Password is growing faster than ever. We’ve surpassed $400M in ARR and we’re continuing to accelerate, earning a spot on the Forbes Cloud 100 for four years in a row and teaming up with iconic partners like Oracle Red Bull Racing and the Utah Mammoth. About 1Password At 1Password, we’re building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign-in is secure, and every device is trusted. We innovated the market-leading enterprise password manager and pioneered Extended Access Management, a new cybersecurity category built for the way people and AI agents work today. As one of the most loved brands in cybersecurity, we take a human-centric approach in everything from product strategy to user experience. Over 180,000 businesses, from Fortune 100 leaders to the world’s most innovative AI companies, trust 1Password to help their teams securely adopt the SaaS and AI tools they need to do their best work. If you're excited about the opportunity to contribute to the digital safety of millions, to work alongside a team of curious, driven individuals, and to solve hard problems in a fast-paced, dynamic environment, then we want to hear from you. Come join us and help shape a safer, simpler digital future. Trust is earned — and we’re building the systems to earn it at scale. 1Password is looking for a Senior Security Engineer – GRC to design and implement automation, dashboards, and integrations that power our Governance, Risk, and Compliance (GRC) operations. You’ll partner directly with the Senior Manager of GRC to build automation that scales our security and privacy commitments — from audit readiness and policy enforcement to customer trust workflows. A key focus for this role will be operationalizing our newly selected GRC platform, integrating it with our internal systems, and ensuring it supports automated, scalable assurance processes across the organization. This is a hands-on technical role for someone who’s passionate about making GRC repeatable, visible, and built into how the company works. It sits at the intersection of security engineering, compliance, and platform operations — ideal for someone with a solutions engineering or DevSecOps background who thrives in high-context, high-impact environments. This is a remote opportunity within the US or Canada. What we're looking for: - 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles. - Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring. - Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments. - Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools. - Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems. - Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they map to real-world infrastructure and operations. Bonus points if you have: - Hands-on experience with event-driven automation platforms like Tines and their use in control validation and alerting. - Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards in tools like Looker or Metabase. - Strong understanding of cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging). - Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content. What you can expect: - Lead the implementation and integration of our GRC platform, ensuring it is fully operatio ... (truncated, view full listing at source)