Sift
Founding Security Engineer – Governance, Risk & Compliance (GRC)
Sift, El Segundo, California, United States, 90245
Overview
Founding Security Engineer – Governance, Risk & Compliance (GRC) role at Sift. The Security & Compliance Engineer will define posture, architecture, and practices that keep products and infrastructure secure in demanding environments. This is a hands-on and strategic role, building controls, automating compliance, and working with customers, auditors, and internal teams to inspire confidence in the platform. You will own Sift’s security posture end-to-end, setting the standard for protecting systems and data to meet the expectations of aerospace, defense, and enterprise customers. This is a high-visibility, high-ownership role as the first security hire, laying the foundation of the security program and growing it as the company scales. In This Role, You’ll
Technical Security Build secure CI/CD pipelines with embedded scanning. Operate and tune SIEM/EDR (ELK, Datadog, Splunk, CrowdStrike, Prometheus, Grafana). Secure multi-cloud environments (AWS GovCloud, Kubernetes, on-prem). Implement zero-trust networking and modern SASE/ZTNA approaches. Improve visibility and observability across networks and workloads. Governance, Risk & Compliance (GRC) Lead compliance initiatives: SOC 2, ISO 27001, NIST 800-171, FedRAMP, CMMC. Manage third-party/vendor risk assessments. Own internal/external audits and readiness for customer/government reviews. Lead company-wide security awareness: phishing simulations, compliance workshops, and role-specific training. Technical Skills 5+ years in cybersecurity, product security, or cloud security roles, ideally in high assurance or regulated industries. Hands-on experience securing AWS or an equivalent cloud service provider (GovCloud preferred) and Kubernetes-based environments, with strong infrastructure as code practices. Proven track record leading or supporting compliance initiatives such as SOC 2, NIST 800-171, CMMC, FedRAMP, or ISO 27001. Deep understanding of network, endpoint, and identity security principles. Experience with security tooling and integration into operational workflows. Ability to translate compliance requirements into clear, actionable engineering work. Experience managing third-party/vendor risk and customer-facing security reviews. Soft Skills Clear communicator with both technical and non-technical stakeholders. Customer-facing presence for audits and enterprise assurance. Collaborative partner to infra and product teams. High ownership and adaptability in ambiguous, fast-moving environments. Integrity and trustworthiness, handling sensitive data, and compliance matters with discretion. Excited to operate as a team of one early on, with the vision to build and lead a security function over time. Location & Eligibility
Location:
Sift’s headquarters is in El Segundo, CA. We collaborate in person twice a week—Mondays and Thursdays—and come together for a full week every two months. While local candidates are preferred, we’re open to relocating candidates to LA or considering remote work from the San Francisco area for the right candidate. Salary:
$170,000 - $220,000 per year, plus equity and benefits. Eligibility US Person Required: Must be a U.S. Citizen or Green Card Holder due to ITAR/EAR compliance requirements. Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries
Software Development
#J-18808-Ljbffr
Founding Security Engineer – Governance, Risk & Compliance (GRC) role at Sift. The Security & Compliance Engineer will define posture, architecture, and practices that keep products and infrastructure secure in demanding environments. This is a hands-on and strategic role, building controls, automating compliance, and working with customers, auditors, and internal teams to inspire confidence in the platform. You will own Sift’s security posture end-to-end, setting the standard for protecting systems and data to meet the expectations of aerospace, defense, and enterprise customers. This is a high-visibility, high-ownership role as the first security hire, laying the foundation of the security program and growing it as the company scales. In This Role, You’ll
Technical Security Build secure CI/CD pipelines with embedded scanning. Operate and tune SIEM/EDR (ELK, Datadog, Splunk, CrowdStrike, Prometheus, Grafana). Secure multi-cloud environments (AWS GovCloud, Kubernetes, on-prem). Implement zero-trust networking and modern SASE/ZTNA approaches. Improve visibility and observability across networks and workloads. Governance, Risk & Compliance (GRC) Lead compliance initiatives: SOC 2, ISO 27001, NIST 800-171, FedRAMP, CMMC. Manage third-party/vendor risk assessments. Own internal/external audits and readiness for customer/government reviews. Lead company-wide security awareness: phishing simulations, compliance workshops, and role-specific training. Technical Skills 5+ years in cybersecurity, product security, or cloud security roles, ideally in high assurance or regulated industries. Hands-on experience securing AWS or an equivalent cloud service provider (GovCloud preferred) and Kubernetes-based environments, with strong infrastructure as code practices. Proven track record leading or supporting compliance initiatives such as SOC 2, NIST 800-171, CMMC, FedRAMP, or ISO 27001. Deep understanding of network, endpoint, and identity security principles. Experience with security tooling and integration into operational workflows. Ability to translate compliance requirements into clear, actionable engineering work. Experience managing third-party/vendor risk and customer-facing security reviews. Soft Skills Clear communicator with both technical and non-technical stakeholders. Customer-facing presence for audits and enterprise assurance. Collaborative partner to infra and product teams. High ownership and adaptability in ambiguous, fast-moving environments. Integrity and trustworthiness, handling sensitive data, and compliance matters with discretion. Excited to operate as a team of one early on, with the vision to build and lead a security function over time. Location & Eligibility
Location:
Sift’s headquarters is in El Segundo, CA. We collaborate in person twice a week—Mondays and Thursdays—and come together for a full week every two months. While local candidates are preferred, we’re open to relocating candidates to LA or considering remote work from the San Francisco area for the right candidate. Salary:
$170,000 - $220,000 per year, plus equity and benefits. Eligibility US Person Required: Must be a U.S. Citizen or Green Card Holder due to ITAR/EAR compliance requirements. Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries
Software Development
#J-18808-Ljbffr