Apply on Employer Site

Sift · 1 week ago

Founding Security Engineer – Governance, Risk & Compliance (GRC)

El Segundo, CA

Full-time

Hybrid

Senior Level

$170K/yr - $220K/yr

5+ years exp

Sift is redefining how modern machines are built, tested, and operated. As the founding Security & Compliance Engineer, you will define the security posture and practices for Sift's products and infrastructure, ensuring they meet the expectations of aerospace, defense, and enterprise customers.

Machine LearningSaaSSoftware

No H1B

U.S. Citizen Only

Responsibilities

Build secure CI/CD pipelines with embedded scanning

Operate and tune SIEM/EDR (ELK, Datadog, Splunk, CrowdStrike, Prometheus, Grafana). Secure multi-cloud environments (AWS GovCloud, Kubernetes, on-prem)

Implement zero-trust networking and modern SASE/ZTNA approaches

Improve visibility and observability across networks and workloads

Lead compliance initiatives: SOC 2, ISO 27001, NIST 800-171, FedRAMP, CMMC

Manage third-party/vendor risk assessments

Own internal/external audits and readiness for customer/government reviews

Lead company-wide security awareness: phishing simulations, compliance workshops, and role-specific training

Qualification

Cybersecurity experienceCompliance initiativesAWS GovCloud securityKubernetes securitySIEM/EDR toolsZero-trust networkingInfrastructure as codeCustomer-facing presenceCollaborative partnerClear communicationHigh ownershipIntegrityTrustworthiness

Required

5+ years in cybersecurity, product security, or cloud security roles, ideally in high assurance or regulated industries

Hands-on experience securing AWS or an equivalent cloud service provider (GovCloud preferred) and Kubernetes-based environments, with strong infrastructure as code practices

Proven track record leading or supporting compliance initiatives such as SOC 2, NIST 800-171, CMMC, FedRAMP, or ISO 27001

Deep understanding of network, endpoint, and identity security principles

Experience with security tooling and integration into operational workflows

Ability to translate compliance requirements into clear, actionable engineering work

Experience managing third-party/vendor risk and customer-facing security reviews

Clear communicator with both technical and non-technical stakeholders

Customer-facing presence for audits and enterprise assurance

Collaborative partner to infra and product teams

High ownership and adaptability in ambiguous, fast-moving environments

Integrity and trustworthiness, handling sensitive data, and compliance matters with discretion

Excited to operate as a team of one early on, with the vision to build and lead a security function over time

U.S. Person Required: Must be a U.S. citizen, lawful permanent resident, or protected individual such as an asylee or refugee in compliance with ITAR (International Traffic in Arms Regulations) / EAR (Export Administration Regulations) regulations