Apply on Employer Site

Sift · 4 months ago

Founding Security Engineer – Governance, Risk & Compliance (GRC)

San Francisco, CA

Full-time

Onsite

Senior Level

$170K/yr - $220K/yr

5+ years exp

Siftstack is redefining how modern machines are built, tested, and operated, having originated from work at SpaceX. They are seeking a Founding Security Engineer – Governance, Risk & Compliance (GRC) who will lead the company's security posture, blending technical security engineering with governance, risk, and compliance leadership.

Machine LearningSaaSSoftware

No H1B

U.S. Citizen Only

Responsibilities

Set the Standard: Establish a best in class security posture across our product and infrastructure. Make security a competitive advantage, not just a compliance checkbox

Lead Compliance by Design: Translate frameworks like SOC 2, NIST 800 171, CMMC, and FedRAMP into actionable engineering and operational practices. Oversee our Risk Management Framework (RMF) lifecycle and apply security standards across cloud, on prem, and air gapped environments

Engineer the Controls: Architect and deploy security tooling, secure CI/CD pipelines, and observability systems. Implement zero trust networking, encryption, and access control across environments

Enable the Team: Provide approachable, relevant training to engineers and operations teams. Guide secure procurement and use of third party tools and libraries

Earn Trust Externally: Represent Sift’s security posture clearly and credibly to customers, partners, auditors, and government stakeholders

Design, implement, and maintain secure cloud native infrastructure (AWS GovCloud, Kubernetes, OpenShift, on prem, and air gapped)

Build secure CI/CD pipelines with integrated scanning and policy enforcement

Deploy and manage observability and security tooling (SIEM, EDR, Datadog, ELK, Prometheus, Grafana)

Implement zero trust networking, VPNs, and encryption best practices

Maintain policies, procedures, and documentation that withstand customer and auditor scrutiny

Lead security readiness for customer and government requirements

Provide security awareness training for internal teams and be the point of contact for all security questions

Qualification

AWS GovCloudKubernetesSOC 2 complianceNIST 800 171CMMCFedRAMPISO 27001Zero trust networkingSecurity toolingCommunication skillsTeam collaboration

Required

5+ years in cybersecurity, product security, or cloud security roles, ideally in high assurance or regulated industries

Hands on experience securing AWS and Kubernetes based environments, with strong infrastructure as code practices

Proven track record leading or supporting compliance initiatives such as SOC 2, NIST 800 171, CMMC, FedRAMP, or ISO 27001

Deep understanding of network, endpoint, and identity security principles

Experience with security tooling and integration into operational workflows

Ability to translate compliance requirements into clear, actionable engineering work

Strong communication skills, able to represent security posture to technical and non technical audiences

Excited to operate as a team of one early on, with the vision to build and lead a security function over time

US Person Required: Must be a U.S. Citizen or Green Card Holder due to ITAR (International Traffic in Arms Regulations) / EAR (Export Administration Regulations) compliance requirements