Security and Compliance Engineer

<h2>Security and Compliance Engineer</h2><p style="min-height:1.5em">Platform and software · shared across customers</p><p style="min-height:1.5em"><strong>Reports to: </strong>CISO (or VP, Security)</p><p style="min-height:1.5em"><strong>Location: </strong>Remote (US) or Pleasanton, CA (hybrid)</p><p style="min-height:1.5em"><strong>Department: </strong>Compliance & Security / Compliance</p><p style="min-height:1.5em"></p><h3>Position summary</h3><p style="min-height:1.5em">The Security and Compliance Engineer owns security operations and compliance posture for the GPU One (GPUaaS) platform. The role maintains SOC 2 and SOC 3 programs, supports customer security requirements during sales and operations, and leads security incident response.</p><h3>Key responsibilities</h3><ul style="min-height:1.5em"><li><p style="min-height:1.5em">Maintain SOC 2 Type 2 and SOC 3 compliance programs including control evidence and audit support</p></li><li><p style="min-height:1.5em">Manage customer security questionnaires, audits, and penetration test coordination</p></li><li><p style="min-height:1.5em">Operate identity and access management (IAM) for both platform and customer environments</p></li><li><p style="min-height:1.5em">Drive vulnerability management across infrastructure, platform, and corporate IT</p></li><li><p style="min-height:1.5em">Investigate security incidents and lead incident response (IR)</p></li><li><p style="min-height:1.5em">Maintain security policies, standards, and operating procedures</p></li><li><p style="min-height:1.5em">Support customer security reviews and security-related contract negotiations</p></li><li><p style="min-height:1.5em">Coordinate with TAM on customer-specific security requirements</p></li><li><p style="min-height:1.5em">Manage security tooling (SIEM, EDR, vulnerability scanners, IAM/SSO)</p></li><li><p style="min-height:1.5em">Drive security awareness training and phishing programs across STN</p></li></ul><h3>Required qualifications</h3><ul style="min-height:1.5em"><li><p style="min-height:1.5em">5+ years in information security, GRC, or security engineering</p></li><li><p style="min-height:1.5em">Demonstrated SOC 2, ISO 27001, FedRAMP, or comparable compliance experience</p></li><li><p style="min-height:1.5em">Strong knowledge of cloud security, network security, IAM, and identity federation</p></li><li><p style="min-height:1.5em">CISSP, CISM, CCSP, or equivalent certification</p></li><li><p style="min-height:1.5em">Excellent written communication including audit narratives and policy authorship</p></li></ul><h3>Preferred qualifications</h3><ul style="min-height:1.5em"><li><p style="min-height:1.5em">Multi-tenant or service provider security background</p></li><li><p style="min-height:1.5em">HIPAA, PCI-DSS, CMMC, or government compliance experience</p></li><li><p style="min-height:1.5em">Hands-on technical security skills (cloud configuration audit, IR forensics)</p></li><li><p style="min-height:1.5em">Experience supporting AI/ML or data-sensitive customer workloads</p></li></ul>