Security and Compliance Engineer

Security and Compliance Engineer

Platform and software · shared across customers

Reports to: CISO (or VP, Security)

Location: Remote (US) or Pleasanton, CA (hybrid)

Department: Compliance & Security / Compliance

Position summary

The Security and Compliance Engineer owns security operations and compliance posture for the GPU One (GPUaaS) platform. The role maintains SOC 2 and SOC 3 programs, supports customer security requirements during sales and operations, and leads security incident response.

Key responsibilities

• Maintain SOC 2 Type 2 and SOC 3 compliance programs including control evidence and audit support

• Manage customer security questionnaires, audits, and penetration test coordination

• Operate identity and access management (IAM) for both platform and customer environments

• Drive vulnerability management across infrastructure, platform, and corporate IT

• Investigate security incidents and lead incident response (IR)

• Maintain security policies, standards, and operating procedures

• Support customer security reviews and security-related contract negotiations

• Coordinate with TAM on customer-specific security requirements

• Manage security tooling (SIEM, EDR, vulnerability scanners, IAM/SSO)

• Drive security awareness training and phishing programs across STN

Required qualifications

• 5+ years in information security, GRC, or security engineering

• Demonstrated SOC 2, ISO 27001, FedRAMP, or comparable compliance experience

• Strong knowledge of cloud security, network security, IAM, and identity federation

• CISSP, CISM, CCSP, or equivalent certification

• Excellent written communication including audit narratives and policy authorship

Preferred qualifications

• Multi-tenant or service provider security background

• HIPAA, PCI-DSS, CMMC, or government compliance experience

• Hands-on technical security skills (cloud configuration audit, IR forensics)

• Experience supporting AI/ML or data-sensitive customer workloads