Security & Compliance Engineer

Are you the kind of security professional who likes turning findings into fixes? Do you enjoy working across AWS, Linux, and compliance-driven environments to keep systems secure and practical? If so, you may be the perfect fit for Grant Street Group!

Grant Street Group is a growing company providing SaaS products in areas such as electronic payments, auctions, and tax collection. We’re looking for a hands-on Security & Compliance Engineer to help maintain and improve the operational security of our linux based systems and services across hybrid AWS and on-prem environments. This role focuses on vulnerability management, security log management, control monitoring, remediation tracking, audit support, and cross-team coordination.

What you’ll do

• Support the day-to-day security posture of systems and services across cloud and on-prem environments.

• Review vulnerability findings from scanners, penetration tests, and other assessments, and help drive remediation to closure.

• Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, monitoring, and incident readiness.

• Support compliance and assessment activities related to GovRAMP/FedRAMP, PCI DSS, internal reviews, and third-party examinations.

• Use AWS security tooling effectively, support day-to-day security processes, and help translate security and compliance requirements into practical, durable operational outcomes

• Maintain documentation, procedures, and other operational artifacts so they stay aligned with the environment and current control expectations.

What makes you a great fit?

• 3+ years of experience in security engineering, security operations, infrastructure security, or security compliance.

• Hands-on experience working in Linux-based production environments and securing Linux systems.

• Experience securing AWS environments and using services such as IAM, CloudTrail, GuardDuty, Security Hub, Config, Inspector, and KMS.

• Working knowledge of vulnerability management, configuration management, logging, monitoring, access control, and incident response practices.

• Scripting experience in Python, Bash, PowerShell, or similar for automation, security operations, and reporting tasks.

• Strong written and verbal communication skills, with the ability to move issues from discovery through remediation across multiple teams.

Experience with any of the following is a plus

• Experience supporting regulated or highly audited environments.

• Familiarity with GovRAMP, FedRAMP, PCI DSS, SOC examinations, or similar frameworks.

• Experience reviewing scanner output, penetration test findings, or security monitoring alerts and helping drive remediation.

• Familiarity with POA&M tracking, exception handling, and remediation coordination.

• Experience working across both cloud and legacy infrastructure.

• Comfort using AI tools responsibly to support workflows such as triage, investigation, scripting, documentation, and reporting.

• Experience with security data lakes, OCSF schema management, or security data transformation pipelines.

There is minimal travel: typically 2-3 weeks per year for on-site meetings. 

We reward teamwork, professional excellence, and individual responsibility. Using the best collaboration tools available, we offer a technology-rich work environment that makes it possible for us to support the needs of our employees. If you are passionate about your work, have an entrepreneurial spirit, and want to be on a team of exceptional professionals, this could be the opportunity you are looking for.

Expected Salary Range: $100,000 – $160,000/year