Senior Compliance Engineer

Location: US

Level: Senior Individual Contributor

Team: Engineering

The Opportunity

Most compliance engineers gather requirements and hand them to engineering. This is not that role.

Terzo processes some of the most sensitive commercial data in the enterprise world including contracts, financials, vendor relationships, legal obligations for Fortune 500 customers who expect SOC 2, ISO 27001, CMMC, and GDPR compliance as table stakes. As the platform scales and our AI systems operate with increasing autonomy, compliance can't be a gate that sits outside engineering. It has to be built into the infrastructure by someone who can build infrastructure.

You will interpret and implement regulatory frameworks by writing code, building automation, configuring cloud security controls, and standing up continuous monitoring systems. Half your time is building. Half your time is managing compliance operations. This is a builder-first role.

You might thrive in this role if you have

• 5+ years of experience spanning both software engineering and compliance/security where you've written production code and you've navigated regulatory frameworks
• Deep understanding of enterprise compliance frameworks (SOC 2, ISO 27001, CMMC, GDPR, NIST 800-53) and how they translate into engineering controls
• Proficiency in Python or similar scripting languages, with experience building automation for compliance workflows
• Hands-on experience with cloud security configuration and infrastructure-as-code (Terraform, Azure Policy, AWS Config, or similar)
• Comfort interpreting ambiguous regulatory requirements and making pragmatic engineering decisions about how to implement them
• Understanding of cloud infrastructure and distributed systems well enough to assess where compliance gaps live
• Clear communication that bridges security, engineering, and business stakeholders where you can explain a control to an auditor and implement it the same day
• High ownership mentality - you don't file tickets for compliance gaps, you close them

You could be an especially great fit if you have

• Prior work in a hybrid engineering/compliance role where you both defined and implemented security controls
• Experience building compliance automation at scale including continuous monitoring, automated evidence generation, policy-as-code
• Background with CMMC Level 2 certification processes or FedRAMP authorization
• Experience securing AI/ML systems or data platforms where model access, data lineage, and processing boundaries carry compliance implications
• Familiarity with Azure security architecture (Azure Policy, Defender, Key Vault, Entra ID)
• Prior work at a high-growth startup where you built the compliance program from the ground up, not just maintained one
• Experience working directly with enterprise customers on security reviews, vendor assessments, and audit responses