Security GRC Automation Engineer

Company Overview

What You'll Do

We are hiring a Security Governance, Risk and Compliance (GRC) Automation Engineer to join our GRC Engineering team. This is a highly technical, hands-on engineering role responsible for building automation systems that deliver continuous security assurance and verifiable compliance at scale.

This is an individual contributor role reporting to the Senior Manager of GRC Engineering.

• Design, build, and maintain automation tooling and policy-as-code controls to enforce real-time security requirements across multi-cloud and on-prem environments

• Engineer and operate scalable data ingestion pipelines (Python/Go, cloud APIs) to collect, normalize, secure, and prove the integrity of compliance evidence

• Integrate compliance validation directly into CI/CD and IaC pipelines (e.g., Terraform, Ansible) to prevent drift and ensure continuously auditable control states

• Configure and extend GRC platforms (e.g., ServiceNow GRC) to support real-time control visibility and automatic evidence mapping

• Translate security, regulatory and compliance requirements into actionable, specific and testable technical controls

• Perform automated and targeted configuration audits to verify alignment against frameworks such as ISO 27001, NIST CSF, and PCI-DSS

• Partner closely with Cloud, Platform, and Security Engineering teams to drive consistent, scalable control implementations

Job Designation

What You Bring

• 5+ years in Security Engineering, Automation, or highly technical GRC roles

• Bachelor’s or Master's degree in a relevant technical field (Computer Science, IT, Security, Software/Computer Engineering)

• Expert programming skills in Python or Go for developing production-level security and automation tools

• Deep experience using Azure, GCP, AWS SDKs and APIs for automated evidence and configuration retrieval

• Proven success building continuous monitoring, compliance drift detection, and automated evidence collection pipelines

• Practical experience integrating security validation and compliance checks into CI/CD pipelines and IaC tooling (Terraform, Ansible, etc.)

• Experience configuring or integrating with enterprise GRC platforms (e.g., ServiceNow GRC, AuditBoard)

• Strong ability to analyze complex data, communicate findings clearly, and produce high-quality technical documentation

• Familiarity with Policy-as-Code and declarative enforcement (e.g., Rego/OPA, Sentinel)

• Relevant industry certifications (e.g., CISSP, AWS Security Specialty)

• Experience with emerging AI-driven automation (LLM APIs, autonomous agents, workflow orchestration)

• Working knowledge of major frameworks: PCI-DSS, ISO 27001, OWASP, NIST CSF 2 / 800-53

Life At Docusign

Our global benefits