Original listing text, shown exactly as published by the company.
Your Impact
At DISCO, our cloud infrastructure and system control plane are the backbone that enables us to deliver cutting-edge solutions to our clients. As a Compliance Engineer on our growing DevOps team, you will be driving the implementation of our compliance requirements, as established by the Security and governance, risk, and compliance (GRC) stakeholders.
Your expertise will deliver enhancements to our system's reliability, scalability, security, and the overall success of our cloud-based solution development. By automating away the "audit burden" from our engineers your work will help shape our future cloud strategy while providing ironclad assurance to our partners within the business.
What you’ll Do
- Evidence Automation & Audit Stewardship: Serve as the Engineering technical contact for annual SOX, SOC2 Type II, and ISO-27001 audits while automating evidence collection into "Continuous Compliance" workflows with minimal disruption to engineering velocity.
- Infrastructure Governance: Work with DevOps Engineers to implement "Compliance as Code," establishing automated guardrails and performing internal reviews of infrastructure configurations.
- Access & Identity Management: Manage the technical lifecycle of user access, enforce Segregation of Duties (SoD), and review deprovisioning workflows to ensure compliance with security policies.
- Stakeholder Management: Support GRC teams by providing technical expertise during sales cycles, responding to RFPs, and maintaining the Security Trust Center and compliance documentation.
Who You Are
- Technical Compliance Expertise: A minimum of 5 years in a technical compliance, security, or DevOps-adjacent role, preferably within a SaaS environment.
- Framework Fluency: Strong understanding of key compliance frameworks, including SOX 404, ISO-27001, SOC2, and IT general controls (ITGC).
- DevOps & Cloud Proficiency: 2-4 years of hands-on experience in DevOps or Platform Engineering, specifically working with AWS, cloud-native applications, and automating deployment/scaling of containerized applications using Infrastructure as Code.
- Automation Focus: A desire and/or experience in leveraging compliance automation platforms (e.g., Anecdotes) to build and maintain automated evidence-gathering tools.
- Collaboration & Engineering Mindset: An engineering background with a preference for collaborative work, including mentoring others and partnering with cross-functional engineering teams to build and maintain highly performant systems.
Even Better If You Have…
- Exposure to and understanding of security and compliance frameworks such as FedRAMP, NIST 800-53, or CSRF.
- Experience building and managing PaaS (Platform as a Service) for internal development teams.
- Experience with Cloud Networking (VLAN, routing).
- Experience with other cloud platforms, specifically Azure and GCP.
- Familiarity with Windows Server and Administration (Active Directory, Group Policy Objects).
- Experience with ASP.NET Deployments (WebDeploy).
- General experience with Software Development and any tech stack.
Tech Stack
- Cloud Provider - AWS: EC2, Lambda, Aurora, Redshift, DynamoDB, ECS, EKS, SQS, SNS, Kinesis, S3, CloudFront, CloudFormation, KMS, CodePipeline, etc.
- CI/CD: Terraform, Docker, Jenkins, CodeDeploy, GitHub, Artifactory, HashiCorp Consul
- Observability: ELK Stack, OpenTelemetry, DataDog, New Relic, Sentry.io
- Programming Languages: Python, Bash, Kotlin
Authorization to Work in the U.S.: Candidates must be legally authorized to work in the United States without sponsorship now or in the future. DISCO is not currently sponsoring visas, including, but not limited to, H-1B, TN, or EAD, and we are not accepting visa transfers.
